Guten Abend.

Habe mich gerade erst hier registriert und schon fange ich an euch zu quälen :S.
Vorweg muss ich gleich zu beginn gestehen dass ich ein Computerbanause bin. Habe mir hier mal durchgelesen was es zu tun gibt bevor ich ein Problem melde und hoffe, dass ich dem zu genüge nachkomme.

Ich habe seit heute Vormittag das Problem, dass sich permanent neue Tabs im Firefox öffnen. Dachte mir da anfangs noch nichts bis mir dann auffiehl, dass auch häufig downloads fehlschlagen. zudem kommt noch hinzu dass mein Microsoft Security Center nicht mehr standartmößig startet und wenn ich es dann starte, hat es keine Verbindung zu "Viren und Malewarescan".

Auf meinem PC läuft Windows 7 und es ist ein 64bit System. Intel i5 und nutze eine Lan Verbindung. Keine Ahnung ob ich sowas angeben soll, aber schaden wird es hoffentlich nicht. Hier die 3 Log-Files:


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:47 on 17/03/2014 (Patrick)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Patrick at 2014-03-17 22:48:49
Running from E:\Benutzer\Patrick\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DDS Thumbnail Viewer (HKLM-x32\...\{2205B8AE-490E-43F2-AB43-C13C2BEC86A7}) (Version: 1.00.000 - )
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BED39C88-768C-4345-BF11-58436C984F2A}) (Version: - Microsoft)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GRID 2 Incl. All DLCs MULTI-8 v.1.0.85.8679 (HKLM-x32\...\GRID 2 Incl. All DLCs MULTI-8 v.1.0.85.8679) (Version: - )
GTR 2 1.0.0.0 (HKLM-x32\...\{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1) (Version: v1.0.0.0 - 10tacle Studios Publishing AG)
GTR Evolution (HKLM-x32\...\GTR Evolution_1.1.1.2_is1) (Version: - SimBin)
HLSW v1.4.0.2 (HKLM-x32\...\HLSW_is1) (Version: - Stripf Software)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
KaloMa 5.00beta20100607 (HKLM-x32\...\KaloMa_is1) (Version: - Frank Böpple)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MoTeC i2 Pro (HKLM-x32\...\{D5ABB8E2-2417-43C2-AB32-911697B5E00A}) (Version: 2.00.0994 - MoTeC)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA DDS Utilities (HKLM-x32\...\{64963F0E-03F2-4B59-8D1B-1806545E7092}) (Version: 1.0 - )
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Photoshop Plug-ins (HKLM-x32\...\{23F79416-CAD1-41BF-99A3-040F6C814AAA}) (Version: 8.50 - )
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3489 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA Texture Tools 2 - 64 bit (HKLM-x32\...\{65C967FA-29D8-4A5F-99C5-BC9AF1F8F9D2}) (Version: 2.0 - )
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
OTPService (HKLM-x32\...\{B05F7750-8800-4520-9732-9C841246C8E2}_is1) (Version: 1.0.004 - MSI)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.208 - Qualcomm Atheros Communications)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6823 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SkyTest® Trainingssoftware für Fluglotsen-Eignungstests (HKLM-x32\...\SkyTest® Trainingssoftware für Fluglotsen-Eignungstests_is1) (Version: - SkyTest®)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
TrackMania United (HKLM-x32\...\Steam App 7200) (Version: - Nadeo)
UltraISO Premium V9.6 (HKLM-x32\...\UltraISO_is1) (Version: - )
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (HKLM\...\{90150000-0015-0407-1000-0000000FF1CE}_Office15.PROPLUS_{47F15B72-AB15-4B81-BDB8-28B204596EB7}) (Version: - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{614E655F-A0ED-435A-8E0C-A81EE4BA7BC7}) (Version: - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E759A69-FA72-4B3C-BE2F-D1194764D31E}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{237834D6-FA98-44E1-8739-ABD56DDADC59}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{79469196-F138-4CF0-8681-F1889D53B56B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FEFF9FF6-FF61-455E-A8CC-3A1311A657AD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3FF4EA9F-3505-4726-A974-6593A968FFCC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9406D70B-2D9C-4613-A75A-F35B66BA8AFA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA390537-AA88-450F-A240-5FB4648A124A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C8D57F4A-0824-4043-89E7-3C6280B67A47}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AC4470FB-8011-4F16-B5D4-E0A34DE10C87}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D8B3D175-48B8-413F-8484-4D81E744B51C}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{526C9E5A-A734-4DC0-B829-ED1CDE793C6B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8587E5B1-6279-4396-B9AC-20B334F4FF88}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{30C13416-B124-46AB-9E44-96CEFFA893F9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C809B1D6-BD31-4496-BCFE-4567E0854F5F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4FD8F672-3206-469C-B9F0-D6E72F7ACAB2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{1A789784-5825-4B26-BB57-71FF7D3484CB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{856D47BC-036C-4692-8702-D6CCA8F428D0}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F33ABF6A-3007-47E8-8E38-506A18E54641}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B38036CB-BAF6-41D4-8810-FD016453ABB9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2A286156-257B-4528-9DB5-B4D4D53211BC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.PROPLUS_{B5E3E636-7913-4775-BC9B-E4B56F4ED73B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{92833C80-DC88-4A22-8630-407F810EF57B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{602346D6-8E2F-4B0E-820A-CD62AC5B0DC9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}_Office15.PROPLUS_{869B93B9-E75A-44DE-8AC5-A030A7A21FDD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F2187E8D-C68A-4655-8551-1932878A5581}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9353CD85-4B19-45C4-8DBA-1391926351F6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9353CD85-4B19-45C4-8DBA-1391926351F6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6EE51F51-57B1-4DC7-96C2-857DB7F0BE93}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0A90C645-3F9A-4CF9-BF62-2609602E3DAB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3A48DE63-607B-4FEA-A862-B52669C4433C}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4B559C7-AA71-4B77-ACA3-50BEA8B4241B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{34F51E79-0110-4B49-A245-81319F58453E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4B559C7-AA71-4B77-ACA3-50BEA8B4241B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{000791D2-642D-418E-A3E9-96E72D8C67B8}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{000791D2-642D-418E-A3E9-96E72D8C67B8}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CF6FBF49-BE22-4B98-9D7D-CB2A3236BC44}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{05D8C7F6-9A93-4925-B2B3-7D6507AD2FC9}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CF6FBF49-BE22-4B98-9D7D-CB2A3236BC44}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF3798F3-F45C-44DA-83B7-229A9EBC9654}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{DAEE93F9-D258-45E4-AFD3-12AC5ED04693}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6FF949A3-1C3F-41C2-9464-933E885ECB53}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{CA014CB4-B26F-4D27-BF26-C994CC3428E5}) (Version: - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BBD4F4CE-65D4-4CEB-AE19-E5296A57AA6C}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2837C624-A972-43CF-BCE5-0AE2EFED72E3}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E9172003-60C1-447B-9569-7AA9FADE26B0}) (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A3417E9E-5B94-4BFF-AAA4-933B1AE46306}) (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A3417E9E-5B94-4BFF-AAA4-933B1AE46306}) (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUS_{AAB7E20E-E896-495E-AD19-1A0EF515DCED}) (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{AAB7E20E-E896-495E-AD19-1A0EF515DCED}) (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F16E7B82-23FE-4054-AB73-EAE53965251C}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D1F1940B-94DF-4DCB-BF82-9530D7FBB1BF}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{A96FBD56-0376-465E-8A60-7E73B9C51658}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{A96FBD56-0376-465E-8A60-7E73B9C51658}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{A96FBD56-0376-465E-8A60-7E73B9C51658}) (Version: - Microsoft)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points =========================

12-03-2014 20:56:15 Windows Update
12-03-2014 21:58:14 Windows Update
13-03-2014 17:32:57 Installed MoTeC i2 Pro.
13-03-2014 17:52:31 Windows Update
17-03-2014 09:43:10 Windows Modules Installer
17-03-2014 10:41:47 DirectX wurde installiert
17-03-2014 13:25:37 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {0ADD71A4-93DE-45DD-8593-CEB1811C3362} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Patrick-PC-Patrick Patrick-PC => E:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-09-10] (Microsoft Corporation)
Task: {983B36C0-7AEE-4374-83C5-FA4BB9062996} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-17] (Adobe Systems Incorporated)
Task: {B51570BD-7BC5-4F7A-A900-7BFE55BA71D6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-12-21 10:24 - 2014-02-08 18:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-18 05:12 - 2012-04-12 19:59 - 00252432 _____ () C:\Program Files (x86)\MSI\OTPService\OTPService.exe
2013-12-20 14:29 - 2013-12-20 14:29 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-17 09:53 - 2014-02-13 01:52 - 05861376 _____ () C:\{$7093-3599-3146-6724$}\winreg.exe
2012-08-31 16:44 - 2012-08-31 16:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-31 16:38 - 2012-08-31 16:38 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-14 13:52 - 2014-02-14 13:52 - 03578992 _____ () E:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Atheros AR9271 Wireless Network Adapter
Description: Atheros AR9271 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athur
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2014 10:48:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 10:35:21 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Professional Plus 2013; Fehler = 0x8007043c).

Error: (03/17/2014 10:35:03 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Professional Plus 2013; Fehler = 0x8007043c).

Error: (03/17/2014 10:31:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 10:20:45 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <4, 0xc0041800, Fehler beim Hinzufügen des Projekts: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (03/17/2014 10:20:45 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/17/2014 10:20:45 PM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/17/2014 10:20:45 PM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))

Error: (03/17/2014 10:20:45 PM) (Source: ESENT) (User: )
Description: Windows (4284) Windows: Neue Protokolldatei konnte nicht erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1811.

Error: (03/17/2014 10:20:45 PM) (Source: ESENT) (User: )
Description: Windows (4284) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log" nach "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log" zu verschieben, ist mit Systemfehler 2 (0x00000002): "Das System kann die angegebene Datei nicht finden. " fehlgeschlagen. Fehler -1811 (0xfffff8ed) beim Verschieben von Dateien.


System errors:
=============
Error: (03/17/2014 10:46:58 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/17/2014 10:46:58 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/17/2014 10:46:57 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/17/2014 10:46:55 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/17/2014 10:46:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Microsoft-Netzwerkinspektion" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/17/2014 10:46:54 PM) (Source: Microsoft Antimalware) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

Feature: %%886

Fehlercode: 0x80070002

Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden.

Grund: %%892

Error: (03/17/2014 10:46:53 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/17/2014 10:46:52 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/17/2014 10:39:19 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

Neue Signaturversion:

Vorherige Signaturversion: 1.167.2092.0

Aktualisierungsquelle: %NT-AUTORITÄT59

Aktualisierungsphase: 4.4.0304.00

Quellpfad: 4.4.0304.01

Signaturtyp: %NT-AUTORITÄT602

Aktualisierungstyp: %NT-AUTORITÄT604

Benutzer: NT-AUTORITÄT\SYSTEM

Aktuelle Modulversion: %NT-AUTORITÄT605

Vorherige Modulversion: %NT-AUTORITÄT606

Fehlercode: %NT-AUTORITÄT607

Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (03/17/2014 10:35:03 PM) (Source: DCOM) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}


Microsoft Office Sessions:
=========================
Error: (03/17/2014 10:48:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 10:35:21 PM) (Source: System Restore)(User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20130x8007043c

Error: (03/17/2014 10:35:03 PM) (Source: System Restore)(User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20130x8007043c

Error: (03/17/2014 10:31:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 10:20:45 PM) (Source: Windows Search Service)(User: )
Description: 40xc0041800Fehler beim Hinzufügen des Projekts: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/17/2014 10:20:45 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (03/17/2014 10:20:45 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (03/17/2014 10:20:45 PM) (Source: Windows Search Service)(User: )
Description:
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))

Error: (03/17/2014 10:20:45 PM) (Source: ESENT)(User: )
Description: Windows4284Windows: -1811

Error: (03/17/2014 10:20:45 PM) (Source: ESENT)(User: )
Description: Windows4284Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.logC:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log-1811 (0xfffff8ed)2 (0x00000002)Das System kann die angegebene Datei nicht finden.


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 16329.78 MB
Available physical RAM: 14262.54 MB
Total Pagefile: 32657.73 MB
Available Pagefile: 30406.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:48.47 GB) NTFS
Drive e: () (Fixed) (Total:372.61 GB) (Free:85.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 86E2C739)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=373 GB) - (Type=42)

==================== End Of Log ============================




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Patrick (administrator) on PATRICK-PC on 17-03-2014 22:48:33
Running from E:\Benutzer\Patrick\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\MSI\OTPService\OTPService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(TeamViewer GmbH) E:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\{$7093-3599-3146-6724$}\winreg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Apple Inc.) E:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WScript.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6963272 2013-01-15] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-31] (Atheros Communications)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-08-31] (Qualcomm Atheros)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [RUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iTunesHelper] - E:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Windows Registry] - C:\{$7093-3599-3146-6724$}\winreg.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
HKU\S-1-5-21-3464895135-2213791737-1334037653-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-3464895135-2213791737-1334037653-1000\...\CurrentVersion\Windows: [Load] C:\{$7093-3599-3146-6724$}\winreg.exe <===== ATTENTION
HKU\S-1-5-21-3464895135-2213791737-1334037653-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
IFEO\avcenter.exe: [Debugger] nsjw.exe
IFEO\avguard.exe: [Debugger] nsjw.exe
IFEO\avp.exe: [Debugger] nsjw.exe
IFEO\bdagent.exe: [Debugger] nsjw.exe
IFEO\ccuac.exe: [Debugger] nsjw.exe
IFEO\ComboFix.exe: [Debugger] nsjw.exe
IFEO\egui.exe: [Debugger] nsjw.exe
IFEO\hijackthis.exe: [Debugger] nsjw.exe
IFEO\keyscrambler.exe: [Debugger] nsjw.exe
IFEO\mbam.exe: [Debugger] nsjw.exe
IFEO\NisSrv.exe: [Debugger] nsjw.exe
IFEO\spybotsd.exe: [Debugger] nsjw.exe
IFEO\wireshark.exe: [Debugger] nsjw.exe
IFEO\zlclient.exe: [Debugger] nsjw.exe
InternetURL: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Registry.url -> 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7F8DFD71A9FBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {4FC8E392-66B7-44FC-8F7D-618CE89C1E88} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10871
SearchScopes: HKCU - {6776F026-253B-48A8-BE22-897FA4886E8B} URL = hxxp://search.findwide.com/serp?guid={666B3E8C-58E8-4170-BD1F-EA97304322A3}&action=default_search&serpv=22&k={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - E:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {E8166F43-08B6-4CD6-A9AD-2416AE687F4E} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ofu6ir9g.default
FF user.js: detected! => C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ofu6ir9g.default\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF SearchEngineOrder.1: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - E:\PROGRA~4\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - E:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - E:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: DownloadHelper [AU] - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ofu6ir9g.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-19]
FF Extension: YouTube High Definition - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ofu6ir9g.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-01-26]
FF Extension: Adblock Plus - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ofu6ir9g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-20]
FF StartMenuInternet: FIREFOX.EXE - e:\program files (x86)\mozilla firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-08-31] (Qualcomm Atheros Commnucations)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MSI_OTPService; C:\Program Files (x86)\MSI\OTPService\OTPService.exe [252432 2012-04-12] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-20] ()
R2 TeamViewer9; E:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [5341536 2013-12-17] (TeamViewer GmbH)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-31] (Qualcomm Atheros)
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-16] ()
R1 ISODrive; E:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [40464 2009-08-05] (CACE Technologies)
S3 NPF; C:\Windows\SysWOW64\drivers\npf.sys [34064 2009-08-05] (CACE Technologies)
R3 NTIOLib_1_0_T; C:\Program Files (x86)\MSI\OTPService\NTIOLib_X64.sys [14136 2009-10-06] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-17 22:48 - 2014-03-17 22:48 - 00000000 ____D () C:\FRST
2014-03-17 22:47 - 2014-03-17 22:47 - 00000000 ___RD () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-17 22:47 - 2014-03-17 22:47 - 00000000 _____ () C:\Users\Patrick\defogger_reenable
2014-03-17 14:24 - 2014-03-17 14:35 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Sony
2014-03-17 11:45 - 2014-02-24 16:59 - 12296192 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-17 11:45 - 2014-02-24 16:59 - 09075712 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-17 11:45 - 2014-02-24 16:59 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-17 11:45 - 2014-02-24 16:59 - 01495040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-17 11:45 - 2014-02-24 16:59 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-17 11:45 - 2014-02-24 16:59 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-17 11:45 - 2014-02-24 16:59 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-17 11:45 - 2014-02-24 16:59 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-17 11:45 - 2014-02-24 16:59 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-17 11:45 - 2014-02-24 16:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-17 11:45 - 2014-02-24 16:35 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-17 11:45 - 2014-02-24 16:35 - 06041088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-17 11:45 - 2014-02-24 16:35 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-17 11:45 - 2014-02-24 16:35 - 01232896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-17 11:45 - 2014-02-24 16:35 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-17 11:45 - 2014-02-24 16:35 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-17 11:45 - 2014-02-24 16:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-17 11:45 - 2014-02-24 16:35 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-17 11:45 - 2014-02-24 16:35 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-17 11:45 - 2014-02-24 16:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-17 11:45 - 2014-02-24 15:01 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-17 11:45 - 2014-02-24 14:39 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-17 11:45 - 2013-12-10 03:28 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-17 11:45 - 2013-12-10 03:02 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-17 10:48 - 2012-06-16 06:15 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-17 10:48 - 2012-06-16 05:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-17 10:44 - 2014-03-17 10:44 - 00001421 _____ () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-17 09:55 - 2014-03-17 09:55 - 00000519 _____ () C:\Users\Patrick\AppData\Roaming\setting.ini
2014-03-17 09:54 - 2014-03-17 22:48 - 00139456 _____ () C:\Users\Patrick\AppData\Roaming\msconfig.ini
2014-03-17 09:54 - 2014-03-17 10:11 - 00000000 ___HD () C:\{$7093-3599-3146-6724$}
2014-03-17 09:54 - 2014-03-17 09:54 - 07651328 _____ (GetFLV) C:\Users\Patrick\AppData\Roaming\GetFLV.exe
2014-03-17 09:54 - 2014-03-17 09:54 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\tmp
2014-03-17 09:53 - 2014-02-13 01:52 - 05861376 __RSH (Apple Inc.) C:\ProgramData\575533705.exe
2014-03-17 09:47 - 2014-03-17 09:47 - 00000000 ____D () C:\Users\Patrick\Documents\Wondershare Player
2014-03-17 09:46 - 2014-03-17 09:46 - 00000000 ____D () C:\Users\Patrick\Documents\Wondershare Streaming Video Recorder
2014-03-17 09:46 - 2009-08-05 17:30 - 00240248 _____ (CACE Technologies) C:\Windows\SysWOW64\wpcap.dll
2014-03-17 09:46 - 2009-08-05 17:30 - 00240248 _____ (CACE Technologies) C:\Windows\system32\wpcap.dll
2014-03-17 09:46 - 2009-08-05 17:30 - 00088704 _____ (CACE Technologies) C:\Windows\SysWOW64\Packet.dll
2014-03-17 09:46 - 2009-08-05 17:30 - 00088704 _____ (CACE Technologies) C:\Windows\system32\Packet.dll
2014-03-17 09:46 - 2009-08-05 17:30 - 00053299 _____ () C:\Windows\SysWOW64\pthreadVC.dll
2014-03-17 09:46 - 2009-08-05 17:30 - 00053299 _____ () C:\Windows\system32\pthreadVC.dll
2014-03-17 09:46 - 2009-08-05 17:30 - 00040464 _____ (CACE Technologies) C:\Windows\system32\Drivers\npf.sys
2014-03-17 09:46 - 2009-08-05 17:30 - 00034064 _____ (CACE Technologies) C:\Windows\SysWOW64\Drivers\npf.sys
2014-03-15 15:47 - 2014-03-15 15:47 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-03-13 21:41 - 2014-03-13 21:41 - 00000000 ____D () C:\Program Files\MoTeC
2014-03-13 21:39 - 2014-03-13 21:39 - 00000000 ____D () C:\ProgramData\MoTeC
2014-03-13 21:39 - 2014-03-13 21:39 - 00000000 ____D () C:\MoTeC
2014-03-13 18:32 - 2014-03-13 18:32 - 00000000 ____D () C:\Users\Patrick\AppData\Local\Downloaded Installations
2014-03-13 09:15 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 09:15 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 09:15 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 09:15 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 09:14 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 09:14 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 09:14 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 09:14 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-09 20:25 - 2014-03-09 20:25 - 00000000 ____D () C:\Program Files\Logitech
2014-03-09 20:13 - 2014-03-09 20:13 - 00000000 ____D () C:\Users\Patrick\AppData\Local\Logitech
2014-03-09 20:07 - 2014-03-09 20:07 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2014-03-08 15:36 - 2014-03-08 15:36 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2014-03-08 10:32 - 2014-03-08 10:32 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-08 10:32 - 2014-02-08 17:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-08 10:31 - 2014-02-08 19:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-08 10:31 - 2014-02-08 19:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-08 10:31 - 2014-02-08 19:34 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-05 21:22 - 2014-03-05 21:22 - 00053248 _____ () C:\Windows\SysWOW64\nvTextureToolsUtil.dll
2014-03-04 16:08 - 2014-03-05 21:22 - 00151552 _____ () C:\Windows\SysWOW64\nvRegDev.dll
2014-03-04 16:08 - 2014-03-05 21:22 - 00040960 _____ () C:\Windows\SysWOW64\nvISWOW64.dll
2014-03-04 16:08 - 2014-03-05 21:20 - 00061440 _____ () C:\Windows\SysWOW64\nvPhotoshopUtil.dll
2014-03-04 16:07 - 2002-08-15 10:11 - 00344064 ____R (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2014-03-04 16:07 - 2002-01-05 03:40 - 00487424 ____R (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll
2014-02-26 23:47 - 2014-02-26 23:49 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grid 2
2014-02-26 15:00 - 2014-02-27 10:58 - 00000000 ____D () C:\ProgramData\Steam
2014-02-26 15:00 - 2014-02-26 15:00 - 00000000 ____D () C:\Users\Patrick\Documents\My Games
2014-02-26 15:00 - 2014-02-26 15:00 - 00000000 ____D () C:\ProgramData\Codemasters
2014-02-26 14:56 - 2014-03-17 11:44 - 00052767 _____ () C:\Windows\DirectX.log
2014-02-24 10:47 - 2014-02-08 19:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-24 10:47 - 2014-02-08 19:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-19 10:53 - 2014-03-17 10:52 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\SkyTestATC1
2014-02-19 10:53 - 2008-02-06 19:31 - 01019904 _____ (Conaito) C:\Windows\SysWOW64\EvoVoIP.ocx
2014-02-19 10:53 - 2004-08-04 05:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVBVM50.DLL
2014-02-19 10:53 - 2004-08-04 05:00 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dx8vb.dll
2014-02-19 10:53 - 2002-12-20 15:02 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-02-19 10:53 - 2000-10-02 00:00 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-02-19 10:53 - 2000-05-23 22:45 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-02-19 10:53 - 1999-05-07 00:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.OCX
2014-02-19 10:53 - 1999-01-25 20:30 - 00026624 _____ (Jan Krumsiek) C:\Windows\SysWOW64\JKJoystick2.ocx
2014-02-19 10:53 - 1998-07-06 00:00 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-02-19 10:53 - 1998-06-24 01:00 - 00609584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCTL32.OCX
2014-02-19 10:53 - 1998-06-24 01:00 - 00108336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWINSCK.OCX
2014-02-18 01:48 - 2014-03-17 09:26 - 00005088 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Patrick-PC-Patrick Patrick-PC
2014-02-15 10:47 - 2014-03-17 22:47 - 00028818 _____ () C:\Windows\setupact.log
2014-02-15 10:47 - 2014-03-17 10:11 - 00002128 _____ () C:\Windows\PFRO.log
2014-02-15 10:47 - 2014-02-15 10:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-15 10:35 - 2014-02-15 10:35 - 00000000 ____D () C:\Windows\system32\log
2014-02-15 10:35 - 2014-02-15 10:35 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\eCyber
2014-02-15 10:34 - 2014-02-15 10:45 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\iSafe

==================== One Month Modified Files and Folders =======

2014-03-17 22:48 - 2014-03-17 22:48 - 00000000 ____D () C:\FRST
2014-03-17 22:48 - 2014-03-17 09:54 - 00139456 _____ () C:\Users\Patrick\AppData\Roaming\msconfig.ini
2014-03-17 22:47 - 2014-03-17 22:47 - 00000000 ___RD () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-17 22:47 - 2014-03-17 22:47 - 00000000 _____ () C:\Users\Patrick\defogger_reenable
2014-03-17 22:47 - 2014-02-15 10:47 - 00028818 _____ () C:\Windows\setupact.log
2014-03-17 22:47 - 2013-12-18 04:56 - 00000000 ___RD () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-17 22:47 - 2013-12-18 04:56 - 00000000 ____D () C:\Users\Patrick
2014-03-17 22:46 - 2013-12-21 10:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-17 22:39 - 2013-12-18 04:56 - 01744473 _____ () C:\Windows\WindowsUpdate.log
2014-03-17 22:35 - 2013-12-19 12:11 - 00000000 ____D () C:\Users\Patrick\Documents\Outlook-Dateien
2014-03-17 22:33 - 2011-04-12 08:43 - 00703092 _____ () C:\Windows\system32\perfh007.dat
2014-03-17 22:33 - 2011-04-12 08:43 - 00150676 _____ () C:\Windows\system32\perfc007.dat
2014-03-17 22:33 - 2009-07-14 06:13 - 01629572 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-17 14:42 - 2009-07-14 05:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-17 14:42 - 2009-07-14 05:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-17 14:36 - 2013-12-19 17:04 - 00000000 ____D () C:\Users\Patrick\AppData\Local\CrashDumps
2014-03-17 14:35 - 2014-03-17 14:24 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Sony
2014-03-17 13:52 - 2014-01-04 23:13 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\vlc
2014-03-17 11:44 - 2014-02-26 14:56 - 00052767 _____ () C:\Windows\DirectX.log
2014-03-17 11:01 - 2013-12-19 12:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-17 11:01 - 2013-12-19 12:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-17 11:01 - 2013-12-19 12:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-17 10:52 - 2014-02-19 10:53 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\SkyTestATC1
2014-03-17 10:44 - 2014-03-17 10:44 - 00001421 _____ () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-17 10:44 - 2013-12-18 04:56 - 00001455 _____ () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-17 10:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-17 10:11 - 2014-03-17 09:54 - 00000000 ___HD () C:\{$7093-3599-3146-6724$}
2014-03-17 10:11 - 2014-02-15 10:47 - 00002128 _____ () C:\Windows\PFRO.log
2014-03-17 09:55 - 2014-03-17 09:55 - 00000519 _____ () C:\Users\Patrick\AppData\Roaming\setting.ini
2014-03-17 09:54 - 2014-03-17 09:54 - 07651328 _____ (GetFLV) C:\Users\Patrick\AppData\Roaming\GetFLV.exe
2014-03-17 09:54 - 2014-03-17 09:54 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\tmp
2014-03-17 09:47 - 2014-03-17 09:47 - 00000000 ____D () C:\Users\Patrick\Documents\Wondershare Player
2014-03-17 09:46 - 2014-03-17 09:46 - 00000000 ____D () C:\Users\Patrick\Documents\Wondershare Streaming Video Recorder
2014-03-17 09:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2014-03-17 09:26 - 2014-02-18 01:48 - 00005088 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Patrick-PC-Patrick Patrick-PC
2014-03-17 09:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-15 15:47 - 2014-03-15 15:47 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-03-15 15:47 - 2013-12-18 23:01 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Adobe
2014-03-13 21:41 - 2014-03-13 21:41 - 00000000 ____D () C:\Program Files\MoTeC
2014-03-13 21:39 - 2014-03-13 21:39 - 00000000 ____D () C:\ProgramData\MoTeC
2014-03-13 21:39 - 2014-03-13 21:39 - 00000000 ____D () C:\MoTeC
2014-03-13 21:31 - 2009-07-14 05:45 - 04985656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 18:52 - 2013-12-19 12:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 18:52 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-03-13 18:32 - 2014-03-13 18:32 - 00000000 ____D () C:\Users\Patrick\AppData\Local\Downloaded Installations
2014-03-13 09:10 - 2014-02-11 15:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 09:10 - 2014-02-11 15:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 13:05 - 2013-12-19 12:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-09 20:25 - 2014-03-09 20:25 - 00000000 ____D () C:\Program Files\Logitech
2014-03-09 20:13 - 2014-03-09 20:13 - 00000000 ____D () C:\Users\Patrick\AppData\Local\Logitech
2014-03-09 20:07 - 2014-03-09 20:07 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2014-03-08 15:36 - 2014-03-08 15:36 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2014-03-08 10:32 - 2014-03-08 10:32 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-08 10:32 - 2013-12-18 05:20 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-08 10:28 - 2013-12-20 09:36 - 00000000 ____D () C:\ProgramData\Origin
2014-03-05 22:28 - 2013-12-18 05:18 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-05 22:28 - 2013-12-18 05:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-05 21:22 - 2014-03-05 21:22 - 00053248 _____ () C:\Windows\SysWOW64\nvTextureToolsUtil.dll
2014-03-05 21:22 - 2014-03-04 16:08 - 00151552 _____ () C:\Windows\SysWOW64\nvRegDev.dll
2014-03-05 21:22 - 2014-03-04 16:08 - 00040960 _____ () C:\Windows\SysWOW64\nvISWOW64.dll
2014-03-05 21:20 - 2014-03-04 16:08 - 00061440 _____ () C:\Windows\SysWOW64\nvPhotoshopUtil.dll
2014-02-27 10:58 - 2014-02-26 15:00 - 00000000 ____D () C:\ProgramData\Steam
2014-02-26 23:49 - 2014-02-26 23:47 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grid 2
2014-02-26 15:00 - 2014-02-26 15:00 - 00000000 ____D () C:\Users\Patrick\Documents\My Games
2014-02-26 15:00 - 2014-02-26 15:00 - 00000000 ____D () C:\ProgramData\Codemasters
2014-02-24 16:59 - 2014-03-17 11:45 - 12296192 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-24 16:59 - 2014-03-17 11:45 - 09075712 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-24 16:59 - 2014-03-17 11:45 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-24 16:59 - 2014-03-17 11:45 - 01495040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-24 16:59 - 2014-03-17 11:45 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-24 16:59 - 2014-03-17 11:45 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-24 16:59 - 2014-03-17 11:45 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-24 16:59 - 2014-03-17 11:45 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-24 16:59 - 2014-03-17 11:45 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-24 16:59 - 2014-03-17 11:45 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-24 16:35 - 2014-03-17 11:45 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-24 16:35 - 2014-03-17 11:45 - 06041088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-24 16:35 - 2014-03-17 11:45 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-24 16:35 - 2014-03-17 11:45 - 01232896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-24 16:35 - 2014-03-17 11:45 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-24 16:35 - 2014-03-17 11:45 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-24 16:35 - 2014-03-17 11:45 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-24 16:35 - 2014-03-17 11:45 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-24 16:35 - 2014-03-17 11:45 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-24 16:35 - 2014-03-17 11:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-24 15:01 - 2014-03-17 11:45 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-24 14:39 - 2014-03-17 11:45 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-17 16:55 - 2013-12-21 10:31 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 16:55 - 2013-12-21 10:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 10:47 - 2014-02-15 10:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-15 10:45 - 2014-02-15 10:34 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\iSafe
2014-02-15 10:35 - 2014-02-15 10:35 - 00000000 ____D () C:\Windows\system32\log
2014-02-15 10:35 - 2014-02-15 10:35 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\eCyber
2014-02-15 10:25 - 2013-12-19 11:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Files to move or delete:
====================
C:\ProgramData\575533705.exe
C:\Users\Patrick\AppData\Roaming\msconfig.ini


Some content of TEMP:
====================
C:\Users\Patrick\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Patrick\AppData\Local\Temp\NVI2_29.DLL
C:\Users\Patrick\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Patrick\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Patrick\AppData\Local\Temp\nvStInst.exe
C:\Users\Patrick\AppData\Local\Temp\vlc-2.1.3-win64.exe
C:\Users\Patrick\AppData\Local\Temp\vlc-2.1.4-win64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 17:13

==================== End Of Log ============================



GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-17 22:55:18
Windows 6.1.7601 Service Pack 1 x64
Running: Gmer-19357.exe


---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2cd05a920cc1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2cd05a920cc1@c88447117f1f 0x12 0x4C 0xD5 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2cd05a920cc1@28e7cf5050c9 0x81 0xB8 0x1F 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2cd05a920cc1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2cd05a920cc1@c88447117f1f 0x12 0x4C 0xD5 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2cd05a920cc1@28e7cf5050c9 0x81 0xB8 0x1F 0x01 ...

---- EOF - GMER 2.1 ----



Ich bin echt Ratlos und wäre euch sehr verbunden wenn ihr mir da weiterhelfen könnt :/.


Bedanke mich im Vorraus für eure Anstregung und wünsche noch einen schönen Abend.

LG

Slater

Hi,

Zitat:

Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Win7 Ultimate, Office Pro Plus und Photoshop CS6?
Ist das ein gewerblich genutztes System?

Hallo.

Nein das ist kein gewerblich genutztes System.

lg

Aus welcher Quelle sind diese Programme?

Von dem gleichen von dem der PC ist. Habe ihn auf Willhaben.at gekauft.

Ok, dann hoffen wir mal, dass dir da keine gecrackten Edtitionen angedreht wurden

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Kann die exe leider nicht starten :/.

Ich habe sie im abgesicherten Modus runtergeladen und es kommt im abgesicherten Modus sowie im normalen Modus diese Meldung: E:\Benutzer\Patrick\Downloads\Combofix.exe konnte nicht gefunden werden. Stellen sie sicher, dass Sie den Name richtig eingegeben haben und wiederholen Sie den Vorgang

1.) wo steht was in der Anleitung von abgesicherten Modus?
2.) in der Anleitung wird gesagt, dass combofix.exe auf den Desktop soll und nicht woanders hin

Habe es jetzt nach 2 maligem neustart geschafft.

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 14-03-16.01 - Patrick 18.03.2014   0:17.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.16330.14505 [GMT 1:00]
ausgeführt von:: e:\benutzer\Patrick\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\575533705.exe
c:\users\Patrick\AppData\Roaming\GetFLV.exe
c:\users\Patrick\AppData\Roaming\msconfig.ini
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-02-17 bis 2014-03-17  ))))))))))))))))))))))))))))))
.
.
2014-03-17 21:48 . 2014-03-17 21:48	--------	d-----w-	C:\FRST
2014-03-17 13:24 . 2014-03-17 13:35	--------	d-----w-	c:\users\Patrick\AppData\Roaming\Sony
2014-03-17 09:48 . 2012-06-16 05:15	911360	----a-w-	c:\windows\system32\jscript.dll
2014-03-17 08:54 . 2014-03-17 08:54	--------	d-----w-	c:\users\Patrick\AppData\Roaming\tmp
2014-03-17 08:54 . 2014-03-17 09:11	--------	d-----w-	C:\{$7093-3599-3146-6724$}
2014-03-17 08:46 . 2009-08-05 16:30	40464	----a-w-	c:\windows\system32\drivers\npf.sys
2014-03-17 08:46 . 2009-08-05 16:30	88704	----a-w-	c:\windows\system32\Packet.dll
2014-03-17 08:46 . 2009-08-05 16:30	53299	----a-w-	c:\windows\system32\pthreadVC.dll
2014-03-17 08:46 . 2009-08-05 16:30	240248	----a-w-	c:\windows\system32\wpcap.dll
2014-03-16 13:02 . 2014-02-06 09:01	10536864	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E11548B-52D5-49D9-BCB1-AA5D80B71B20}\mpengine.dll
2014-03-15 14:47 . 2014-03-15 14:47	--------	d-----w-	c:\users\Patrick\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-03-15 10:27 . 2014-02-06 09:01	10536864	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-14 09:10 . 2014-02-20 08:34	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C1C87E9E-7CFD-47FE-B66F-93FA92B9B733}\gapaengine.dll
2014-03-13 20:41 . 2014-03-13 20:41	--------	d-----w-	c:\program files\MoTeC
2014-03-13 20:39 . 2014-03-13 20:39	--------	d-----w-	c:\programdata\MoTeC
2014-03-13 20:39 . 2014-03-13 20:39	--------	d-----w-	C:\MoTeC
2014-03-13 17:32 . 2014-03-13 17:32	--------	d-----w-	c:\users\Patrick\AppData\Local\Downloaded Installations
2014-03-13 08:15 . 2014-01-29 02:32	484864	----a-w-	c:\windows\system32\wer.dll
2014-03-13 08:15 . 2014-01-29 02:06	381440	----a-w-	c:\windows\SysWow64\wer.dll
2014-03-13 08:15 . 2014-01-28 02:32	228864	----a-w-	c:\windows\system32\wwansvc.dll
2014-03-13 08:15 . 2014-02-07 01:23	3156480	----a-w-	c:\windows\system32\win32k.sys
2014-03-13 08:14 . 2014-02-04 02:32	624128	----a-w-	c:\windows\system32\qedit.dll
2014-03-13 08:14 . 2014-02-04 02:04	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-03-13 08:14 . 2014-02-04 02:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-03-13 08:14 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-03-09 19:25 . 2014-03-09 19:25	--------	d-----w-	c:\program files\Logitech
2014-03-09 19:13 . 2014-03-09 19:13	--------	d-----w-	c:\users\Patrick\AppData\Local\Logitech
2014-03-09 19:07 . 2014-03-09 19:07	--------	d-----w-	c:\program files\Common Files\Logitech
2014-03-08 14:36 . 2014-03-08 14:36	98304	----a-w-	c:\windows\SysWow64\CmdLineExt.dll
2014-03-08 09:32 . 2014-03-08 09:32	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2014-03-08 09:32 . 2014-02-08 16:18	599840	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-03-05 20:22 . 2014-03-05 20:22	53248	----a-w-	c:\windows\SysWow64\nvTextureToolsUtil.dll
2014-03-05 20:09 . 2014-03-05 20:09	311428	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2014-03-05 20:09 . 2014-03-05 20:09	188548	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2014-03-05 20:09 . 2003-11-10 17:14	729088	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2014-03-05 20:09 . 2003-11-10 17:13	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2014-03-05 20:09 . 2003-11-10 17:12	266240	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2014-03-05 20:09 . 2003-11-10 17:12	192512	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2014-03-05 20:09 . 2003-11-10 17:11	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2014-03-04 15:08 . 2014-03-05 20:22	151552	----a-w-	c:\windows\SysWow64\nvRegDev.dll
2014-03-04 15:08 . 2014-03-05 20:22	40960	----a-w-	c:\windows\SysWow64\nvISWOW64.dll
2014-03-04 15:08 . 2014-03-05 20:20	61440	----a-w-	c:\windows\SysWow64\nvPhotoshopUtil.dll
2014-03-04 15:07 . 2002-08-15 09:11	344064	----a-r-	c:\windows\SysWow64\msvcr70.dll
2014-03-04 15:07 . 2002-01-05 02:40	487424	----a-r-	c:\windows\SysWow64\msvcp70.dll
2014-03-04 15:07 . 2014-03-04 15:07	282756	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2014-03-04 15:07 . 2014-03-04 15:07	163972	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2014-03-04 15:07 . 2002-12-05 13:12	692224	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2014-03-04 15:07 . 2002-12-05 13:10	155648	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2014-03-04 15:07 . 2002-12-02 14:22	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2014-03-04 15:07 . 2002-12-02 12:33	57344	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2014-03-04 15:07 . 2002-12-02 12:33	237568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2014-02-26 14:00 . 2014-02-26 14:00	--------	d-----w-	c:\programdata\Codemasters
2014-02-26 14:00 . 2014-02-27 09:58	--------	d-----w-	c:\programdata\Steam
2014-02-24 09:47 . 2014-02-08 18:34	1885472	----a-w-	c:\windows\system32\nvdispco6433489.dll
2014-02-24 09:47 . 2014-02-08 18:34	1515296	----a-w-	c:\windows\system32\nvdispgenco6433489.dll
2014-02-19 09:53 . 2014-03-17 09:52	--------	d-----w-	c:\users\Patrick\AppData\Roaming\SkyTestATC1
2014-02-19 09:53 . 2008-02-06 18:31	1019904	----a-w-	c:\windows\SysWow64\EvoVoIP.ocx
2014-02-19 09:53 . 2004-08-04 04:00	1227264	----a-w-	c:\windows\SysWow64\dx8vb.dll
2014-02-19 09:53 . 2000-10-01 23:00	125712	----a-w-	c:\windows\SysWow64\VB6DE.DLL
2014-02-19 09:53 . 2000-05-23 21:45	118784	----a-w-	c:\windows\SysWow64\MSSTDFMT.DLL
2014-02-19 09:53 . 1998-07-05 23:00	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2014-02-19 09:53 . 2004-08-04 04:00	1355776	----a-w-	c:\windows\SysWow64\MSVBVM50.DLL
2014-02-19 09:53 . 2002-12-20 14:02	1066176	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2014-02-19 09:53 . 1999-05-06 23:00	140288	----a-w-	c:\windows\SysWow64\comdlg32.OCX
2014-02-19 09:53 . 1999-01-25 19:30	26624	----a-w-	c:\windows\SysWow64\JKJoystick2.ocx
2014-02-19 09:53 . 1998-06-24 00:00	609584	----a-w-	c:\windows\SysWow64\COMCTL32.OCX
2014-02-19 09:53 . 1998-06-24 00:00	108336	----a-w-	c:\windows\SysWow64\MSWINSCK.OCX
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-17 10:01 . 2013-12-19 11:57	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-17 10:01 . 2013-12-19 11:57	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-20 08:34 . 2014-01-23 17:18	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-17 15:55 . 2013-12-21 09:31	88567024	----a-w-	c:\windows\system32\MRT.exe
2014-02-10 21:30 . 2014-02-10 21:30	119808	----a-r-	c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2014-02-08 18:34 . 2014-01-08 14:31	947296	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-02-08 18:34 . 2014-01-08 14:31	18257576	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-02-08 18:34 . 2014-01-08 14:31	17715784	----a-w-	c:\windows\system32\nvd3dumx.dll
2014-02-08 18:34 . 2014-01-08 14:31	15740232	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2014-02-08 18:34 . 2014-01-08 14:31	2713728	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-02-08 18:34 . 2014-01-08 14:31	14669032	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-02-08 18:34 . 2013-12-21 09:24	61216	----a-w-	c:\windows\system32\OpenCL.dll
2014-02-08 18:34 . 2013-12-21 09:24	53024	----a-w-	c:\windows\SysWow64\OpenCL.dll
2014-02-08 18:34 . 2013-12-21 09:24	3090184	----a-w-	c:\windows\system32\nvapi64.dll
2014-02-08 17:42 . 2013-12-21 09:24	6712608	----a-w-	c:\windows\system32\nvcpl.dll
2014-02-08 17:42 . 2013-12-21 09:24	3498272	----a-w-	c:\windows\system32\nvsvc64.dll
2014-02-08 17:42 . 2013-12-21 09:24	923936	----a-w-	c:\windows\system32\nvvsvc.exe
2014-02-08 17:42 . 2013-12-21 09:24	63776	----a-w-	c:\windows\system32\nvshext.dll
2014-02-08 17:42 . 2013-12-21 09:24	386336	----a-w-	c:\windows\system32\nvmctray.dll
2014-02-08 17:42 . 2013-12-21 09:24	2559776	----a-w-	c:\windows\system32\nvsvcr.dll
2014-02-05 17:52 . 2013-12-21 09:24	3573739	----a-w-	c:\windows\system32\nvcoproc.bin
2014-01-21 02:53 . 2013-12-21 09:25	1048152	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-01-21 02:53 . 2013-12-21 09:25	1179576	----a-w-	c:\windows\system32\nvspcap64.dll
2014-01-19 07:33 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2013-12-27 18:42 . 2014-01-23 17:30	39200	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2013-12-27 18:42 . 2014-01-23 17:30	33056	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2013-12-27 18:42 . 2013-12-21 09:24	35104	----a-w-	c:\windows\system32\nvaudcap64v.dll
2013-12-24 23:09 . 2014-02-13 04:37	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-13 04:37	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-12-20 13:29 . 2013-12-20 13:29	281872	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-12-20 13:29 . 2013-12-20 13:29	281872	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-12-20 13:29 . 2013-12-20 13:29	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-12-19 20:33 . 2014-01-08 14:31	1884448	----a-w-	c:\windows\system32\nvdispco6433221.dll
2013-12-19 20:33 . 2014-01-08 14:31	1511712	----a-w-	c:\windows\system32\nvdispgenco6433221.dll
2013-12-19 09:50 . 2013-12-19 09:50	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-19 09:50 . 2013-12-19 09:50	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-12-19 09:50 . 2013-12-19 09:50	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-12-19 09:50 . 2013-12-19 09:50	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-12-19 09:50 . 2013-12-19 09:50	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-12-19 09:50 . 2013-12-19 09:50	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-12-19 09:50 . 2013-12-19 09:50	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-12-19 09:50 . 2013-12-19 09:50	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-12-19 09:50 . 2013-12-19 09:50	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-12-19 09:50 . 2013-12-19 09:50	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-12-19 09:50 . 2013-12-19 09:50	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-12-19 09:50 . 2013-12-19 09:50	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-12-19 09:50 . 2013-12-19 09:50	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-12-19 09:50 . 2013-12-19 09:50	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-12-19 09:50 . 2013-12-19 09:50	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-12-19 09:50 . 2013-12-19 09:50	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-12-19 09:50 . 2013-12-19 09:50	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-12-19 09:50 . 2013-12-19 09:50	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-12-19 09:50 . 2013-12-19 09:50	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-12-19 09:50 . 2013-12-19 09:50	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-12-19 09:50 . 2013-12-19 09:50	1238528	----a-w-	c:\windows\system32\d3d10.dll
2013-12-19 09:50 . 2013-12-19 09:50	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-12-19 09:50 . 2013-12-19 09:50	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-12-19 09:50 . 2013-12-19 09:50	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-12-19 09:50 . 2013-12-19 09:50	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-12-19 09:50 . 2013-12-19 09:50	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-12-18 20:09 . 2014-01-15 10:16	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-02 11:35	1727176	----a-w-	c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-02 11:35	1727176	----a-w-	c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-02 11:35	1727176	----a-w-	c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"RUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Windows Registry"="c:\{$7093-3599-3146-6724$}\winreg.exe" [2014-02-13 5861376]
.
c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Windows Registry.url [2014-3-18 54]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"Load"=c:\{$7093-3599-3146-6724$}\winreg.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avcenter.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avguard.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avp.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\bdagent.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\ccuac.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\ComboFix.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\egui.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\hijackthis.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\keyscrambler.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\mbam.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\MpCmdRun.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\MSASCui.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\MsMpEng.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\msseces.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\spybotsd.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\wireshark.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\zlclient.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_OTPService;MSI_OTPService;c:\program files (x86)\MSI\OTPService\OTPService.exe;c:\program files (x86)\MSI\OTPService\OTPService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;e:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;e:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_T;NTIOLib_1_0_T;c:\program files (x86)\MSI\OTPService\NTIOLib_X64.sys;c:\program files (x86)\MSI\OTPService\NTIOLib_X64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-19 10:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-01-15 6963272]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-08-31 127616]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-08-31 764544]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccuac.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keyscrambler.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe]
"Debugger"=nsjw.exe
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe]
"Debugger"=nsjw.exe
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - e:\progra~4\MICROS~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ofu6ir9g.default\
FF - user.js: browser.newtab.url - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{E8166F43-08B6-4CD6-A9AD-2416AE687F4E} - (no file)
AddRemove-PunkBusterSvc - e:\program files (x86)\Origin Games\Battlefield 4\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccuac.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keyscrambler.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winreg.exe]
@Denied: (A C D 2 3) (Everyone)
"DisableExceptionChainValidation"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe]
@Denied: (A C D 2 3) (Everyone)
"Debugger"="nsjw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\users\Patrick\AppData\Roaming\GetFLV.exe
c:\windows\SysWOW64\WScript.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-18  00:21:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-03-17 23:21
.
Vor Suchlauf: 11 Verzeichnis(se), 51.923.591.168 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 51.674.439.680 Bytes frei
.
- - End Of File - - DE2446B351A174CFB58543BAE12E6D58
A36C5E4F47E84449FF07ED3517B43A31
         

Vielen dank schon jetzt

Edit: Ahh...verdammt. soll ich es nochmal machen?

Dein System sieht aus als wär es im Eimer

Bitte mal mit MBAR fortfahren

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Ich kann aber nur im abgesicherten Modus runterladen :/

Ist ja egal. Dann lädst es von da runter, startest es um zu updaten machst aber den eigentlich scan im normalen Modus.

Ok.

Habe das gemacht

Code: Alles auswählenAufklappen

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.417000 GHz
Memory total: 17123012608, free: 15768895488

Downloaded database version: v2014.03.17.09
Downloaded database version: v2014.02.20.01
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.417000 GHz
Memory total: 17123012608, free: 15577694208

=======================================
Initializing...
------------ Kernel report ------------
     03/18/2014 00:36:09
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\E:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\rusb3xhc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\system32\DRIVERS\rusb3hub.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\system32\drivers\WmVirHid.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files (x86)\MSI\OTPService\NTIOLib_X64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\nsi.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\comdlg32.dll
\Windows\System32\setupapi.dll
\Windows\System32\shell32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\oleaut32.dll
\Windows\System32\user32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\difxapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\normaliz.dll
\Windows\System32\ws2_32.dll
\Windows\System32\ole32.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800cfa2060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa800cd99060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800cfa1060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800c9ee060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800cfa1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cfa1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cfa1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800c9ee060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 86E2C739

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 234231808

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-234421648-234441648)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800cfa2060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cfa2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cfa2060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cd99060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1

Partition information:

    Partition 0 type is Dynamic (0x42)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 781420657

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 400088457216 bytes
Sector size: 512 bytes

Done!
Infected: C:\ProgramData\575533705.exe --> [Trojan.Agent]
Infected: C:\Users\Patrick\AppData\Roaming\msconfig.ini --> [Trojan.Agent]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load --> [Trojan.Agent]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Windows Registry --> [Trojan.Agent]
Infected: C:\{$7093-3599-3146-6724$} --> [Trojan.Agent.BCM]
Infected: C:\{$7093-3599-3146-6724$}\winreg.exe --> [Trojan.Agent.BCM]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WINREG.EXE --> [Trojan.Agent.BCM]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WINREG.EXE --> [Trojan.Agent.BCM]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load --> [Trojan.Agent.BCM]
Infected: C:\{$7093-3599-3146-6724$}\winreg.exe --> [Trojan.Agent.BCM]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.417000 GHz
Memory total: 17123012608, free: 15372111872

Initializing...
======================
------------ Kernel report ------------
     03/18/2014 00:43:24
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\E:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\rusb3xhc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\system32\DRIVERS\rusb3hub.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files (x86)\MSI\OTPService\NTIOLib_X64.sys
\SystemRoot\system32\drivers\WmVirHid.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\usp10.dll
\Windows\System32\psapi.dll
\Windows\System32\nsi.dll
\Windows\System32\lpk.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\ole32.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800cf9b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa800cb4d060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800cf9a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800c9cd060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800cf9a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cf9ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cf9a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800c9cd060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 86E2C739

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 234231808

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-234421648-234441648)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800cf9b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cf9bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cf9b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cb4d060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1

Partition information:

    Partition 0 type is Dynamic (0x42)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 781420657

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 400088457216 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
         

Falsches Log. Bitte das richtige posten

Zitat:

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Patrick :: PATRICK-PC [administrator]

18.03.2014 00:36:12
mbar-log-2014-03-18 (00-36-12).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 243288
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Detected: 1
C:\{$7093-3599-3146-6724$}\winreg.exe (Trojan.Agent.BCM) -> 2368 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 32
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WINREG.EXE (Trojan.Agent.BCM) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WINREG.EXE (Trojan.Agent.BCM) -> Delete on reboot.

Registry Values Detected: 8
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (Trojan.Agent) -> Data: C:\{$7093-3599-3146-6724$}\winreg.exe -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger (Security.Hijack) -> Data: nsjw.exe -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger (Security.Hijack) -> Data: nsjw.exe -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger (Security.Hijack) -> Data: nsjw.exe -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger (Security.Hijack) -> Data: nsjw.exe -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger (Security.Hijack) -> Data: nsjw.exe -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger (Security.Hijack) -> Data: nsjw.exe -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Windows Registry (Trojan.Agent) -> Data: C:\{$7093-3599-3146-6724$}\winreg.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows" -> Delete on reboot.

Registry Data Items Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (Trojan.Agent.BCM) -> Bad: (C:\{$7093-3599-3146-6724$}\winreg.exe) Good: () -> Replace on reboot.

Folders Detected: 1
C:\{$7093-3599-3146-6724$} (Trojan.Agent.BCM) -> Delete on reboot.

Files Detected: 3
C:\ProgramData\575533705.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Patrick\AppData\Roaming\msconfig.ini (Trojan.Agent) -> Delete on reboot.
C:\{$7093-3599-3146-6724$}\winreg.exe (Trojan.Agent.BCM) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

und dann:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Patrick :: PATRICK-PC [administrator]

18.03.2014 00:43:26
mbar-log-2014-03-18 (00-43-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 243169
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)