Win7: Chrome öffnet selbstständig Werbe-Tabs

Lasiandra · 30.11.2014, 17:25

Hallo ihr Lieben!

Ich hab ein "kleines" Problem, das mich mittlerweile etwas ärgert. Willkürlich, wenn ich Google Chrome geöffnet habe, öffnen sich 2 Werbe-Tabs mit unterschiedlicher Werbung - meist für Browser-Games.
Nun hab ich schon einige Google-Suchanfragen durchgeackert, konnte aber leider nichts an der Situation ändern. Probiert habe ich: Malwarebytes, Avira, CCCleaner und Spybot Search&Destroy.
Nun bitte ich euch um eure Hilfe, da ich nicht mehr weiß was ich tun kann, ohne irgendetwas Schädliches anzurichten ^^

Im Anhang nun meine Logfiles, ich hoffe ich hab alle:

defogger_disable.log

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:37 on 30/11/2014 (Lasiandra)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Gmer.txt

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-30 16:57:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 931,51GB
Running: knd370g8.exe; Driver: C:\Users\LASIAN~1\AppData\Local\Temp\pwloakow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                   fffff80002feb000 86 bytes [00, 00, E0, 00, 48, 54, 61, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 789                                                                   fffff80002feb105 60 bytes [FA, FF, FF, 00, 41, 83, 0A, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!RegSetValueExW                       000000007738a400 7 bytes JMP 000000016fff0228
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!RegQueryValueExW                     0000000077393f20 5 bytes JMP 000000016fff0180
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!RegDeleteValueW                      00000000773affb0 5 bytes JMP 000000016fff01b8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                00000000773bf2e0 5 bytes JMP 000000016fff0110
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx              00000000773e9a30 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!K32GetModuleInformation              00000000773f94c0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!RegSetValueExA                       00000000774187e0 7 bytes JMP 000000016fff01f0
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                  000007fefe9289f0 8 bytes JMP 000007fffd5a01f0
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                000007fefe92be50 8 bytes JMP 000007fffd5a01b8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\ole32.dll!CoCreateInstance                        000007feff147490 11 bytes JMP 000007fffd5a0228
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                       000007feff15bf00 7 bytes JMP 000007fffd5a0260
.text     C:\Windows\system32\Dwm.exe[1944] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                     000007fefd5b2db0 5 bytes JMP 000007fffd5a0180
.text     C:\Windows\system32\Dwm.exe[1944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                000007fefd5b37d0 7 bytes JMP 000007fffd5a00d8
.text     C:\Windows\system32\Dwm.exe[1944] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                  000007fefd5b8ef0 6 bytes JMP 000007fffd5a0148
.text     C:\Windows\system32\Dwm.exe[1944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                              000007fefd5caf60 5 bytes JMP 000007fffd5a0110
.text     C:\Windows\system32\Dwm.exe[1944] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                               000007fefe9289f0 8 bytes JMP 000007fffd5a01f0
.text     C:\Windows\system32\Dwm.exe[1944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                             000007fefe92be50 8 bytes JMP 000007fffd5a01b8
.text     C:\Windows\system32\Dwm.exe[1944] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                     000007fef8aadc88 5 bytes JMP 000007fff88a00d8
.text     C:\Windows\system32\Dwm.exe[1944] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                    000007fef8aade10 5 bytes JMP 000007fff88a0110
.text     C:\Windows\System32\igfxpers.exe[2740] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                          000007fefe9289f0 8 bytes JMP 000007fffd5a01f0
.text     C:\Windows\System32\igfxpers.exe[2740] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                        000007fefe92be50 8 bytes JMP 000007fffd5a01b8
.text     C:\Program Files\Elantech\ETDCtrl.exe[2840] C:\Windows\system32\ole32.dll!CoCreateInstance                                           000007feff147490 11 bytes JMP 000007fffd5a0228
.text     C:\Program Files\Elantech\ETDCtrl.exe[2840] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                          000007feff15bf00 7 bytes JMP 000007fffd5a0260
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2872] C:\Windows\system32\kernel32.dll!RegSetValueExW                000000007738a400 7 bytes JMP 000000016fff0228
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2872] C:\Windows\system32\kernel32.dll!RegQueryValueExW              0000000077393f20 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2872] C:\Windows\system32\kernel32.dll!RegDeleteValueW               00000000773affb0 5 bytes JMP 000000016fff01b8
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2872] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW         00000000773bf2e0 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2872] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx       00000000773e9a30 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2872] C:\Windows\system32\kernel32.dll!K32GetModuleInformation       00000000773f94c0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2872] C:\Windows\system32\kernel32.dll!RegSetValueExA                00000000774187e0 7 bytes JMP 000000016fff01f0
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                0000000076c51f0e 7 bytes JMP 000000016e714b10
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                  0000000076c55bad 7 bytes JMP 000000016e7154b0
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                  0000000076c61409 7 bytes JMP 000000016e714e50
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                 0000000076c6ea45 7 bytes JMP 000000016e714b00
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                         0000000076cf8e24 7 bytes JMP 000000016e7145c0
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                         0000000076cf8ea9 5 bytes JMP 000000016e714670
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                           0000000076cf91ff 5 bytes JMP 000000016e7145d0
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                              0000000076331d29 5 bytes JMP 000000016e714580
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                            0000000076331dd7 5 bytes JMP 000000016e714540
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                0000000076332ab1 5 bytes JMP 000000016e714680
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                   0000000076332d17 5 bytes JMP 000000016e714360
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                   0000000076e98a29 5 bytes JMP 000000016e713a40
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                               0000000076ea4572 5 bytes JMP 000000016e7142e0
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                               0000000076ebe567 5 bytes JMP 000000016e714350
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                          0000000076ee07d7 5 bytes JMP 000000016e713850
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                        0000000076ef7a5c 5 bytes JMP 000000016e7142d0
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                           000000007639e96b 5 bytes JMP 000000016e713b60
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                             000000007639eba5 5 bytes JMP 000000016e713b80
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                  0000000076fc5ea5 5 bytes JMP 000000016e713a00
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                   0000000076ff9d0b 5 bytes JMP 000000016e713990
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                  0000000074ab11a8 2 bytes [AB, 74]
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248                                 0000000074ab127d 2 bytes CALL 76c514b9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395                                 0000000074ab1310 2 bytes CALL 76c514b9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                            0000000074ab13a8 2 bytes [AB, 74]
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                0000000074ab1422 2 bytes [AB, 74]
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                         0000000074ab1498 2 bytes [AB, 74]
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4                      00000000746e1825 2 bytes JMP 763c6125 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4                     00000000746e1830 2 bytes JMP 763c6145 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4                  00000000746e183b 2 bytes JMP 763c6165 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4                    00000000746e1846 2 bytes JMP 763c5a05 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4          00000000746e1851 2 bytes JMP 763c6185 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4                  00000000746e185c 2 bytes JMP 763c6265 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4                            00000000746e1867 2 bytes JMP 763c6285 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4                       00000000746e1872 2 bytes JMP 763c62a5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4                    00000000746e187d 2 bytes JMP 763c62c5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4                                 00000000746e1888 2 bytes JMP 763c5a25 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4                  00000000746e1893 2 bytes JMP 763c62e5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4                    00000000746e189e 2 bytes JMP 763c5aa5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4                        00000000746e18a9 2 bytes JMP 763c6305 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4                     00000000746e18b4 2 bytes JMP 763c6325 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4              00000000746e18bf 2 bytes JMP 76391fcb C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4                        00000000746e18ca 2 bytes JMP 763c6365 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4                       00000000746e18d5 2 bytes JMP 763c5ac5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4                     00000000746e18e0 2 bytes JMP 763c5b45 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4                 00000000746e18eb 2 bytes JMP 763c5b65 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4              00000000746e18f6 2 bytes JMP 763c68c5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4                 00000000746e1901 2 bytes JMP 763c5a85 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4                    00000000746e190c 2 bytes JMP 763c68e5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4                       00000000746e1917 2 bytes JMP 763c6925 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4                      00000000746e1922 2 bytes JMP 763c5ae5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4                      00000000746e192d 2 bytes JMP 763c6945 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4                                00000000746e1938 2 bytes JMP 763c6965 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4                    00000000746e1943 2 bytes JMP 763c6985 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4                00000000746e194e 2 bytes JMP 763c69a5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4                        00000000746e1959 2 bytes JMP 763c69c5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4                               00000000746e1964 2 bytes JMP 763c69e5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4                       00000000746e196f 2 bytes JMP 763c6a05 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4                      00000000746e197a 2 bytes JMP 763c6a25 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4                         00000000746e1985 2 bytes JMP 763c6a45 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4                       00000000746e1990 2 bytes JMP 763c6a65 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4               00000000746e199b 2 bytes JMP 763c6a85 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4                   00000000746e19a6 2 bytes JMP 763c6aa5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4                    00000000746e19b1 2 bytes JMP 763c6ac5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4                      00000000746e19bc 2 bytes JMP 763c6ae5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4                         00000000746e19c7 2 bytes JMP 763c6b05 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4                                00000000746e19d2 2 bytes JMP 763c6b25 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4                             00000000746e19dd 2 bytes JMP 763c5b85 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4               00000000746e19e8 2 bytes JMP 763c6b65 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4                   00000000746e19f3 2 bytes JMP 763c6b85 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4            00000000746e19fe 2 bytes JMP 763c6bc3 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4                           00000000746e1a09 2 bytes JMP 763c6be3 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4                        00000000746e1a14 2 bytes JMP 763c6c03 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4                         00000000746e1a1f 2 bytes JMP 763c5b05 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4                         00000000746e1a2a 2 bytes JMP 763c6c23 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4                    00000000746e1a35 2 bytes JMP 763c6c43 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4                        00000000746e1a40 2 bytes JMP 763c6c63 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4                  00000000746e1a4b 2 bytes JMP 763c6c83 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4                     00000000746e1a56 2 bytes JMP 763c6ca3 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4                              00000000746e1a61 2 bytes JMP 763c6cc3 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4                           00000000746e1a6c 2 bytes JMP 763c5ba5 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4                       00000000746e1a77 2 bytes JMP 763c6ce3 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4                00000000746e1a82 2 bytes JMP 763c6d03 C:\Windows\syswow64\GDI32.dll
.text     C:\Program Files (x86)\ChiconyCam\CECAPLF.exe[2880] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52               00000000746e1ab2 2 bytes JMP 7563dc75 C:\Windows\syswow64\msvcrt.dll
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[2928] C:\Windows\system32\kernel32.dll!RegSetValueExW                               000000007738a400 7 bytes JMP 000000016fff0228
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[2928] C:\Windows\system32\kernel32.dll!RegQueryValueExW                             0000000077393f20 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[2928] C:\Windows\system32\kernel32.dll!RegDeleteValueW                              00000000773affb0 5 bytes JMP 000000016fff01b8
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[2928] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                        00000000773bf2e0 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[2928] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                      00000000773e9a30 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[2928] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                      00000000773f94c0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[2928] C:\Windows\system32\kernel32.dll!RegSetValueExA                               00000000774187e0 7 bytes JMP 000000016fff01f0
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW          0000000076c51f0e 7 bytes JMP 000000016e714b10
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\kernel32.dll!RegSetValueExW            0000000076c55bad 7 bytes JMP 000000016e7154b0
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\kernel32.dll!RegSetValueExA            0000000076c61409 7 bytes JMP 000000016e714e50
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW           0000000076c6ea45 7 bytes JMP 000000016e714b00
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx   0000000076cf8e24 7 bytes JMP 000000016e7145c0
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation   0000000076cf8ea9 5 bytes JMP 000000016e714670
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW     0000000076cf91ff 5 bytes JMP 000000016e7145d0
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW        0000000076331d29 5 bytes JMP 000000016e714580
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW      0000000076331dd7 5 bytes JMP 000000016e714540
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW          0000000076332ab1 5 bytes JMP 000000016e714680
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary             0000000076332d17 5 bytes JMP 000000016e714360
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\USER32.dll!CreateWindowExW             0000000076e98a29 5 bytes JMP 000000016e713a40
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA         0000000076ea4572 5 bytes JMP 000000016e7142e0
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW         0000000076ebe567 5 bytes JMP 000000016e714350
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW    0000000076ee07d7 5 bytes JMP 000000016e713850
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo  0000000076ef7a5c 5 bytes JMP 000000016e7142d0
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList     000000007639e96b 5 bytes JMP 000000016e713b60
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo       000000007639eba5 5 bytes JMP 000000016e713b80
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket            0000000076fc5ea5 5 bytes JMP 000000016e713a00
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1260] C:\Windows\syswow64\ole32.dll!CoCreateInstance             0000000076ff9d0b 5 bytes JMP 000000016e713990
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2512] C:\Windows\system32\kernel32.dll!RegSetValueExW                         000000007738a400 7 bytes JMP 000000016fff0228
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2512] C:\Windows\system32\kernel32.dll!RegQueryValueExW                       0000000077393f20 5 bytes JMP 000000016fff0180
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2512] C:\Windows\system32\kernel32.dll!RegDeleteValueW                        00000000773affb0 5 bytes JMP 000000016fff01b8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2512] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                  00000000773bf2e0 5 bytes JMP 000000016fff0110
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2512] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                00000000773e9a30 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2512] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                00000000773f94c0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2512] C:\Windows\system32\kernel32.dll!RegSetValueExA                         00000000774187e0 7 bytes JMP 000000016fff01f0
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2512] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                          000007fefd5b2db0 5 bytes JMP 000007fffd580180
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                     000007fefd5b37d0 7 bytes JMP 000007fffd5800d8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                       000007fefd5b8ef0 6 bytes JMP 000007fffd580148
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                   000007fefd5caf60 5 bytes JMP 000007fffd580110
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2512] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                    000007fefe9289f0 8 bytes JMP 000007fffd5801f0
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2512] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                  000007fefe92be50 8 bytes JMP 000007fffd5801b8
.text     C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[2516] C:\Windows\system32\KERNELBASE.dll!FreeLibrary             000007fefd5b2db0 5 bytes JMP 000007fffd3d0180
.text     C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[2516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW        000007fefd5b37d0 7 bytes JMP 000007fffd3d00d8
.text     C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[2516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW          000007fefd5b8ef0 6 bytes JMP 000007fffd3d0148
.text     C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[2516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW      000007fefd5caf60 5 bytes JMP 000007fffd3d0110
.text     C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[2516] C:\Windows\system32\ole32.dll!CoCreateInstance             000007feff147490 11 bytes JMP 000007fffd3d0228
.text     C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[2516] C:\Windows\system32\ole32.dll!CoSetProxyBlanket            000007feff15bf00 7 bytes JMP 000007fffd3d0260
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW                                      0000000076c51f0e 7 bytes JMP 000000016e714b10
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW                                        0000000076c55bad 7 bytes JMP 000000016e7154b0
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                                        0000000076c61409 7 bytes JMP 000000016e714e50
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW                                       0000000076c6ea45 7 bytes JMP 000000016e714b00
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                               0000000076cf8e24 7 bytes JMP 000000016e7145c0
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                               0000000076cf8ea9 5 bytes JMP 000000016e714670
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                                 0000000076cf91ff 5 bytes JMP 000000016e7145d0
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                    0000000076331d29 5 bytes JMP 000000016e714580
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                  0000000076331dd7 5 bytes JMP 000000016e714540
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                      0000000076332ab1 5 bytes JMP 000000016e714680
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                         0000000076332d17 5 bytes JMP 000000016e714360
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                         0000000076e98a29 5 bytes JMP 000000016e713a40
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                     0000000076ea4572 5 bytes JMP 000000016e7142e0
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                     0000000076ebe567 5 bytes JMP 000000016e714350
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                0000000076ee07d7 5 bytes JMP 000000016e713850
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                              0000000076ef7a5c 5 bytes JMP 000000016e7142d0
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                0000000076c21401 2 bytes JMP 76c7b21b C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                  0000000076c21419 2 bytes JMP 76c7b346 C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                0000000076c21431 2 bytes JMP 76cf8ea9 C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                0000000076c2144a 2 bytes CALL 76c548ad C:\Windows\syswow64\KERNEL32.dll
.text     ...                                                                                                                                  * 9
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                   0000000076c214dd 2 bytes JMP 76cf87a2 C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                            0000000076c214f5 2 bytes JMP 76cf8978 C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                   0000000076c2150d 2 bytes JMP 76cf8698 C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                            0000000076c21525 2 bytes JMP 76cf8a62 C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                  0000000076c2153d 2 bytes JMP 76c6fca8 C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                       0000000076c21555 2 bytes JMP 76c768ef C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                0000000076c2156d 2 bytes JMP 76cf8f61 C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                  0000000076c21585 2 bytes JMP 76cf8ac2 C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                     0000000076c2159d 2 bytes JMP 76cf865c C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                  0000000076c215b5 2 bytes JMP 76c6fd41 C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                0000000076c215cd 2 bytes JMP 76c7b2dc C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                            0000000076c216b2 2 bytes JMP 76cf8e24 C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\Hotkey\Hotkey.exe[464] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                            0000000076c216bd 2 bytes JMP 76cf85f1 C:\Windows\syswow64\KERNEL32.dll
.text     C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3080] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList              000000007639e96b 5 bytes JMP 000000016e713b60
.text     C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3080] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                000000007639eba5 5 bytes JMP 000000016e713b80
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                0000000076c51f0e 7 bytes JMP 000000016e714b10
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                  0000000076c55bad 7 bytes JMP 000000016e7154b0
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                  0000000076c61409 7 bytes JMP 000000016e714e50
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                 0000000076c6ea45 7 bytes JMP 000000016e714b00
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx         0000000076cf8e24 7 bytes JMP 000000016e7145c0
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation         0000000076cf8ea9 5 bytes JMP 000000016e714670
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW           0000000076cf91ff 5 bytes JMP 000000016e7145d0
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW              0000000076331d29 5 bytes JMP 000000016e714580
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW            0000000076331dd7 5 bytes JMP 000000016e714540
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                0000000076332ab1 5 bytes JMP 000000016e714680
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                   0000000076332d17 5 bytes JMP 000000016e714360
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                  0000000076fc5ea5 5 bytes JMP 000000016e713a00
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\ole32.dll!CoCreateInstance                   0000000076ff9d0b 5 bytes JMP 000000016e713990
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList           000000007639e96b 5 bytes JMP 000000016e713b60
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo             000000007639eba5 5 bytes JMP 000000016e713b80
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\USER32.dll!CreateWindowExW                   0000000076e98a29 5 bytes JMP 000000016e713a40
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA               0000000076ea4572 5 bytes JMP 000000016e7142e0
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW               0000000076ebe567 5 bytes JMP 000000016e714350
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW          0000000076ee07d7 5 bytes JMP 000000016e713850
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo        0000000076ef7a5c 5 bytes JMP 000000016e7142d0
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17          0000000076c21401 2 bytes JMP 76c7b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17            0000000076c21419 2 bytes JMP 76c7b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17          0000000076c21431 2 bytes JMP 76cf8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42          0000000076c2144a 2 bytes CALL 76c548ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                  * 9
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17             0000000076c214dd 2 bytes JMP 76cf87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17      0000000076c214f5 2 bytes JMP 76cf8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17             0000000076c2150d 2 bytes JMP 76cf8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17      0000000076c21525 2 bytes JMP 76cf8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17            0000000076c2153d 2 bytes JMP 76c6fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                 0000000076c21555 2 bytes JMP 76c768ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17          0000000076c2156d 2 bytes JMP 76cf8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17            0000000076c21585 2 bytes JMP 76cf8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17               0000000076c2159d 2 bytes JMP 76cf865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17            0000000076c215b5 2 bytes JMP 76c6fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17          0000000076c215cd 2 bytes JMP 76c7b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20      0000000076c216b2 2 bytes JMP 76cf8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3092] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31      0000000076c216bd 2 bytes JMP 76cf85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3104] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW                   0000000076c51f0e 7 bytes JMP 000000016e714b10
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3104] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW                     0000000076c55bad 7 bytes JMP 000000016e7154b0
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3104] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                     0000000076c61409 7 bytes JMP 000000016e714e50
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3104] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW                    0000000076c6ea45 7 bytes JMP 000000016e714b00
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3104] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx            0000000076cf8e24 7 bytes JMP 000000016e7145c0
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3104] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation            0000000076cf8ea9 5 bytes JMP 000000016e714670
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3104] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW              0000000076cf91ff 5 bytes JMP 000000016e7145d0
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                 0000000076331d29 5 bytes JMP 000000016e714580
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW               0000000076331dd7 5 bytes JMP 000000016e714540
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                   0000000076332ab1 5 bytes JMP 000000016e714680
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3104] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                      0000000076332d17 5 bytes JMP 000000016e714360
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3224] C:\Windows\system32\kernel32.dll!RegSetValueExW                      000000007738a400 7 bytes JMP 000000016fff0228
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3224] C:\Windows\system32\kernel32.dll!RegQueryValueExW                    0000000077393f20 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3224] C:\Windows\system32\kernel32.dll!RegDeleteValueW                     00000000773affb0 5 bytes JMP 000000016fff01b8
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3224] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW               00000000773bf2e0 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3224] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx             00000000773e9a30 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3224] C:\Windows\system32\kernel32.dll!K32GetModuleInformation             00000000773f94c0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3224] C:\Windows\system32\kernel32.dll!RegSetValueExA                      00000000774187e0 7 bytes JMP 000000016fff01f0
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3224] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                 000007fefe9289f0 8 bytes JMP 000007fffd5a01f0
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3224] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList               000007fefe92be50 8 bytes JMP 000007fffd5a01b8
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\kernel32.dll!RegSetValueExW                000000007738a400 7 bytes JMP 000000016fff0228
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\kernel32.dll!RegQueryValueExW              0000000077393f20 5 bytes JMP 000000016fff0180
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\kernel32.dll!RegDeleteValueW               00000000773affb0 5 bytes JMP 000000016fff01b8
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW         00000000773bf2e0 5 bytes JMP 000000016fff0110
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx       00000000773e9a30 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\kernel32.dll!K32GetModuleInformation       00000000773f94c0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\kernel32.dll!RegSetValueExA                00000000774187e0 7 bytes JMP 000000016fff01f0
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                 000007fefd5b2db0 5 bytes JMP 000007fffd3d0180
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW            000007fefd5b37d0 7 bytes JMP 000007fffd3d00d8
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW              000007fefd5b8ef0 6 bytes JMP 000007fffd3d0148
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW          000007fefd5caf60 5 bytes JMP 000007fffd3d0110
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\ole32.dll!CoCreateInstance                 000007feff147490 11 bytes JMP 000007fffd3d0228
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                000007feff15bf00 7 bytes JMP 000007fffd3d0260
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo           000007fefe9289f0 8 bytes JMP 000007fffd3d01f0
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList         000007fefe92be50 8 bytes JMP 000007fffd3d01b8
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex                 000007fef1e02460 5 bytes JMP 000007fefd3d02d0
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3840] C:\Windows\system32\d3d9.dll!Direct3DCreate9                   000007fef1e396b0 6 bytes JMP 000007fefd3d0298
.text     C:\Windows\system32\wbem\unsecapp.exe[5256] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                           000007fefd5b2db0 5 bytes JMP 000007fffd5a0180
.text     C:\Windows\system32\wbem\unsecapp.exe[5256] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                      000007fefd5b37d0 7 bytes JMP 000007fffd5a00d8
.text     C:\Windows\system32\wbem\unsecapp.exe[5256] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                        000007fefd5b8ef0 6 bytes JMP 000007fffd5a0148
.text     C:\Windows\system32\wbem\unsecapp.exe[5256] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                    000007fefd5caf60 5 bytes JMP 000007fffd5a0110
.text     C:\Windows\system32\wbem\unsecapp.exe[5256] C:\Windows\system32\ole32.dll!CoCreateInstance                                           000007feff147490 11 bytes JMP 000007fffd5a0228
.text     C:\Windows\system32\wbem\unsecapp.exe[5256] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                          000007feff15bf00 7 bytes JMP 000007fffd5a0260
.text     C:\Windows\system32\wbem\unsecapp.exe[5256] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                     000007fefe9289f0 8 bytes JMP 000007fffd5a01f0
.text     C:\Windows\system32\wbem\unsecapp.exe[5256] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                   000007fefe92be50 8 bytes JMP 000007fffd5a01b8
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                    0000000076c21401 2 bytes JMP 76c7b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                      0000000076c21419 2 bytes JMP 76c7b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                    0000000076c21431 2 bytes JMP 76cf8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                    0000000076c2144a 2 bytes CALL 76c548ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                  * 9
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                       0000000076c214dd 2 bytes JMP 76cf87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                0000000076c214f5 2 bytes JMP 76cf8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                       0000000076c2150d 2 bytes JMP 76cf8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                0000000076c21525 2 bytes JMP 76cf8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                      0000000076c2153d 2 bytes JMP 76c6fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                           0000000076c21555 2 bytes JMP 76c768ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                    0000000076c2156d 2 bytes JMP 76cf8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                      0000000076c21585 2 bytes JMP 76cf8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                         0000000076c2159d 2 bytes JMP 76cf865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                      0000000076c215b5 2 bytes JMP 76c6fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                    0000000076c215cd 2 bytes JMP 76c7b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                0000000076c216b2 2 bytes JMP 76cf8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                0000000076c216bd 2 bytes JMP 76cf85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                      0000000076c51f0e 7 bytes JMP 000000016e714b10
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                        0000000076c55bad 7 bytes JMP 000000016e7154b0
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                        0000000076c61409 7 bytes JMP 000000016e714e50
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                       0000000076c6ea45 7 bytes JMP 000000016e714b00
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx               0000000076cf8e24 7 bytes JMP 000000016e7145c0
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation               0000000076cf8ea9 5 bytes JMP 000000016e714670
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                 0000000076cf91ff 5 bytes JMP 000000016e7145d0
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                    0000000076331d29 5 bytes JMP 000000016e714580
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                  0000000076331dd7 5 bytes JMP 000000016e714540
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                      0000000076332ab1 5 bytes JMP 000000016e714680
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                         0000000076332d17 5 bytes JMP 000000016e714360
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                 000000007639e96b 5 bytes JMP 000000016e713b60
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                   000000007639eba5 5 bytes JMP 000000016e713b80
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\USER32.dll!CreateWindowExW                         0000000076e98a29 5 bytes JMP 000000016e713a40
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                     0000000076ea4572 5 bytes JMP 000000016e7142e0
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                     0000000076ebe567 5 bytes JMP 000000016e714350
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                0000000076ee07d7 5 bytes JMP 000000016e713850
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo              0000000076ef7a5c 5 bytes JMP 000000016e7142d0
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                        0000000076fc5ea5 5 bytes JMP 000000016e713a00
.text     C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7736] C:\Windows\syswow64\ole32.dll!CoCreateInstance                         0000000076ff9d0b 5 bytes JMP 000000016e713990
.text     C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[6512] C:\Windows\system32\KERNELBASE.dll!FreeLibrary             000007fefd5b2db0 5 bytes JMP 000007fffd580180
.text     C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[6512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW        000007fefd5b37d0 7 bytes JMP 000007fffd5800d8
.text     C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[6512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW          000007fefd5b8ef0 6 bytes JMP 000007fffd580148
.text     C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[6512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW      000007fefd5caf60 5 bytes JMP 000007fffd580110
.text     C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[6512] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo       000007fefe9289f0 8 bytes JMP 000007fffd5801f0
.text     C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[6512] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList     000007fefe92be50 8 bytes JMP 000007fffd5801b8
.text     C:\Windows\system32\notepad.exe[9068] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                000000007738a400 7 bytes JMP 000000016fff0228
.text     C:\Windows\system32\notepad.exe[9068] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                              0000000077393f20 5 bytes JMP 000000016fff0180
.text     C:\Windows\system32\notepad.exe[9068] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                               00000000773affb0 5 bytes JMP 000000016fff01b8
.text     C:\Windows\system32\notepad.exe[9068] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                         00000000773bf2e0 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\notepad.exe[9068] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                       00000000773e9a30 7 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\notepad.exe[9068] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                       00000000773f94c0 5 bytes JMP 000000016fff0148
.text     C:\Windows\system32\notepad.exe[9068] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                00000000774187e0 7 bytes JMP 000000016fff01f0
.text     C:\Windows\system32\notepad.exe[9068] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                 000007fefd5b2db0 5 bytes JMP 000007fffd5a0180
.text     C:\Windows\system32\notepad.exe[9068] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                            000007fefd5b37d0 7 bytes JMP 000007fffd5a00d8
.text     C:\Windows\system32\notepad.exe[9068] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                              000007fefd5b8ef0 6 bytes JMP 000007fffd5a0148
.text     C:\Windows\system32\notepad.exe[9068] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                          000007fefd5caf60 5 bytes JMP 000007fffd5a0110
.text     C:\Windows\system32\notepad.exe[9068] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                           000007fefe9289f0 8 bytes JMP 000007fffd5a01f0
.text     C:\Windows\system32\notepad.exe[9068] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                         000007fefe92be50 8 bytes JMP 000007fffd5a01b8
.text     C:\Windows\system32\notepad.exe[4208] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                000000007738a400 7 bytes JMP 000000016fff0228
.text     C:\Windows\system32\notepad.exe[4208] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                              0000000077393f20 5 bytes JMP 000000016fff0180
.text     C:\Windows\system32\notepad.exe[4208] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                               00000000773affb0 5 bytes JMP 000000016fff01b8
.text     C:\Windows\system32\notepad.exe[4208] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                         00000000773bf2e0 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\notepad.exe[4208] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                       00000000773e9a30 7 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\notepad.exe[4208] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                       00000000773f94c0 5 bytes JMP 000000016fff0148
.text     C:\Windows\system32\notepad.exe[4208] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                00000000774187e0 7 bytes JMP 000000016fff01f0
.text     C:\Windows\system32\notepad.exe[4208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                 000007fefd5b2db0 5 bytes JMP 000007fffd5a0180
.text     C:\Windows\system32\notepad.exe[4208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                            000007fefd5b37d0 7 bytes JMP 000007fffd5a00d8
.text     C:\Windows\system32\notepad.exe[4208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                              000007fefd5b8ef0 6 bytes JMP 000007fffd5a0148
.text     C:\Windows\system32\notepad.exe[4208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                          000007fefd5caf60 5 bytes JMP 000007fffd5a0110
.text     C:\Windows\system32\notepad.exe[4208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                           000007fefe9289f0 8 bytes JMP 000007fffd5a01f0
.text     C:\Windows\system32\notepad.exe[4208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                         000007fefe92be50 8 bytes JMP 000007fffd5a01b8
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                      0000000076c51f0e 7 bytes JMP 000000016e714b10
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                        0000000076c55bad 7 bytes JMP 000000016e7154b0
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                        0000000076c61409 7 bytes JMP 000000016e714e50
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                       0000000076c6ea45 7 bytes JMP 000000016e714b00
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                               0000000076cf8e24 7 bytes JMP 000000016e7145c0
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                               0000000076cf8ea9 5 bytes JMP 000000016e714670
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                 0000000076cf91ff 5 bytes JMP 000000016e7145d0
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                    0000000076331d29 5 bytes JMP 000000016e714580
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                  0000000076331dd7 5 bytes JMP 000000016e714540
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                      0000000076332ab1 5 bytes JMP 000000016e714680
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                         0000000076332d17 5 bytes JMP 000000016e714360
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                 000000007639e96b 5 bytes JMP 000000016e713b60
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                   000000007639eba5 5 bytes JMP 000000016e713b80
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                         0000000076e98a29 5 bytes JMP 000000016e713a40
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                     0000000076ea4572 5 bytes JMP 000000016e7142e0
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                     0000000076ebe567 5 bytes JMP 000000016e714350
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                0000000076ee07d7 5 bytes JMP 000000016e713850
.text     C:\Users\Lasiandra\Desktop\knd370g8.exe[8772] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                              0000000076ef7a5c 5 bytes JMP 000000016e7142d0

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c809376116d                                                          
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c809376116d@3c438e479087                                             0x0B 0x8A 0x12 0xA4 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c809376116d (not active ControlSet)                                      
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c809376116d@3c438e479087                                                 0x0B 0x8A 0x12 0xA4 ...

---- EOF - GMER 2.1 ----

Addition.txt und FRST.txt kommen im Anhang, da es nicht mehr in den Post gepasst hat :/

Vielen Dank!
Lg. Lisa

schrauber · 30.11.2014, 17:30

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Lasiandra · 30.11.2014, 19:57

Hallo!

Danke für die schnelle Rückmeldung und sorry!

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by Lasiandra at 2014-11-30 16:39:54
Running from C:\Users\Lasiandra\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-401477656-623239201-3160907625-1000\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BisonCam (HKLM-x32\...\{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}) (Version:  - BisonCam)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP260 series Benutzerregistrierung (HKLM-x32\...\Canon MP260 series Benutzerregistrierung) (Version:  - )
Canon MP260 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP260_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
ChiconyCam (HKLM-x32\...\{A2201542-DA80-457F-8BD9-6C9C90196481}) (Version: 1.0.45.1213 - Chicony Electronics Co.,Ltd.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.2.16.10 - Electronic Arts Inc.)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ETDWare PS/2-X64 10.5.2.0 (HKLM\...\Elantech) (Version: 10.5.2.0 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotkey 6.0027 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 6.0027 - NoteBook)
Hotkey 6.0027 (x32 Version: 6.0027 - NoteBook) Hidden
HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 14.0.14176.1823 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6600 Hilfe (HKLM-x32\...\{C818BA3A-226F-4ED0-9CEF-96A0DF300211}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Icecream Ebook Reader Version 1.41 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 1.41 - Icecream Apps)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{077BF055-512A-4D48-B3C2-44AD860FEB0A}) (Version: 1.3.0.0621 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.9 - Design Science, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27012 - Realtek Semiconductor Corp.)
Saboteur™ (HKLM-x32\...\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}) (Version: 1.0.0.0 - Electronic Arts)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
THX TruStudio Pro (HKLM-x32\...\{82F99DC9-389A-4528-940C-88248731A620}) (Version: TAMB-CVS1D-1-LB R07 - Creative Technology Limited)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebCam Installer (HKLM-x32\...\InstallShield_{2A14D7BC-1876-4B38-830B-18856C27F550}) (Version: 4.04 - WebCam)
WebCam Installer (x32 Version: 4.04 - WebCam) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinSCP 5.5.5 (HKLM-x32\...\winscp3_is1) (Version: 5.5.5 - Martin Prikryl)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-11-2014 08:47:59 Windows Update
26-11-2014 13:07:28 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16F7F9A8-87BE-4B6B-9792-B2D44AA58093} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {36FF69CB-7424-451D-8BBE-E8CD4E731510} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {4059127E-2B1F-4441-B35B-5BACFDC7550D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {5B34A45A-5856-47C7-BFF9-188BEB72A9DB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {62429A86-47D7-411D-B6D9-F5973EBFEF3A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {661F5E0C-E820-4AE0-8E90-F1C320F9394C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {92BA6C48-9418-487D-AF13-1B8EC6C7F2CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-14] (Google Inc.)
Task: {A7A0B80C-E294-4A6F-983A-3355D4BFD91E} - System32\Tasks\hpUrlLauncher.exe_{F54BDABB-514B-4FF0-8653-3A9881A512E5} => C:\Program Files\HP\HP Officejet 6600\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B00E52C7-AC52-406E-A908-BC0F21CAFAC1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LisaLaptop-Lasiandra LisaLaptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-10-07] (Microsoft Corporation)
Task: {B6866F2C-1391-458D-ADAA-E895CF07C18C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {CD596235-C8D2-4738-B4ED-B2B1522AD11E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {D6EC24E2-6BF2-4B2E-A61E-E9283C5C893A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {F1F49C66-00A9-46D8-82C2-25491EAE4D01} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FDF7F5AA-7D6B-489C-80D6-A72FFE3ECD60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-14] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-11-01 11:58 - 2011-11-01 11:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-09-23 11:47 - 2014-09-11 07:06 - 00020240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2014-10-24 13:26 - 2014-11-04 01:04 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-09-14 16:12 - 2014-11-03 23:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-10 11:14 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-09-14 16:03 - 2012-01-05 10:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-01 11:58 - 2011-11-01 11:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-09-14 16:55 - 2010-11-12 11:38 - 00241152 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2012-02-09 14:21 - 2012-02-09 14:21 - 04727296 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2011-02-18 14:57 - 2011-02-18 14:57 - 00035328 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2014-09-25 19:44 - 2014-09-25 19:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-11-22 18:02 - 2014-11-22 18:02 - 00393376 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream64.dll
2014-11-22 18:02 - 2014-11-22 18:03 - 02210480 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll
2014-11-22 18:04 - 2014-10-14 19:25 - 01428128 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2014-10-24 13:26 - 2014-11-04 01:04 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2009-06-06 13:50 - 2009-06-06 13:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
2014-10-17 09:11 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-17 09:11 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-10-17 09:11 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-17 09:11 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-10-17 09:11 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-16 20:05 - 2014-10-16 20:05 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2014-09-14 16:53 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-09-14 16:40 - 2012-01-20 04:23 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-11-26 14:04 - 2014-11-25 07:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-26 14:04 - 2014-11-25 07:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-26 14:04 - 2014-11-25 07:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 14:04 - 2014-11-25 07:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: PDF Architect 2 => 3
MSCONFIG\Services: pdfforge CrashHandler => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupfolder: C:^Users^Lasiandra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk => C:\Windows\pss\An OneNote senden.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lasiandra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lasiandra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Officejet 6600 (NET) => "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN25O2G0RT05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-401477656-623239201-3160907625-500 - Administrator - Disabled)
Gast (S-1-5-21-401477656-623239201-3160907625-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-401477656-623239201-3160907625-1003 - Limited - Enabled)
Lasiandra (S-1-5-21-401477656-623239201-3160907625-1000 - Administrator - Enabled) => C:\Users\Lasiandra

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/29/2014 06:07:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 07:23:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 02:22:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 10:18:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2014 07:08:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2014 11:22:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 08:59:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 07:44:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 02:37:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 11:12:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/30/2014 02:47:20 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error: (11/30/2014 02:47:19 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error: (11/30/2014 02:47:18 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error: (11/30/2014 02:47:17 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers,
der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an
der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error: (11/30/2014 06:31:57 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/29/2014 06:06:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/29/2014 06:06:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (11/29/2014 06:06:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Solutions Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/29/2014 06:06:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Support Solutions Framework Service erreicht.

Error: (11/28/2014 10:07:39 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0


Microsoft Office Sessions:
=========================
Error: (11/29/2014 06:07:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 07:23:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 02:22:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2014 10:18:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2014 07:08:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2014 11:22:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 08:59:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 07:44:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 02:37:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 11:12:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 3990.58 MB
Available physical RAM: 1784.42 MB
Total Pagefile: 7979.34 MB
Available Pagefile: 5020.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:681.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 000F266F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Lasiandra (administrator) on LISALAPTOP on 30-11-2014 16:39:02
Running from C:\Users\Lasiandra\Desktop
Loaded Profile: Lasiandra (Available profiles: Lasiandra)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Chicony) C:\Program Files (x86)\ChiconyCam\CECAPLF.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2776360 2011-12-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel(R) Corporation)
HKLM\...\Run: [CECAPLF] => C:\Program Files (x86)\ChiconyCam\CECAPLF.exe [121456 2010-09-17] (Chicony)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [WinSATRestorePower] => powercfg -setactive 381b4222-f694-41f0-9685-ff5bb260df2e $ÿ    
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-401477656-623239201-3160907625-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-401477656-623239201-3160907625-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-401477656-623239201-3160907625-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-401477656-623239201-3160907625-1000\...\MountPoints2: {17fe89a7-3c32-11e4-a565-0090f5ccba70} - F:\SaboteurLauncher.exe
HKU\S-1-5-21-401477656-623239201-3160907625-1000\...\MountPoints2: {b33e5039-3e73-11e4-adf9-0090f5ccba70} - E:\Setup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-11-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-15]

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-14]
CHR Extension: (Silverlight for Chrome) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\abblgjadmiiofjfapckdfdbblhkpomao [2014-11-23]
CHR Extension: (Google Docs) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-14]
CHR Extension: (Google Drive) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]
CHR Extension: (YouTube) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-14]
CHR Extension: (Google-Suche) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-14]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-09-15]
CHR Extension: (Google Tabellen) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-14]
CHR Extension: (Avira Browserschutz) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-15]
CHR Extension: (Totoro Rainy Day) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff [2014-09-14]
CHR Extension: (Google Wallet) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-14]
CHR Extension: (Google Mail) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-11-14] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1355840 2011-11-14] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-11-14] (Intel Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-16] (NVIDIA Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-16] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-12] (Electronic Arts)
S4 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2011-02-18] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-14] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-10-16] (NVIDIA Corporation)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 NTGUARD; \??\C:\Program Files (x86)\IKARUS\anti.virus\bin\NTGUARD_X64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 16:39 - 2014-11-30 16:39 - 00021143 _____ () C:\Users\Lasiandra\Desktop\FRST.txt
2014-11-30 16:38 - 2014-11-30 16:39 - 00000000 ____D () C:\FRST
2014-11-30 16:38 - 2014-11-30 16:38 - 02117632 _____ (Farbar) C:\Users\Lasiandra\Desktop\FRST64.exe
2014-11-30 16:37 - 2014-11-30 16:37 - 00000480 _____ () C:\Users\Lasiandra\Desktop\defogger_disable.log
2014-11-30 16:37 - 2014-11-30 16:37 - 00000000 _____ () C:\Users\Lasiandra\defogger_reenable
2014-11-30 16:36 - 2014-11-30 16:36 - 00050477 _____ () C:\Users\Lasiandra\Desktop\Defogger.exe
2014-11-26 14:37 - 2014-11-26 19:41 - 00000734 _____ () C:\Windows\PFRO.log
2014-11-26 11:59 - 2014-11-29 21:16 - 00005160 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LisaLaptop-Lasiandra LisaLaptop
2014-11-26 11:27 - 2014-11-26 11:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-26 11:27 - 2014-11-26 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-26 11:27 - 2014-11-26 11:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-26 11:27 - 2014-11-26 11:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-26 11:27 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-26 11:27 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-26 11:27 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-26 09:16 - 2014-11-26 09:16 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-11-26 08:56 - 2014-11-29 18:06 - 00001848 _____ () C:\Windows\setupact.log
2014-11-26 08:56 - 2014-11-26 08:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-25 21:45 - 2014-11-25 21:45 - 00000000 ____D () C:\Windows\SysWOW64\IPM
2014-11-23 21:59 - 2014-11-23 21:59 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-23 20:19 - 2014-11-23 20:19 - 00000000 __SHD () C:\Users\Lasiandra\AppData\Local\EmieBrowserModeList
2014-11-20 10:48 - 2014-11-26 09:40 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\DVDVideoSoft
2014-11-19 08:53 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 08:53 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 08:53 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 08:53 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 15:04 - 2014-11-18 15:04 - 00000000 ____D () C:\Users\Lasiandra\Documents\OneNote-Notizbücher
2014-11-12 09:19 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 09:19 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 09:19 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 09:19 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 09:19 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 09:19 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 09:19 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 09:19 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 09:19 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 09:19 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 09:19 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 09:19 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 09:18 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 09:18 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 09:18 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 09:18 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 09:18 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 09:18 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 09:18 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 09:18 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 09:18 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 09:18 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 09:18 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 09:18 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 09:18 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 09:18 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 09:18 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 09:18 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 09:18 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 09:18 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 09:18 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 09:18 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 09:18 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 09:18 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 09:18 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 09:18 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 09:18 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 09:18 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 09:18 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 09:18 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 09:18 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 09:18 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 09:18 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 09:18 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 09:18 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 09:18 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 09:18 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 09:18 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 09:18 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 09:18 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 09:18 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 09:18 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 09:18 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 09:18 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 09:18 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 09:18 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 09:18 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 09:18 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 09:18 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 09:18 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 09:18 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 09:18 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 09:18 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 09:18 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 09:18 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 09:18 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 09:18 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 09:18 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 09:18 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 09:18 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 09:18 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 09:18 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 09:17 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 09:17 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 09:17 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 09:17 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 09:17 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 09:17 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 09:17 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 09:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 09:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 09:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 09:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 09:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 09:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 09:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 09:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 09:17 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 09:17 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 11:33 - 2014-11-11 11:33 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-11-11 11:33 - 2014-11-11 11:33 - 00000000 ____D () C:\Windows\system32\NV
2014-11-11 11:31 - 2014-11-04 01:04 - 31891784 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 24555208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 20985544 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 20923712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 18514080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 17259848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 14031448 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 13943904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 13207184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-11 11:31 - 2014-11-04 01:04 - 11397208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 11335408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 04289168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 02849736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434465.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434465.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00962704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00922256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00898192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00032576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-11-10 22:22 - 2014-11-10 22:22 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\Blizzard
2014-11-10 21:33 - 2014-11-10 22:23 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-11-10 21:33 - 2014-11-10 21:33 - 00001155 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-11-10 21:33 - 2014-11-10 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-11-10 21:27 - 2014-11-22 22:40 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\Battle.net
2014-11-10 21:27 - 2014-11-10 21:33 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\Battle.net
2014-11-10 21:27 - 2014-11-10 21:27 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\Blizzard Entertainment
2014-11-10 21:26 - 2014-11-18 22:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-10 21:26 - 2014-11-10 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-11-10 21:26 - 2014-11-10 21:27 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-11-10 21:23 - 2014-11-10 21:23 - 00000000 ____D () C:\ProgramData\Battle.net
2014-11-01 22:01 - 2014-11-01 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-01 22:01 - 2014-11-01 22:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-01 22:01 - 2014-11-01 22:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 16:37 - 2014-09-14 15:57 - 00000000 ____D () C:\Users\Lasiandra
2014-11-30 16:00 - 2014-09-14 17:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 16:00 - 2014-09-14 17:42 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 15:20 - 2014-09-14 15:40 - 01375680 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 18:16 - 2009-07-14 05:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-29 18:16 - 2009-07-14 05:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-29 18:13 - 2011-03-08 12:15 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2014-11-29 18:13 - 2011-03-08 12:15 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2014-11-29 18:13 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-29 18:08 - 2014-10-28 16:42 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-29 18:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-28 00:00 - 2014-09-26 20:12 - 00000600 _____ () C:\Users\Lasiandra\AppData\Roaming\winscp.rnd
2014-11-27 22:33 - 2014-09-23 11:47 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\TeamViewer
2014-11-26 20:52 - 2014-09-14 20:09 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\Skype
2014-11-26 12:00 - 2014-09-15 16:43 - 00000000 ____D () C:\Users\Lasiandra\Documents\Rezepte
2014-11-25 21:42 - 2014-10-17 09:11 - 00000000 ____D () C:\Windows\pss
2014-11-22 18:31 - 2014-10-10 11:14 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-19 13:21 - 2014-09-18 18:56 - 00000000 ____D () C:\Users\Lasiandra\Documents\Uni-Arbeit
2014-11-16 15:55 - 2014-09-14 17:42 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 15:55 - 2014-09-14 17:42 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 18:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 21:36 - 2014-10-17 09:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-12 21:35 - 2014-09-17 16:51 - 00001338 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-11-12 21:28 - 2014-09-17 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-12 21:28 - 2014-09-17 15:36 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-12 21:28 - 2014-09-17 14:51 - 00000000 ____D () C:\ProgramData\Origin
2014-11-12 13:08 - 2014-09-15 16:43 - 00000000 ____D () C:\Users\Lasiandra\Documents\Pers.Ass
2014-11-12 12:06 - 2009-07-14 05:45 - 00457016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 12:05 - 2014-09-14 22:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 09:56 - 2014-09-14 19:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 09:51 - 2014-09-14 19:24 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 11:33 - 2014-09-14 16:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-11 09:50 - 2014-10-24 13:30 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\NVIDIA
2014-11-11 09:49 - 2014-10-24 13:30 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\NVIDIA Corporation
2014-11-07 21:11 - 2014-09-15 19:08 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\vlc
2014-11-07 19:03 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-06 15:24 - 2014-09-15 18:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-06 15:24 - 2014-09-15 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-06 15:24 - 2014-09-15 17:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-04 01:04 - 2014-10-24 13:26 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-04 01:04 - 2014-10-24 13:26 - 00870624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-04 01:04 - 2014-09-14 16:12 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-04 01:04 - 2014-09-14 16:11 - 00987520 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-04 01:04 - 2014-09-14 16:11 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-04 01:04 - 2014-09-14 16:11 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-04 01:04 - 2014-09-14 16:10 - 03238040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 06882448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 03531464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 01091216 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 00935232 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-03 23:02 - 2014-09-14 16:12 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-03 16:17 - 2014-09-22 10:13 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\HpUpdate
2014-11-03 12:58 - 2014-09-14 16:12 - 04099264 _____ () C:\Windows\system32\nvcoproc.bin

Some content of TEMP:
====================
C:\Users\Lasiandra\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 11:56

==================== End Of Log ============================

--- --- ---

Hoffe meine Logs sind damit komplett!

schrauber · 01.12.2014, 19:19

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Lasiandra · 01.12.2014, 20:38

Hallo!

Hab alles so ausgeführt, wie von dir beschrieben. Musste aber den Mauszeiger bewegen, da ich auf den Standby meines Lappis vergessen hatte -.-"
Sollte ich das Combofix erneut anwerfen?

Hier mal der Log:

Code:

ATTFilter

ComboFix 14-12-01.01 - Lasiandra 01.12.2014  20:17:05.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3991.2548 [GMT 1:00]
ausgeführt von:: c:\users\Lasiandra\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\LASIAN~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Lasiandra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-11-01 bis 2014-12-01  ))))))))))))))))))))))))))))))
.
.
2014-12-01 19:22 . 2014-12-01 19:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-30 15:38 . 2014-11-30 15:40	--------	d-----w-	C:\FRST
2014-11-26 10:27 . 2014-11-26 10:27	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-26 10:27 . 2014-11-26 10:27	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-11-26 10:27 . 2014-11-26 10:27	--------	d-----w-	c:\programdata\Malwarebytes
2014-11-26 10:27 . 2014-10-01 10:11	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-26 10:27 . 2014-10-01 10:11	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-11-26 10:27 . 2014-10-01 10:11	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-11-26 08:16 . 2014-11-26 08:16	51496	----a-w-	c:\windows\system32\drivers\stflt.sys
2014-11-25 20:45 . 2014-11-25 20:45	--------	d-----w-	c:\windows\SysWow64\IPM
2014-11-23 19:19 . 2014-11-23 19:19	--------	d-sh--w-	c:\users\Lasiandra\AppData\Local\EmieBrowserModeList
2014-11-20 09:48 . 2014-11-26 08:40	--------	d-----w-	c:\users\Lasiandra\AppData\Roaming\DVDVideoSoft
2014-11-19 07:53 . 2014-11-11 03:08	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-19 07:53 . 2014-11-11 03:08	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-19 07:53 . 2014-11-11 02:44	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-19 07:53 . 2014-11-11 02:44	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-12 08:19 . 2014-11-05 17:56	304640	----a-w-	c:\windows\system32\generaltel.dll
2014-11-12 08:19 . 2014-11-05 17:56	228864	----a-w-	c:\windows\system32\aepdu.dll
2014-11-12 08:19 . 2014-11-05 17:52	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-11-12 08:19 . 2014-10-14 02:16	155064	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 08:19 . 2014-10-14 02:13	683520	----a-w-	c:\windows\system32\termsrv.dll
2014-11-12 08:19 . 2014-10-14 02:07	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-11-12 08:19 . 2014-10-14 01:46	681984	----a-w-	c:\windows\SysWow64\adtschema.dll
2014-11-12 08:19 . 2014-10-14 02:12	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-11-12 08:19 . 2014-10-14 02:09	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-11-12 08:19 . 2014-10-14 01:50	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-11-12 08:19 . 2014-10-14 01:49	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-11-12 08:19 . 2014-10-14 01:47	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2014-11-12 08:17 . 2014-10-03 02:12	500224	----a-w-	c:\windows\system32\AUDIOKSE.dll
2014-11-11 10:33 . 2014-11-11 10:33	--------	d-----w-	c:\windows\SysWow64\NV
2014-11-11 10:33 . 2014-11-11 10:33	--------	d-----w-	c:\windows\system32\NV
2014-11-10 21:22 . 2014-11-10 21:22	--------	d-----w-	c:\users\Lasiandra\AppData\Local\Blizzard
2014-11-10 20:33 . 2014-11-10 21:23	--------	d-----w-	c:\program files (x86)\Hearthstone
2014-11-10 20:27 . 2014-11-10 20:27	--------	d-----w-	c:\users\Lasiandra\AppData\Local\Blizzard Entertainment
2014-11-10 20:27 . 2014-11-22 21:40	--------	d-----w-	c:\users\Lasiandra\AppData\Local\Battle.net
2014-11-10 20:27 . 2014-11-10 20:33	--------	d-----w-	c:\users\Lasiandra\AppData\Roaming\Battle.net
2014-11-10 20:26 . 2014-11-18 21:38	--------	d-----w-	c:\program files (x86)\Battle.net
2014-11-10 20:26 . 2014-11-10 20:33	--------	d-----w-	c:\program files (x86)\Common Files\Blizzard Entertainment
2014-11-10 20:26 . 2014-11-10 20:27	--------	d-----w-	c:\programdata\Blizzard Entertainment
2014-11-10 20:23 . 2014-11-10 20:23	--------	d-----w-	c:\programdata\Battle.net
2014-11-09 12:09 . 2009-07-14 01:41	101376	----a-w-	c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2014-11-01 21:01 . 2014-11-01 21:01	--------	d-----w-	c:\program files\Microsoft Silverlight
2014-11-01 21:01 . 2014-11-01 21:01	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-01 09:59 . 2014-09-15 06:36	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2014-11-12 08:51 . 2014-09-14 18:24	103374192	----a-w-	c:\windows\system32\MRT.exe
2014-11-04 00:04 . 2014-10-24 12:26	870624	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2014-11-04 00:04 . 2014-10-24 12:26	16884632	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-11-04 00:04 . 2014-09-14 15:11	987520	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-11-04 00:04 . 2014-09-14 15:11	174856	----a-w-	c:\windows\system32\nvinitx.dll
2014-11-04 00:04 . 2014-09-14 15:11	156840	----a-w-	c:\windows\SysWow64\nvinit.dll
2014-11-04 00:04 . 2014-09-14 15:10	3238040	----a-w-	c:\windows\system32\nvapi64.dll
2014-11-03 22:02 . 2014-09-14 15:12	6882448	----a-w-	c:\windows\system32\nvcpl.dll
2014-11-03 22:02 . 2014-09-14 15:12	3531464	----a-w-	c:\windows\system32\nvsvc64.dll
2014-11-03 22:02 . 2014-09-14 15:12	935232	----a-w-	c:\windows\system32\nvvsvc.exe
2014-11-03 22:02 . 2014-09-14 15:12	67072	----a-w-	c:\windows\system32\nv3dappshextr.dll
2014-11-03 22:02 . 2014-09-14 15:12	61640	----a-w-	c:\windows\system32\nvshext.dll
2014-11-03 22:02 . 2014-09-14 15:12	385352	----a-w-	c:\windows\system32\nvmctray.dll
2014-11-03 22:02 . 2014-09-14 15:12	2558792	----a-w-	c:\windows\system32\nvsvcr.dll
2014-11-03 22:02 . 2014-09-14 15:12	1091216	----a-w-	c:\windows\system32\nv3dappshext.dll
2014-11-03 11:58 . 2014-09-14 15:12	4099264	----a-w-	c:\windows\system32\nvcoproc.bin
2014-10-16 16:54 . 2014-10-24 12:30	2800296	----a-w-	c:\windows\system32\nvspcap64.dll
2014-10-16 16:54 . 2014-10-24 12:30	1715224	----a-w-	c:\windows\system32\nvspbridge64.dll
2014-10-16 16:54 . 2014-10-24 12:30	2197680	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-10-16 16:54 . 2014-10-24 12:30	1291280	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2014-10-16 16:54 . 2014-10-24 12:26	38048	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2014-10-16 16:54 . 2014-10-24 12:26	34976	----a-w-	c:\windows\system32\nvaudcap64v.dll
2014-10-16 16:54 . 2014-10-24 12:26	32416	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2014-10-16 16:54 . 2014-10-24 12:26	1876296	----a-w-	c:\windows\system32\nvdispco6434448.dll
2014-10-16 16:54 . 2014-10-24 12:26	1539272	----a-w-	c:\windows\system32\nvdispgenco6434448.dll
2014-10-14 09:20 . 2014-09-15 17:03	43064	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-10-14 09:20 . 2014-09-15 16:59	131608	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-10-14 09:20 . 2014-09-15 16:59	119272	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-10-07 15:23 . 2014-10-10 10:20	851664	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-09-25 02:08 . 2014-10-01 08:07	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 08:07	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-15 06:51 . 2012-07-17 12:37	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-14 22:57 . 2014-09-14 22:57	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-09-14 22:57 . 2014-09-14 22:57	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-09-14 22:57 . 2014-09-14 22:57	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2014-09-14 22:57 . 2014-09-14 22:57	235008	----a-w-	c:\windows\system32\elshyph.dll
2014-09-14 22:57 . 2014-09-14 22:57	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2014-09-14 22:57 . 2014-09-14 22:57	942592	----a-w-	c:\windows\system32\jsIntl.dll
2014-09-14 22:57 . 2014-09-14 22:57	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-09-14 22:57 . 2014-09-14 22:57	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-09-14 22:57 . 2014-09-14 22:57	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-09-14 22:57 . 2014-09-14 22:57	81408	----a-w-	c:\windows\system32\icardie.dll
2014-09-14 22:57 . 2014-09-14 22:57	774144	----a-w-	c:\windows\system32\jscript.dll
2014-09-14 22:57 . 2014-09-14 22:57	77312	----a-w-	c:\windows\system32\tdc.ocx
2014-09-14 22:57 . 2014-09-14 22:57	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2014-09-14 22:57 . 2014-09-14 22:57	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2014-09-14 22:57 . 2014-09-14 22:57	62464	----a-w-	c:\windows\system32\pngfilt.dll
2014-09-14 22:57 . 2014-09-14 22:57	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2014-09-14 22:57 . 2014-09-14 22:57	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-09-14 22:57 . 2014-09-14 22:57	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2014-09-14 22:57 . 2014-09-14 22:57	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-09-14 22:57 . 2014-09-14 22:57	48128	----a-w-	c:\windows\system32\imgutil.dll
2014-09-14 22:57 . 2014-09-14 22:57	413696	----a-w-	c:\windows\system32\html.iec
2014-09-14 22:57 . 2014-09-14 22:57	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2014-09-14 22:57 . 2014-09-14 22:57	337408	----a-w-	c:\windows\SysWow64\html.iec
2014-09-14 22:57 . 2014-09-14 22:57	30208	----a-w-	c:\windows\system32\licmgr10.dll
2014-09-14 22:57 . 2014-09-14 22:57	247808	----a-w-	c:\windows\system32\msls31.dll
2014-09-14 22:57 . 2014-09-14 22:57	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2014-09-14 22:57 . 2014-09-14 22:57	243200	----a-w-	c:\windows\system32\webcheck.dll
2014-09-14 22:57 . 2014-09-14 22:57	235520	----a-w-	c:\windows\system32\url.dll
2014-09-14 22:57 . 2014-09-14 22:57	167424	----a-w-	c:\windows\system32\iexpress.exe
2014-09-14 22:57 . 2014-09-14 22:57	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2014-09-14 22:57 . 2014-09-14 22:57	147968	----a-w-	c:\windows\system32\occache.dll
2014-09-14 22:57 . 2014-09-14 22:57	143872	----a-w-	c:\windows\system32\wextract.exe
2014-09-14 22:57 . 2014-09-14 22:57	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2014-09-14 22:57 . 2014-09-14 22:57	13824	----a-w-	c:\windows\system32\mshta.exe
2014-09-14 22:57 . 2014-09-14 22:57	135680	----a-w-	c:\windows\system32\iepeers.dll
2014-09-14 22:57 . 2014-09-14 22:57	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2014-09-14 22:57 . 2014-09-14 22:57	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2014-09-14 22:57 . 2014-09-14 22:57	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-09-14 22:57 . 2014-09-14 22:57	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2014-09-14 22:57 . 2014-09-14 22:57	105984	----a-w-	c:\windows\system32\iesysprep.dll
2014-09-14 22:57 . 2014-09-14 22:57	101376	----a-w-	c:\windows\system32\inseng.dll
2014-09-14 22:55 . 2014-09-14 22:55	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2014-09-14 22:55 . 2014-09-14 22:55	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2014-09-14 22:55 . 2014-09-14 22:55	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2014-09-14 22:55 . 2014-09-14 22:55	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2014-09-14 22:55 . 2014-09-14 22:55	363008	----a-w-	c:\windows\system32\dxgi.dll
2014-09-14 22:55 . 2014-09-14 22:55	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2014-09-14 22:55 . 2014-09-14 22:55	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	296960	----a-w-	c:\windows\system32\d3d10core.dll
2014-09-14 22:55 . 2014-09-14 22:55	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2014-09-14 22:55 . 2014-09-14 22:55	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-09-14 22:55 . 2014-09-14 22:55	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2014-09-14 22:55 . 2014-09-14 22:55	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-10-14 16:29	1729752	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-10-14 16:29	1729752	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-10-14 16:29	1729752	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-06-24 4566952]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-13 703736]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-10-22 124208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2012-2-9 4727296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTGUARD]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NTGUARD;NTGUARD;c:\program files (x86)\IKARUS\anti.virus\bin\NTGUARD_X64.SYS;c:\program files (x86)\IKARUS\anti.virus\bin\NTGUARD_X64.SYS [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R4 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys;c:\windows\SYSNATIVE\drivers\VMfilt64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 13:01	1087304	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-14 16:42]
.
2014-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-14 16:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-10-14 18:27	2334928	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-10-14 18:27	2334928	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-10-14 18:27	2334928	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-12 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-12 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-12 440600]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"CECAPLF"="c:\program files (x86)\ChiconyCam\CECAPLF.exe" [2010-09-17 121456]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-11-14 10358784]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 3100440]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-10-16 2462536]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-10-16 2800296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
Trusted Zone: sharepoint.com\unigraz
Trusted Zone: sharepoint.com\unigraz-my
TCP: DhcpNameServer = 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-01  20:28:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-12-01 19:28
.
Vor Suchlauf: 9 Verzeichnis(se), 731.880.194.048 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 731.336.212.480 Bytes frei
.
- - End Of File - - 14D65AC275B5459F539EF41D2F7119DD

Danke und schönen Abend!

schrauber · 02.12.2014, 17:40

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Lasiandra · 02.12.2014, 19:54

Hello again!
Also danke erstmal, dass du dich so gut um mich kümmerst

. Wie hab ich mir das denn bitte eingefangen? -.-"

Hier nun meine Logs.
Ich habe am 26.11. schon mal mit Malwarebytes eine Überprüfung gemacht. Hab das Log nun auch angehängt ("mbam_alt").

mbam_alt.txt:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.12.2014
Suchlauf-Zeit: 19:03:48
Logdatei: mbam_alt.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.12.02.06
Rootkit Datenbank: v2014.12.02.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lasiandra

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 328388
Verstrichene Zeit: 17 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

mbam.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.12.2014
Suchlauf-Zeit: 19:03:48
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.12.02.06
Rootkit Datenbank: v2014.12.02.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lasiandra

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 328388
Verstrichene Zeit: 17 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

AdwCleaner

Code:

ATTFilter

# AdwCleaner v4.103 - Bericht erstellt am 02/12/2014 um 19:33:34
# Aktualisiert 01/12/2014 von Xplode
# Database : 2014-12-01.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Lasiandra - LISALAPTOP
# Gestartet von : C:\Users\Lasiandra\Desktop\AdwCleaner_4.103.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Lasiandra\AppData\Roaming\pdfforge

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v39.0.2171.71


*************************

AdwCleaner[R0].txt - [1174 octets] - [02/12/2014 19:31:41]
AdwCleaner[S0].txt - [1049 octets] - [02/12/2014 19:33:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1109 octets] ##########

JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lasiandra on 02.12.2014 at 19:40:21,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.12.2014 at 19:44:07,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Bis jetzt hat sich noch kein neues Werbe-Tab geöffnet. Ich werde das weiter im Auge behalten. Vl. war das jetzt ja das Ende?

Zitat:

Zitat von Lasiandra

Bis jetzt hat sich noch kein neues Werbe-Tab geöffnet. Ich werde das weiter im Auge behalten. Vl. war das jetzt ja das Ende?

- ich habs verschrien; beim Absenden des Posts haben sich wieder zwei geöffnet

ups: FRST vergessen:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by Lasiandra (administrator) on LISALAPTOP on 02-12-2014 19:46:54
Running from C:\Users\Lasiandra\Desktop\Forum
Loaded Profile: Lasiandra (Available profiles: Lasiandra)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Chicony) C:\Program Files (x86)\ChiconyCam\CECAPLF.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2776360 2011-12-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel(R) Corporation)
HKLM\...\Run: [CECAPLF] => C:\Program Files (x86)\ChiconyCam\CECAPLF.exe [121456 2010-09-17] (Chicony)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-401477656-623239201-3160907625-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-401477656-623239201-3160907625-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-401477656-623239201-3160907625-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2014-11-04] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-11-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-401477656-623239201-3160907625-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-401477656-623239201-3160907625-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-15]

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-14]
CHR Extension: (Silverlight for Chrome) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\abblgjadmiiofjfapckdfdbblhkpomao [2014-11-23]
CHR Extension: (Google Docs) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-14]
CHR Extension: (Google Drive) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]
CHR Extension: (YouTube) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-14]
CHR Extension: (Google-Suche) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-14]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-09-15]
CHR Extension: (Google Tabellen) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-14]
CHR Extension: (Avira Browserschutz) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-15]
CHR Extension: (Totoro Rainy Day) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff [2014-09-14]
CHR Extension: (Google Wallet) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-14]
CHR Extension: (Google Mail) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-11-14] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1355840 2011-11-14] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-11-14] (Intel Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-16] (NVIDIA Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-16] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-12] (Electronic Arts)
S4 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2011-02-18] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-14] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-10-16] (NVIDIA Corporation)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NTGUARD; \??\C:\Program Files (x86)\IKARUS\anti.virus\bin\NTGUARD_X64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-02 19:40 - 2014-12-02 19:40 - 00000000 ____D () C:\Windows\ERUNT
2014-12-02 19:31 - 2014-12-02 19:33 - 00000000 ____D () C:\AdwCleaner
2014-12-01 21:12 - 2014-12-02 19:46 - 00000000 ____D () C:\Users\Lasiandra\Desktop\Forum
2014-12-01 20:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-01 20:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-01 20:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-01 20:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-01 20:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-01 20:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-01 20:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-01 20:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-01 20:09 - 2014-12-01 20:29 - 00000000 ____D () C:\Qoobox
2014-12-01 20:08 - 2014-12-01 20:27 - 00000000 ____D () C:\Windows\erdnt
2014-12-01 10:59 - 2014-12-01 11:00 - 00000444 _____ () C:\Windows\LkmdfCoInst.log
2014-12-01 09:12 - 2014-12-01 21:52 - 00000000 ____D () C:\Users\Lasiandra\Desktop\Fertige Dokumente
2014-12-01 09:12 - 2014-12-01 11:33 - 00000000 ____D () C:\Users\Lasiandra\Desktop\pdf_fertig
2014-11-30 16:38 - 2014-12-02 19:46 - 00000000 ____D () C:\FRST
2014-11-30 16:37 - 2014-11-30 16:37 - 00000000 _____ () C:\Users\Lasiandra\defogger_reenable
2014-11-26 14:37 - 2014-12-02 19:34 - 00001600 _____ () C:\Windows\PFRO.log
2014-11-26 11:59 - 2014-12-02 19:38 - 00005160 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LisaLaptop-Lasiandra LisaLaptop
2014-11-26 11:27 - 2014-12-02 19:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-26 11:27 - 2014-11-26 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-26 11:27 - 2014-11-26 11:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-26 11:27 - 2014-11-26 11:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-26 11:27 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-26 11:27 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-26 11:27 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-26 09:16 - 2014-11-26 09:16 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-11-26 08:56 - 2014-12-02 19:36 - 00004057 _____ () C:\Windows\setupact.log
2014-11-26 08:56 - 2014-11-26 08:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-25 21:45 - 2014-11-25 21:45 - 00000000 ____D () C:\Windows\SysWOW64\IPM
2014-11-23 21:59 - 2014-11-23 21:59 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-23 20:19 - 2014-11-23 20:19 - 00000000 __SHD () C:\Users\Lasiandra\AppData\Local\EmieBrowserModeList
2014-11-20 10:48 - 2014-11-26 09:40 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\DVDVideoSoft
2014-11-19 08:53 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 08:53 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 08:53 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 08:53 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 15:04 - 2014-11-18 15:04 - 00000000 ____D () C:\Users\Lasiandra\Documents\OneNote-Notizbücher
2014-11-12 09:19 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 09:19 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 09:19 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 09:19 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 09:19 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 09:19 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 09:19 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 09:19 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 09:19 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 09:19 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 09:19 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 09:19 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 09:18 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 09:18 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 09:18 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 09:18 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 09:18 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 09:18 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 09:18 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 09:18 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 09:18 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 09:18 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 09:18 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 09:18 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 09:18 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 09:18 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 09:18 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 09:18 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 09:18 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 09:18 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 09:18 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 09:18 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 09:18 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 09:18 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 09:18 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 09:18 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 09:18 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 09:18 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 09:18 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 09:18 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 09:18 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 09:18 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 09:18 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 09:18 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 09:18 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 09:18 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 09:18 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 09:18 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 09:18 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 09:18 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 09:18 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 09:18 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 09:18 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 09:18 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 09:18 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 09:18 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 09:18 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 09:18 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 09:18 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 09:18 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 09:18 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 09:18 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 09:18 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 09:18 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 09:18 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 09:18 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 09:18 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 09:18 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 09:18 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 09:18 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 09:18 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 09:18 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 09:17 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 09:17 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 09:17 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 09:17 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 09:17 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 09:17 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 09:17 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 09:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 09:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 09:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 09:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 09:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 09:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 09:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 09:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 09:17 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 09:17 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 11:33 - 2014-11-11 11:33 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-11-11 11:33 - 2014-11-11 11:33 - 00000000 ____D () C:\Windows\system32\NV
2014-11-11 11:31 - 2014-11-04 01:04 - 31891784 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 24555208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 20985544 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 20923712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 18514080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 17259848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 14031448 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 13943904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 13207184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-11 11:31 - 2014-11-04 01:04 - 11397208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 11335408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 04289168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 02849736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434465.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434465.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00962704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00922256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00898192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00032576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-11-10 22:22 - 2014-11-10 22:22 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\Blizzard
2014-11-10 21:33 - 2014-11-10 22:23 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-11-10 21:33 - 2014-11-10 21:33 - 00001155 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-11-10 21:33 - 2014-11-10 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-11-10 21:27 - 2014-11-22 22:40 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\Battle.net
2014-11-10 21:27 - 2014-11-10 21:33 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\Battle.net
2014-11-10 21:27 - 2014-11-10 21:27 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\Blizzard Entertainment
2014-11-10 21:26 - 2014-11-18 22:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-10 21:26 - 2014-11-10 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-11-10 21:26 - 2014-11-10 21:27 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-11-10 21:23 - 2014-11-10 21:23 - 00000000 ____D () C:\ProgramData\Battle.net

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-02 19:44 - 2009-07-14 05:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-02 19:44 - 2009-07-14 05:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-02 19:41 - 2014-09-14 15:40 - 01530916 _____ () C:\Windows\WindowsUpdate.log
2014-12-02 19:37 - 2014-10-28 16:42 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-02 19:35 - 2014-09-14 17:42 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-02 19:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-02 19:05 - 2011-03-08 12:15 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2014-12-02 19:05 - 2011-03-08 12:15 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2014-12-02 19:05 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-02 19:00 - 2014-09-14 17:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-02 18:58 - 2014-09-18 18:56 - 00000000 ____D () C:\Users\Lasiandra\Documents\Uni-Arbeit
2014-12-02 15:35 - 2014-09-26 20:12 - 00000600 _____ () C:\Users\Lasiandra\AppData\Roaming\winscp.rnd
2014-12-01 20:29 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-01 20:24 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-01 11:04 - 2014-09-15 16:43 - 00000000 ____D () C:\Users\Lasiandra\Documents\Rezepte
2014-12-01 10:59 - 2014-09-15 07:36 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-11-30 16:37 - 2014-09-14 15:57 - 00000000 ____D () C:\Users\Lasiandra
2014-11-27 22:33 - 2014-09-23 11:47 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\TeamViewer
2014-11-26 20:52 - 2014-09-14 20:09 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\Skype
2014-11-25 21:42 - 2014-10-17 09:11 - 00000000 ____D () C:\Windows\pss
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-22 18:31 - 2014-10-10 11:14 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-16 15:55 - 2014-09-14 17:42 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 15:55 - 2014-09-14 17:42 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 18:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 21:36 - 2014-10-17 09:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-12 21:35 - 2014-09-17 16:51 - 00001338 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-11-12 21:28 - 2014-09-17 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-12 21:28 - 2014-09-17 15:36 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-12 21:28 - 2014-09-17 14:51 - 00000000 ____D () C:\ProgramData\Origin
2014-11-12 13:08 - 2014-09-15 16:43 - 00000000 ____D () C:\Users\Lasiandra\Documents\Pers.Ass
2014-11-12 12:06 - 2009-07-14 05:45 - 00457016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 12:05 - 2014-09-14 22:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 09:56 - 2014-09-14 19:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 09:51 - 2014-09-14 19:24 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 11:33 - 2014-09-14 16:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-11 09:50 - 2014-10-24 13:30 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\NVIDIA
2014-11-11 09:49 - 2014-10-24 13:30 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\NVIDIA Corporation
2014-11-07 21:11 - 2014-09-15 19:08 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\vlc
2014-11-07 19:03 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-06 15:24 - 2014-09-15 18:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-06 15:24 - 2014-09-15 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-06 15:24 - 2014-09-15 17:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-04 01:04 - 2014-10-24 13:26 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-04 01:04 - 2014-10-24 13:26 - 00870624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-04 01:04 - 2014-09-14 16:12 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-04 01:04 - 2014-09-14 16:11 - 00987520 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-04 01:04 - 2014-09-14 16:11 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-04 01:04 - 2014-09-14 16:11 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-04 01:04 - 2014-09-14 16:10 - 03238040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 06882448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 03531464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 01091216 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 00935232 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-03 23:02 - 2014-09-14 16:12 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-03 16:17 - 2014-09-22 10:13 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\HpUpdate
2014-11-03 12:58 - 2014-09-14 16:12 - 04099264 _____ () C:\Windows\system32\nvcoproc.bin

Some content of TEMP:
====================
C:\Users\Lasiandra\AppData\Local\Temp\avgnt.exe
C:\Users\Lasiandra\AppData\Local\Temp\Quarantine.exe
C:\Users\Lasiandra\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 11:56

==================== End Of Log ============================

--- --- ---

schrauber · 03.12.2014, 11:56

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Lasiandra · 03.12.2014, 14:28

Hallo

Hier nun die (hoffentlich) letzten Logs:

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1c28d939097ee74bb747bbfea9f1f82a
# engine=21377
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-03 01:14:51
# local_time=2014-12-03 02:14:51 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 27607 9521088 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 14878 169242341 0 0
# scanned=135038
# found=0
# cleaned=0
# scan_time=5105

SecurityCheck:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 2.0.3.1025  
 Adobe Reader XI  
 Google Chrome (39.0.2171.71) 
 Google Chrome (41.0.2236.0) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by Lasiandra (administrator) on LISALAPTOP on 03-12-2014 14:24:23
Running from C:\Users\Lasiandra\Desktop\Forum
Loaded Profile: Lasiandra (Available profiles: Lasiandra)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Chicony) C:\Program Files (x86)\ChiconyCam\CECAPLF.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Martin Prikryl) C:\Program Files (x86)\WinSCP\WinSCP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2776360 2011-12-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel(R) Corporation)
HKLM\...\Run: [CECAPLF] => C:\Program Files (x86)\ChiconyCam\CECAPLF.exe [121456 2010-09-17] (Chicony)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-401477656-623239201-3160907625-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-401477656-623239201-3160907625-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-401477656-623239201-3160907625-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2014-11-04] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-11-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-401477656-623239201-3160907625-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-401477656-623239201-3160907625-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-15]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> 
CHR Profile: C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-03]
CHR Extension: (Google Docs) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-03]
CHR Extension: (Google Drive) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-03]
CHR Extension: (YouTube) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-03]
CHR Extension: (Google Search) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-03]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-12-03]
CHR Extension: (Google Sheets) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-03]
CHR Extension: (Avira Browser Safety) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-03]
CHR Extension: (Bookmark Manager) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-03]
CHR Extension: (Google Wallet) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
CHR Extension: (Gmail) - C:\Users\Lasiandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-11-14] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1355840 2011-11-14] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-11-14] (Intel Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-16] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-16] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-12] (Electronic Arts)
S4 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2011-02-18] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-14] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-10-16] (NVIDIA Corporation)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NTGUARD; \??\C:\Program Files (x86)\IKARUS\anti.virus\bin\NTGUARD_X64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 14:22 - 2014-12-03 14:22 - 00000843 _____ () C:\Users\Lasiandra\Desktop\checkup.txt
2014-12-03 12:47 - 2014-12-03 12:47 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-03 12:43 - 2014-12-03 12:43 - 00852490 _____ () C:\Users\Lasiandra\Downloads\SecurityCheck.exe
2014-12-03 12:12 - 2014-12-03 14:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-03 12:12 - 2014-12-03 12:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-03 12:12 - 2014-12-03 12:19 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-03 12:12 - 2014-12-03 12:19 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-03 12:12 - 2014-12-03 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-03 12:07 - 2014-12-03 12:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-03 12:03 - 2014-12-03 12:03 - 00427414 _____ () C:\Users\Lasiandra\Documents\bookmarks_03.12.14.html
2014-12-02 19:40 - 2014-12-02 19:40 - 00000000 ____D () C:\Windows\ERUNT
2014-12-02 19:31 - 2014-12-02 19:33 - 00000000 ____D () C:\AdwCleaner
2014-12-01 21:12 - 2014-12-03 14:24 - 00000000 ____D () C:\Users\Lasiandra\Desktop\Forum
2014-12-01 20:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-01 20:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-01 20:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-01 20:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-01 20:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-01 20:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-01 20:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-01 20:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-01 20:09 - 2014-12-01 20:29 - 00000000 ____D () C:\Qoobox
2014-12-01 20:08 - 2014-12-01 20:27 - 00000000 ____D () C:\Windows\erdnt
2014-12-01 10:59 - 2014-12-01 11:00 - 00000444 _____ () C:\Windows\LkmdfCoInst.log
2014-12-01 09:12 - 2014-12-03 14:21 - 00000000 ____D () C:\Users\Lasiandra\Desktop\pdf_fertig
2014-12-01 09:12 - 2014-12-03 14:09 - 00000000 ____D () C:\Users\Lasiandra\Desktop\Fertige Dokumente
2014-11-30 16:38 - 2014-12-03 14:24 - 00000000 ____D () C:\FRST
2014-11-30 16:37 - 2014-11-30 16:37 - 00000000 _____ () C:\Users\Lasiandra\defogger_reenable
2014-11-26 14:37 - 2014-12-02 19:34 - 00001600 _____ () C:\Windows\PFRO.log
2014-11-26 11:59 - 2014-12-03 11:19 - 00005158 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LisaLaptop-Lasiandra LisaLaptop
2014-11-26 11:27 - 2014-12-02 19:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-26 11:27 - 2014-11-26 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-26 11:27 - 2014-11-26 11:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-26 11:27 - 2014-11-26 11:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-26 11:27 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-26 11:27 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-26 11:27 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-26 09:16 - 2014-11-26 09:16 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-11-26 08:56 - 2014-12-03 10:55 - 00004393 _____ () C:\Windows\setupact.log
2014-11-26 08:56 - 2014-11-26 08:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-25 21:45 - 2014-11-25 21:45 - 00000000 ____D () C:\Windows\SysWOW64\IPM
2014-11-23 20:19 - 2014-11-23 20:19 - 00000000 __SHD () C:\Users\Lasiandra\AppData\Local\EmieBrowserModeList
2014-11-20 10:48 - 2014-11-26 09:40 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\DVDVideoSoft
2014-11-19 08:53 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 08:53 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 08:53 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 08:53 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 15:04 - 2014-11-18 15:04 - 00000000 ____D () C:\Users\Lasiandra\Documents\OneNote-Notizbücher
2014-11-12 09:19 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 09:19 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 09:19 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 09:19 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 09:19 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 09:19 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 09:19 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 09:19 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 09:19 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 09:19 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 09:19 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 09:19 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 09:18 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 09:18 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 09:18 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 09:18 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 09:18 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 09:18 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 09:18 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 09:18 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 09:18 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 09:18 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 09:18 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 09:18 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 09:18 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 09:18 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 09:18 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 09:18 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 09:18 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 09:18 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 09:18 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 09:18 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 09:18 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 09:18 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 09:18 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 09:18 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 09:18 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 09:18 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 09:18 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 09:18 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 09:18 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 09:18 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 09:18 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 09:18 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 09:18 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 09:18 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 09:18 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 09:18 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 09:18 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 09:18 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 09:18 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 09:18 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 09:18 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 09:18 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 09:18 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 09:18 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 09:18 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 09:18 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 09:18 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 09:18 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 09:18 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 09:18 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 09:18 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 09:18 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 09:18 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 09:18 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 09:18 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 09:18 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 09:18 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 09:18 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 09:18 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 09:18 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 09:18 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 09:18 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 09:17 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 09:17 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 09:17 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 09:17 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 09:17 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 09:17 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 09:17 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 09:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 09:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 09:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 09:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 09:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 09:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 09:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 09:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 09:17 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 09:17 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 11:33 - 2014-11-11 11:33 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-11-11 11:33 - 2014-11-11 11:33 - 00000000 ____D () C:\Windows\system32\NV
2014-11-11 11:31 - 2014-11-04 01:04 - 31891784 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 24555208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 20985544 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 20923712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 18514080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 17259848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 14031448 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 13943904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 13207184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-11 11:31 - 2014-11-04 01:04 - 11397208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 11335408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 04289168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 02849736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434465.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434465.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00962704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00922256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00898192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-11 11:31 - 2014-11-04 01:04 - 00032576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-11-10 22:22 - 2014-11-10 22:22 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\Blizzard
2014-11-10 21:33 - 2014-11-10 22:23 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-11-10 21:33 - 2014-11-10 21:33 - 00001155 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-11-10 21:33 - 2014-11-10 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-11-10 21:27 - 2014-11-22 22:40 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\Battle.net
2014-11-10 21:27 - 2014-11-10 21:33 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\Battle.net
2014-11-10 21:27 - 2014-11-10 21:27 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\Blizzard Entertainment
2014-11-10 21:26 - 2014-11-18 22:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-10 21:26 - 2014-11-10 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-11-10 21:26 - 2014-11-10 21:27 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-11-10 21:23 - 2014-11-10 21:23 - 00000000 ____D () C:\ProgramData\Battle.net

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 14:17 - 2014-09-14 15:40 - 01560523 _____ () C:\Windows\WindowsUpdate.log
2014-12-03 12:12 - 2014-09-14 17:42 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\Google
2014-12-03 12:12 - 2014-09-14 17:42 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-03 11:20 - 2014-09-15 16:43 - 00000000 ____D () C:\Users\Lasiandra\Documents\Rezepte
2014-12-03 11:16 - 2014-09-18 18:56 - 00000000 ____D () C:\Users\Lasiandra\Documents\Uni-Arbeit
2014-12-03 11:10 - 2014-09-26 20:12 - 00000600 _____ () C:\Users\Lasiandra\AppData\Roaming\winscp.rnd
2014-12-03 11:06 - 2011-03-08 12:15 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2014-12-03 11:06 - 2011-03-08 12:15 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2014-12-03 11:06 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-03 11:04 - 2009-07-14 05:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 11:04 - 2009-07-14 05:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 10:56 - 2014-10-28 16:42 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-03 10:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-01 20:29 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-01 20:24 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-01 10:59 - 2014-09-15 07:36 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-11-30 16:37 - 2014-09-14 15:57 - 00000000 ____D () C:\Users\Lasiandra
2014-11-27 22:33 - 2014-09-23 11:47 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\TeamViewer
2014-11-26 20:52 - 2014-09-14 20:09 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\Skype
2014-11-25 21:42 - 2014-10-17 09:11 - 00000000 ____D () C:\Windows\pss
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-22 18:31 - 2014-10-10 11:14 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-13 18:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 21:36 - 2014-10-17 09:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-12 21:35 - 2014-09-17 16:51 - 00001338 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-11-12 21:28 - 2014-09-17 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-12 21:28 - 2014-09-17 15:36 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-12 21:28 - 2014-09-17 14:51 - 00000000 ____D () C:\ProgramData\Origin
2014-11-12 13:08 - 2014-09-15 16:43 - 00000000 ____D () C:\Users\Lasiandra\Documents\Pers.Ass
2014-11-12 12:06 - 2009-07-14 05:45 - 00457016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 12:05 - 2014-09-14 22:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 09:56 - 2014-09-14 19:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 09:51 - 2014-09-14 19:24 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 11:33 - 2014-09-14 16:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-11 09:50 - 2014-10-24 13:30 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\NVIDIA
2014-11-11 09:49 - 2014-10-24 13:30 - 00000000 ____D () C:\Users\Lasiandra\AppData\Local\NVIDIA Corporation
2014-11-07 21:11 - 2014-09-15 19:08 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\vlc
2014-11-07 19:03 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-06 15:24 - 2014-09-15 18:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-06 15:24 - 2014-09-15 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-06 15:24 - 2014-09-15 17:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-04 01:04 - 2014-10-24 13:26 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-04 01:04 - 2014-10-24 13:26 - 00870624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-04 01:04 - 2014-09-14 16:12 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-04 01:04 - 2014-09-14 16:11 - 00987520 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-04 01:04 - 2014-09-14 16:11 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-04 01:04 - 2014-09-14 16:11 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-04 01:04 - 2014-09-14 16:10 - 03238040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 06882448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 03531464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 01091216 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 00935232 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-03 23:02 - 2014-09-14 16:12 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-11-03 23:02 - 2014-09-14 16:12 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-03 16:17 - 2014-09-22 10:13 - 00000000 ____D () C:\Users\Lasiandra\AppData\Roaming\HpUpdate
2014-11-03 12:58 - 2014-09-14 16:12 - 04099264 _____ () C:\Windows\system32\nvcoproc.bin

Some content of TEMP:
====================
C:\Users\Lasiandra\AppData\Local\Temp\avgnt.exe
C:\Users\Lasiandra\AppData\Local\Temp\Quarantine.exe
C:\Users\Lasiandra\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 11:56

==================== End Of Log ============================

--- --- ---

Also im Moment öffnen sich keine Tabs mehr, ich wart noch bis morgen ab und sag dann Bescheid!
Danke schonmal

schrauber · 04.12.2014, 09:59

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Lasiandra · 04.12.2014, 11:37

Hallo!

Endlich keine lästigen Werbe-Tabs mehr.

Danke für deine deppensicheren Erklärungen!

Super Forum,
vielen Dank!

Lg. Lisa

schrauber · 05.12.2014, 09:05

Gern Geschehen

Lasiandra · 05.12.2014, 14:05

-.-"; ich schon wieder...
Er/es (?) ist wieder da *schluchz*

Gibt es jetzt noch eine andere Lösung außer neu aufsetzen? :/

Danke schonmal für eine Antwort,
Lisa

schrauber · 06.12.2014, 09:30

in welchem Browser? Nur in Chrome?

Lasiandra · 06.12.2014, 18:39

Ja! Also ich hatte IE jetzt parallel laufen, da kam nichts. Nur bei Chrome :/
Hab "Version 41.0.2236.0 dev-m (64-bit)", falls das irgendetwas hilft.

Danke!

05.12.2014, 09:05	#12
schrauber /// the machine /// TB-Ausbilder	Win7: Chrome öffnet selbstständig Werbe-Tabs Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

06.12.2014, 09:30	#14
schrauber /// the machine /// TB-Ausbilder	Win7: Chrome öffnet selbstständig Werbe-Tabs in welchem Browser? Nur in Chrome? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Win7: Chrome öffnet selbstständig Werbe-Tabs

Log-Analyse und Auswertung: Win7: Chrome öffnet selbstständig Werbe-Tabs