Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ads by BetterMarkIt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.12.2014, 19:06   #1
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Hallo, habe ein Problem mit einer Art Browser Hijacker.
Egal welchen Browser ich benutze, ob Firefox, Chrome, Opera, IE, ich kriege überall Werbebanner, Werbepop-ups inkl. grüne Links, 3 Extrafenster und 2 Extra-Tabs alle "brought to you by BetterMarkIt oder rightcoupon.
Bin verzweifelt, nichts hilft.
Habe mit Revo-Uninstaller alle unwanted Software geröstet, alle Browser mehrfach resettet oder neu installiert, zwei Malewarebytes-Scans, einen mit AdwCleaner, alle gefundenen Dateien gelöscht, aber die Popups sind immer noch da.

Bin komplett ratlos, danke im vorraus für jede erdenkliche Hilfe.

Alt 09.12.2014, 19:08   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 09.12.2014, 19:32   #3
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Code:
ATTFilter
() C:\Program Files\Razer\Diamondback 3G\razerhid.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Belkin\F7D4101\V1\PBN.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
(Razer Inc.) C:\Program Files\Razer\Diamondback 3G\razerofa.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Diamondback] => C:\Program Files\Razer\Diamondback 3G\razerhid.exe [147456 2007-08-01] ()
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2007-02-28] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [5479224 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3618648 2014-11-27] (Electronic Arts)
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {0a432b9c-5628-11e1-8beb-002215f64712} - H:\iStudio.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {45ff7cad-e803-11dd-afeb-8edf4b91f0b7} - G:\INSTALL.EXE
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {58376522-d1a8-11e2-85fc-002215f64712} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\index.html
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {678c0f35-9d3c-11de-946d-002215f64712} - Iexplores.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Produktregistrierung.lnk
ShortcutTarget: Logitech blank Produktregistrierung.lnk -> C:\Program Files\Logitech\G35\eReg.exe (No File)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
ShortcutTarget: Wireless Configuration Utility HW.51.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = 
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{F095B610-E74E-49DE-873D-4D5386CEDFC6}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\un5beyj8.default-1418146926088
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2849090330-1973166882-654260307-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-02-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2012-12-10] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2012-12-10] (Cisco Systems, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [28968 2007-08-08] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-30] ()
S3 atxboxfl; C:\Windows\System32\DRIVERS\atxboxfl.sys [25537 2003-12-15] (Compuware Corporation) [File not signed]
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2007-08-20] (EnTech Taiwan)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47616 2008-06-30] (Atheros Communications, Inc.)
S3 LADF_CaptureOnly; C:\Windows\System32\DRIVERS\ladfGSCi386.sys [378568 2011-04-11] (Logitech)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53976 2010-09-29] (Logitech)
S3 LADF_RenderOnly; C:\Windows\System32\DRIVERS\ladfGSRi386.sys [317384 2011-04-11] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [335064 2010-09-29] (Logitech)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-30] ()
S3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [253952 2006-11-02] (Marvell Semiconductor, Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 P17; C:\Windows\System32\drivers\P17.sys [1168896 2009-10-16] (Creative Technology Ltd.)
S3 Razerlow; C:\Windows\System32\Drivers\DB3G.sys [13225 2005-04-24] (Razer (Asia-Pacific) Pte Ltd)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [1170464 2010-03-23] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-01-21] () [File not signed]
S3 W8335XP; C:\Windows\System32\DRIVERS\Mrv8000c.sys [265984 2005-03-25] (Marvell Semiconductor, Inc) [File not signed]
R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [56992 2014-12-05] (Corsica)
U3 aylbu64a; C:\Windows\system32\Drivers\aylbu64a.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 phionvpn; system32\DRIVERS\phionvpn.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 19:23 - 2014-12-09 19:24 - 00014710 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-12-09 19:23 - 2014-12-09 19:23 - 01111040 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-12-09 19:23 - 2014-12-09 19:23 - 00000000 ____D () C:\FRST
2014-12-09 18:28 - 2014-12-09 18:28 - 00000000 ____D () C:\Users\Admin\Documents\Tunngle
2014-12-09 17:36 - 2014-12-09 17:36 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 17:35 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 13:17 - 2014-12-09 13:17 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2014-12-09 01:09 - 2014-12-09 13:16 - 00000000 ____D () C:\Program Files\Opera
2014-12-09 00:52 - 2014-12-09 00:53 - 32532216 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_26.0.1656.32_Setup.exe
2014-12-08 19:42 - 2014-12-08 19:42 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable(1).exe
2014-12-08 19:37 - 2014-12-08 19:37 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable.exe
2014-12-08 17:44 - 2014-12-08 17:44 - 01174352 _____ () C:\Users\Admin\Downloads\HijackThis - CHIP-Installer.exe
2014-12-08 17:44 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-12-08 17:44 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-12-06 02:50 - 2014-12-06 03:18 - 00000000 ____D () C:\AdwCleaner
2014-12-06 02:50 - 2014-12-06 03:17 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-06 02:50 - 2014-12-06 02:50 - 02153472 _____ () C:\Users\Admin\Downloads\adwcleaner_4.104.exe
2014-12-06 02:35 - 2014-12-09 18:29 - 00038988 _____ () C:\Windows\PFRO.log
2014-12-05 22:17 - 2014-12-09 12:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 22:16 - 2014-12-08 19:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-12-05 22:16 - 2014-12-05 22:16 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-05 22:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 22:14 - 2014-12-05 22:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-05 22:07 - 2014-12-05 22:07 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Admin\Downloads\SpyHunter-Installer(1).exe
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\Program Files\STab
2014-12-05 21:04 - 2014-12-09 18:33 - 00001338 _____ () C:\Windows\Tasks\MYCBDE.job
2014-12-05 21:04 - 2014-12-05 21:04 - 00056992 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys
2014-12-05 21:04 - 2014-12-05 21:04 - 00002393 _____ () C:\Windows\patsearch.bin
2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-05 21:03 - 2014-12-09 18:33 - 00001684 _____ () C:\Windows\Tasks\YUHCVSH.job
2014-12-05 20:59 - 2014-12-05 20:59 - 00508568 _____ () C:\Users\Admin\Downloads\NeoliveApp_setup_2_ff.exe
2014-12-03 00:01 - 2014-12-03 00:01 - 00000552 _____ () C:\Users\Admin\AppData\Local\d3d8caps.dat
2014-12-02 23:46 - 2014-12-02 23:47 - 28281816 _____ () C:\Users\Admin\Downloads\Turok 2 - Seeds of Evil (D).zip
2014-12-02 23:12 - 2014-12-02 23:12 - 11848358 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire (Europe).zip
2014-11-25 23:28 - 2014-11-25 23:28 - 11781055 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire.zip
2014-11-20 02:34 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 00:21 - 2014-11-20 00:21 - 00244120 _____ () C:\Users\Admin\Downloads\Firefox Setup Stub 33.1.1.exe
2014-11-20 00:06 - 2014-11-20 00:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-20 00:04 - 2014-11-20 00:04 - 00638888 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jxpiinstall.exe
2014-11-13 02:17 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 02:17 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 02:17 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 02:17 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 02:17 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 02:17 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 02:16 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 02:16 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 02:16 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 02:15 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 02:15 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 02:15 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 02:15 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 02:15 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 02:11 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 08:24 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 08:24 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 08:24 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 08:24 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 08:24 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 08:24 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 08:24 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 08:24 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 08:24 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 08:24 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 08:24 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 08:24 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 08:24 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 08:24 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 08:24 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 08:24 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 08:24 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 08:24 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 08:24 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 08:24 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 08:24 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 19:22 - 2012-06-13 15:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 19:22 - 2012-06-13 15:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 19:22 - 2011-06-08 19:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 18:51 - 2009-01-04 18:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-09 18:41 - 2012-12-19 23:50 - 00000000 ____D () C:\Program Files\Steam
2014-12-09 18:37 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-09 18:36 - 2011-09-29 17:30 - 00000000 ____D () C:\ProgramData\Origin
2014-12-09 18:34 - 2013-10-25 12:40 - 00000000 ____D () C:\Program Files\Origin
2014-12-09 18:34 - 2009-01-04 18:02 - 00058872 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 18:34 - 2008-01-21 02:35 - 01713986 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 18:30 - 2009-04-07 22:12 - 00000431 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-09 18:30 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 18:30 - 2006-11-02 13:47 - 00256712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 18:30 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 18:30 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 18:28 - 2010-11-03 19:10 - 00000000 _____ () C:\Windows\system32\Access.dat
2014-12-09 18:28 - 2006-11-02 14:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-09 18:25 - 2013-02-18 16:50 - 00000000 ____D () C:\Program Files\OriginLab
2014-12-09 18:22 - 2009-02-18 22:15 - 00000000 ____D () C:\Users\Public\Documents\STALKER-SHOC
2014-12-09 18:09 - 2009-01-28 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Local\Fallout3
2014-12-09 18:07 - 2009-01-24 19:57 - 00000000 ____D () C:\Users\Admin\Documents\My Games
2014-12-09 18:01 - 2010-03-24 21:12 - 00000000 ____D () C:\ProgramData\Solidshield
2014-12-09 12:47 - 2009-01-04 18:02 - 00000949 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-06 02:34 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2014-12-06 02:33 - 2012-02-05 16:47 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-05 22:08 - 2009-01-04 18:01 - 00000000 ____D () C:\Users\Admin
2014-12-05 21:43 - 2013-07-27 02:29 - 00000350 _____ () C:\Users\Admin\Desktop\Neues Textdokument5.txt
2014-12-05 21:43 - 2011-07-13 22:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Media Player Classic
2014-12-05 21:43 - 2011-06-07 20:20 - 00000000 ____D () C:\Windows\Minidump
2014-12-05 21:17 - 2009-01-04 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-12-05 21:07 - 2010-05-31 18:58 - 00000000 ____D () C:\Program Files\Google
2014-11-24 16:56 - 2012-07-27 18:18 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-11-20 00:07 - 2013-11-03 12:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-20 00:06 - 2014-08-23 08:59 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-20 00:06 - 2013-11-03 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-20 00:05 - 2010-02-25 11:14 - 00000000 ____D () C:\Program Files\Java
2014-11-13 09:25 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-11-13 09:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-13 09:06 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-13 02:14 - 2013-07-19 00:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 02:12 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\3A8170E2-4357-C43E-FEE8-0F3D86029E60.dll
C:\Users\Admin\AppData\Local\Temp\3A8170E2-4357-C43E-FEE8-0F3D86029E60.exe
C:\Users\Admin\AppData\Local\Temp\ED6ABE4E-D7DE-3E73-5815-228C3F11B8CF.exe
C:\Users\Admin\AppData\Local\Temp\optprosetup.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-09 18:39

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-12-2014
Ran by Admin at 2014-12-09 19:24:22
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.64 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (Version: 1.00.0000 - Ubisoft) Hidden
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.34 - Atheros Communications Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Creative Audio-Systemsteuerung (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Der Kleine Turnierplaner 6.7.3.1a (HKLM\...\Der_Deploy_0) (Version: 6.7.3.1a - Der Kleine Turnierplaner)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. )
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Eigenschaften von Creative Sound Blaster (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
Far Cry® 3 (HKLM\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
IEEE 802.11g Wireless Cardbus/PCI Adapter (HKLM\...\InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}) (Version: 1.00.0000 - OEM)
IEEE 802.11g Wireless Cardbus/PCI Adapter (Version: 1.00.0000 - OEM) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016F0}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF Image Extraction Wizard 1.2 (HKLM\...\PDF Image Extraction Wizard 1.2_is1) (Version:  - RL Vision)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Play Wireless USB Adapter (HKLM\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin)
Play Wireless USB Adapter (Version: 1.0.0.03 - Belkin) Hidden
Razer Diamondback 3G (HKLM\...\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}) (Version: 5.01 - Razer USA Ltd.)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Rockstar Games Social Club (HKLM\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Sound Blaster Audigy (HKLM\...\{C5828861-B97B-4037-995C-C65E9CC13A3B}) (Version: 1.0 - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
USB GAME PAD (HKLM\...\USB GAME PAD) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Warcraft III (HKLM\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Warcraft III) (Version:  - )
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path

==================== Restore Points  =========================

05-12-2014 20:58:46 Revo Uninstaller's restore point - Xvid 1.2.2 final uninstall
06-12-2014 01:46:45 Revo Uninstaller's restore point - Windows Media Player Firefox Plugin
08-12-2014 19:15:13 Geplanter Prüfpunkt
09-12-2014 11:44:53 Revo Uninstaller's restore point - Cliqz
09-12-2014 11:47:03 Revo Uninstaller's restore point - Opera Stable 26.0.1656.32
09-12-2014 13:43:26 Windows Update
09-12-2014 16:26:44 Revo Uninstaller's restore point - Mozilla Firefox 34.0.5 (x86 de)
09-12-2014 16:31:08 Revo Uninstaller's restore point - Explorer Suite III
09-12-2014 16:31:58 Revo Uninstaller's restore point - Windows Media Player Firefox Plugin
09-12-2014 16:55:00 Revo Uninstaller's restore point - SopCast 3.4.0
09-12-2014 16:56:09 Revo Uninstaller's restore point - Crysis(R)
09-12-2014 17:01:01 Revo Uninstaller's restore point - Crysis® 2
09-12-2014 17:01:11 Removed Crysis® 2
09-12-2014 17:07:05 Revo Uninstaller's restore point - Fallout 3
09-12-2014 17:07:45 Removed Fallout 3
09-12-2014 17:10:01 Revo Uninstaller's restore point - Fallout New Vegas
09-12-2014 17:11:22 Revo Uninstaller's restore point - Far Cry 2
09-12-2014 17:12:23 Revo Uninstaller's restore point - Magic Set Editor 2 - 0.3.8 beta
09-12-2014 17:13:57 Entfernt Far Cry 2
09-12-2014 17:15:46 Revo Uninstaller's restore point - SPORE™
09-12-2014 17:16:13 Entfernt SPORE™
09-12-2014 17:20:31 Revo Uninstaller's restore point - Premiumplay Codec-C
09-12-2014 17:22:30 Revo Uninstaller's restore point - S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
09-12-2014 17:23:58 Revo Uninstaller's restore point - Origin90
09-12-2014 17:27:52 Revo Uninstaller's restore point - Tunngle beta
09-12-2014 17:48:24 Revo Uninstaller's restore point - Portal 2
09-12-2014 17:49:43 Revo Uninstaller's restore point - Combined Community Codec Pack 2011-06-26
09-12-2014 17:50:49 Revo Uninstaller's restore point - Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2012-12-20 12:10 - 00000801 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
132.187.1.5	vpngw.uni-wuerzburg.de


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0332D3C1-DF6D-4EE1-8F8A-5840D23D6FCB} - \43520108 No Task File <==== ATTENTION
Task: {04402289-C22F-4263-A862-CBEE61C2F67E} - \715a1e10 No Task File <==== ATTENTION
Task: {142E59D2-982D-42ED-A12A-5C44F0F1FA98} - System32\Tasks\MYCBDE => C:\Users\Admin\AppData\Roaming\MYCBDE.exe <==== ATTENTION
Task: {15AC5EC8-0EEF-4B28-B813-54C5DDBBB3AE} - \6c423567-a24d-446b-bae8-e6206777b66a-11 No Task File <==== ATTENTION
Task: {2500A1BB-3C3D-4DD8-B556-CE12E6CF2FC1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Admin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {27B70163-956E-4C28-8AA6-730071D340AD} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-2 No Task File <==== ATTENTION
Task: {40B87F90-3538-4A71-BC14-59376A7A90A6} - \89c71c68 No Task File <==== ATTENTION
Task: {47D6B61B-0545-46A6-A101-DC276C20F791} - System32\Tasks\YUHCVSH => C:\Users\Admin\AppData\Roaming\YUHCVSH.exe <==== ATTENTION
Task: {495F4BCF-B653-4185-B295-84D30E258939} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-11 No Task File <==== ATTENTION
Task: {51F4C2FB-6377-48BF-9E58-1A1B1E9F43B3} - \6c423567-a24d-446b-bae8-e6206777b66a-4 No Task File <==== ATTENTION
Task: {548A203E-4591-4BC4-9409-B7CE95683ADD} - \35a3f634 No Task File <==== ATTENTION
Task: {6DD52B62-EAD0-4D72-A080-08A53787DCF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {7EDDABF4-CFA1-43DB-8965-BA858AF67208} - \d46c188 No Task File <==== ATTENTION
Task: {803D09BF-5D5F-44FF-AE82-E813380836E8} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-4 No Task File <==== ATTENTION
Task: {8DD095ED-D883-4F54-8CD8-D4B9B0F8DAAE} - \6c423567-a24d-446b-bae8-e6206777b66a-2 No Task File <==== ATTENTION
Task: {8E69FF61-9EE2-4BF4-AD27-6C905EACFD91} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {92466507-5F8D-4638-BA90-1CBE750DE35E} - \6c423567-a24d-446b-bae8-e6206777b66a-1 No Task File <==== ATTENTION
Task: {945E8773-666E-4BB1-B663-544350D73767} - System32\Tasks\Run_Bobby_Browser => C:\Users\Admin\AppData\Local\BoBrowser\Application\bobrowser.exe
Task: {A2244095-07AF-4CFD-B1BB-4AF91B1F4E80} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-5_user No Task File <==== ATTENTION
Task: {B8F6DDDF-E04E-4331-ACCE-4CDB5687CA6C} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-3 No Task File <==== ATTENTION
Task: {BF680C3E-C575-431C-BEB3-C2A04572A885} - \cf1fda54 No Task File <==== ATTENTION
Task: {CB3CD0A8-9018-4216-BFFA-7CB6E0FFEF38} - \a236e608 No Task File <==== ATTENTION
Task: {CC22D0A7-76A5-4418-9536-B01BA1395F2E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {E1CEE527-15C7-4CB0-A60B-166BAFE519BE} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-5 No Task File <==== ATTENTION
Task: {E2F22492-6D15-4343-9284-50680C3AD4C5} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-1 No Task File <==== ATTENTION
Task: {EB163A95-3306-4CDF-8BA8-B8392B95324B} - \6c423567-a24d-446b-bae8-e6206777b66a-5_user No Task File <==== ATTENTION
Task: {EC1640A5-19DE-4C81-9A80-C15A9EE0B712} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {FC024F21-C619-432B-9621-573957290A60} - \6c423567-a24d-446b-bae8-e6206777b66a-5 No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\MYCBDE.job => C:\Users\Admin\AppData\Roaming\MYCBDE.exe <==== ATTENTION
Task: C:\Windows\Tasks\YUHCVSH.job => C:\Users\Admin\AppData\Roaming\YUHCVSH.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2009-12-28 17:25 - 2009-12-28 17:25 - 00036864 ____N () C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
2010-04-13 01:13 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2012-09-28 02:10 - 2012-09-28 02:10 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2009-01-15 20:37 - 2007-08-01 14:07 - 00147456 _____ () C:\Program Files\Razer\Diamondback 3G\razerhid.exe
2009-05-29 17:34 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2009-05-29 17:34 - 2009-07-10 09:07 - 00166912 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2009-11-25 18:45 - 2009-11-25 18:45 - 00110592 ____N () C:\Program Files\Belkin\F7D4101\V1\PBN.exe
2009-09-15 19:17 - 2009-09-15 19:17 - 00200704 ____N () C:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
2005-04-12 10:03 - 2005-04-12 10:03 - 00458752 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
2005-04-12 10:44 - 2005-04-12 10:44 - 00049152 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanDll.dll
2014-12-09 17:36 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-26 19:22 - 2014-11-26 19:22 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: FilterHost => C:\Users\Admin\AppData\Roaming\mmserver\FilterHost.exe
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry

========================= Accounts: ==========================

Admin (S-1-5-21-2849090330-1973166882-654260307-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2849090330-1973166882-654260307-500 - Administrator - Disabled)
Gast (S-1-5-21-2849090330-1973166882-654260307-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2014 06:50:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {233eefd9-605f-434d-b2f0-c015bdd621a1}

Error: (12/09/2014 06:49:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {233eefd9-605f-434d-b2f0-c015bdd621a1}

Error: (12/09/2014 06:48:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {233eefd9-605f-434d-b2f0-c015bdd621a1}

Error: (12/09/2014 06:31:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 06:27:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:23:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:22:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:20:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 34.0.5.5443, Zeitstempel 0x5475dd5d, fehlerhaftes Modul mozalloc.dll, Version 34.0.5.5443, Zeitstempel 0x5475d664, Ausnahmecode 0x80000003, Fehleroffset 0x00001425,
Prozess-ID 0x5b4, Anwendungsstartzeit plugin-container.exe0.

Error: (12/09/2014 06:20:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:16:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}


System errors:
=============
Error: (12/09/2014 06:31:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/09/2014 00:01:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/08/2014 07:36:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Gemeinsame Nutzung der Internetverbindung%%2150760466

Error: (12/08/2014 07:35:37 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error: (12/08/2014 05:55:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/08/2014 05:31:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/06/2014 03:21:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/06/2014 03:21:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (12/06/2014 02:57:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/06/2014 02:54:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Installer11200001Neustart des Diensts


Microsoft Office Sessions:
=========================
Error: (12/09/2014 06:50:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {233eefd9-605f-434d-b2f0-c015bdd621a1}

Error: (12/09/2014 06:49:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {233eefd9-605f-434d-b2f0-c015bdd621a1}

Error: (12/09/2014 06:48:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {233eefd9-605f-434d-b2f0-c015bdd621a1}

Error: (12/09/2014 06:31:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 06:27:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:23:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:22:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:20:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d66480000003000014255b401d013d452e77f75

Error: (12/09/2014 06:20:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:16:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}


CodeIntegrity Errors:
===================================
  Date: 2014-12-09 19:24:19.836
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 19:24:19.658
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 19:24:19.478
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 19:24:19.301
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 19:24:19.031
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 19:24:18.853
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 19:24:18.670
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 19:24:18.482
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 12:49:42.347
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 12:49:42.165
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 56%
Total physical RAM: 3326.12 MB
Available physical RAM: 1449.25 MB
Total Pagefile: 6877.21 MB
Available Pagefile: 4973.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:54.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Lokaler Datenträger) (Fixed) (Total:315.76 GB) (Free:280.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1214D70B)
Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=315.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 10.12.2014, 15:11   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {0332D3C1-DF6D-4EE1-8F8A-5840D23D6FCB} - \43520108 No Task File <==== ATTENTION
Task: {04402289-C22F-4263-A862-CBEE61C2F67E} - \715a1e10 No Task File <==== ATTENTION
Task: {142E59D2-982D-42ED-A12A-5C44F0F1FA98} - System32\Tasks\MYCBDE => C:\Users\Admin\AppData\Roaming\MYCBDE.exe <==== ATTENTION
Task: {15AC5EC8-0EEF-4B28-B813-54C5DDBBB3AE} - \6c423567-a24d-446b-bae8-e6206777b66a-11 No Task File <==== ATTENTION
Task: {27B70163-956E-4C28-8AA6-730071D340AD} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-2 No Task File <==== ATTENTION
Task: {40B87F90-3538-4A71-BC14-59376A7A90A6} - \89c71c68 No Task File <==== ATTENTION
Task: {47D6B61B-0545-46A6-A101-DC276C20F791} - System32\Tasks\YUHCVSH => C:\Users\Admin\AppData\Roaming\YUHCVSH.exe <==== ATTENTION
Task: {495F4BCF-B653-4185-B295-84D30E258939} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-11 No Task File <==== ATTENTION
Task: {51F4C2FB-6377-48BF-9E58-1A1B1E9F43B3} - \6c423567-a24d-446b-bae8-e6206777b66a-4 No Task File <==== ATTENTION
Task: {548A203E-4591-4BC4-9409-B7CE95683ADD} - \35a3f634 No Task File <==== ATTENTION
Task: {7EDDABF4-CFA1-43DB-8965-BA858AF67208} - \d46c188 No Task File <==== ATTENTION
Task: {803D09BF-5D5F-44FF-AE82-E813380836E8} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-4 No Task File <==== ATTENTION
Task: {8DD095ED-D883-4F54-8CD8-D4B9B0F8DAAE} - \6c423567-a24d-446b-bae8-e6206777b66a-2 No Task File <==== ATTENTION
Task: {8E69FF61-9EE2-4BF4-AD27-6C905EACFD91} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {92466507-5F8D-4638-BA90-1CBE750DE35E} - \6c423567-a24d-446b-bae8-e6206777b66a-1 No Task File <==== ATTENTION
Task: {A2244095-07AF-4CFD-B1BB-4AF91B1F4E80} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-5_user No Task File <==== ATTENTION
Task: {B8F6DDDF-E04E-4331-ACCE-4CDB5687CA6C} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-3 No Task File <==== ATTENTION
Task: {BF680C3E-C575-431C-BEB3-C2A04572A885} - \cf1fda54 No Task File <==== ATTENTION
Task: {CB3CD0A8-9018-4216-BFFA-7CB6E0FFEF38} - \a236e608 No Task File <==== ATTENTION
Task: {CC22D0A7-76A5-4418-9536-B01BA1395F2E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {E1CEE527-15C7-4CB0-A60B-166BAFE519BE} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-5 No Task File <==== ATTENTION
Task: {E2F22492-6D15-4343-9284-50680C3AD4C5} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-1 No Task File <==== ATTENTION
Task: {EB163A95-3306-4CDF-8BA8-B8392B95324B} - \6c423567-a24d-446b-bae8-e6206777b66a-5_user No Task File <==== ATTENTION
Task: {FC024F21-C619-432B-9621-573957290A60} - \6c423567-a24d-446b-bae8-e6206777b66a-5 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\MYCBDE.job => C:\Users\Admin\AppData\Roaming\MYCBDE.exe <==== ATTENTION
Task: C:\Windows\Tasks\YUHCVSH.job => C:\Users\Admin\AppData\Roaming\YUHCVSH.exe <==== ATTENTION
C:\Users\Admin\AppData\Roaming\MYCBDE.exe
C:\Users\Admin\AppData\Roaming\YUHCVSH.exe
Tcpip\..\Interfaces\{F095B610-E74E-49DE-873D-4D5386CEDFC6}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 phionvpn; system32\DRIVERS\phionvpn.sys [X]
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.12.2014, 12:22   #5
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-12-2014
Ran by Admin at 2014-12-10 18:56:16 Run:1
Running from c:\Users\Admin\Downloads
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {0332D3C1-DF6D-4EE1-8F8A-5840D23D6FCB} - \43520108 No Task File <==== ATTENTION
Task: {04402289-C22F-4263-A862-CBEE61C2F67E} - \715a1e10 No Task File <==== ATTENTION
Task: {142E59D2-982D-42ED-A12A-5C44F0F1FA98} - System32\Tasks\MYCBDE => C:\Users\Admin\AppData\Roaming\MYCBDE.exe <==== ATTENTION
Task: {15AC5EC8-0EEF-4B28-B813-54C5DDBBB3AE} - \6c423567-a24d-446b-bae8-e6206777b66a-11 No Task File <==== ATTENTION
Task: {27B70163-956E-4C28-8AA6-730071D340AD} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-2 No Task File <==== ATTENTION
Task: {40B87F90-3538-4A71-BC14-59376A7A90A6} - \89c71c68 No Task File <==== ATTENTION
Task: {47D6B61B-0545-46A6-A101-DC276C20F791} - System32\Tasks\YUHCVSH => C:\Users\Admin\AppData\Roaming\YUHCVSH.exe <==== ATTENTION
Task: {495F4BCF-B653-4185-B295-84D30E258939} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-11 No Task File <==== ATTENTION
Task: {51F4C2FB-6377-48BF-9E58-1A1B1E9F43B3} - \6c423567-a24d-446b-bae8-e6206777b66a-4 No Task File <==== ATTENTION
Task: {548A203E-4591-4BC4-9409-B7CE95683ADD} - \35a3f634 No Task File <==== ATTENTION
Task: {7EDDABF4-CFA1-43DB-8965-BA858AF67208} - \d46c188 No Task File <==== ATTENTION
Task: {803D09BF-5D5F-44FF-AE82-E813380836E8} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-4 No Task File <==== ATTENTION
Task: {8DD095ED-D883-4F54-8CD8-D4B9B0F8DAAE} - \6c423567-a24d-446b-bae8-e6206777b66a-2 No Task File <==== ATTENTION
Task: {8E69FF61-9EE2-4BF4-AD27-6C905EACFD91} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {92466507-5F8D-4638-BA90-1CBE750DE35E} - \6c423567-a24d-446b-bae8-e6206777b66a-1 No Task File <==== ATTENTION
Task: {A2244095-07AF-4CFD-B1BB-4AF91B1F4E80} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-5_user No Task File <==== ATTENTION
Task: {B8F6DDDF-E04E-4331-ACCE-4CDB5687CA6C} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-3 No Task File <==== ATTENTION
Task: {BF680C3E-C575-431C-BEB3-C2A04572A885} - \cf1fda54 No Task File <==== ATTENTION
Task: {CB3CD0A8-9018-4216-BFFA-7CB6E0FFEF38} - \a236e608 No Task File <==== ATTENTION
Task: {CC22D0A7-76A5-4418-9536-B01BA1395F2E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {E1CEE527-15C7-4CB0-A60B-166BAFE519BE} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-5 No Task File <==== ATTENTION
Task: {E2F22492-6D15-4343-9284-50680C3AD4C5} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-1 No Task File <==== ATTENTION
Task: {EB163A95-3306-4CDF-8BA8-B8392B95324B} - \6c423567-a24d-446b-bae8-e6206777b66a-5_user No Task File <==== ATTENTION
Task: {FC024F21-C619-432B-9621-573957290A60} - \6c423567-a24d-446b-bae8-e6206777b66a-5 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\MYCBDE.job => C:\Users\Admin\AppData\Roaming\MYCBDE.exe <==== ATTENTION
Task: C:\Windows\Tasks\YUHCVSH.job => C:\Users\Admin\AppData\Roaming\YUHCVSH.exe <==== ATTENTION
C:\Users\Admin\AppData\Roaming\MYCBDE.exe
C:\Users\Admin\AppData\Roaming\YUHCVSH.exe
Tcpip\..\Interfaces\{F095B610-E74E-49DE-873D-4D5386CEDFC6}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 phionvpn; system32\DRIVERS\phionvpn.sys [X]
Emptytemp:
         
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0332D3C1-DF6D-4EE1-8F8A-5840D23D6FCB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0332D3C1-DF6D-4EE1-8F8A-5840D23D6FCB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\43520108" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04402289-C22F-4263-A862-CBEE61C2F67E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04402289-C22F-4263-A862-CBEE61C2F67E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\715a1e10" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{142E59D2-982D-42ED-A12A-5C44F0F1FA98}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{142E59D2-982D-42ED-A12A-5C44F0F1FA98}" => Key deleted successfully.
C:\Windows\System32\Tasks\MYCBDE => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MYCBDE" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{15AC5EC8-0EEF-4B28-B813-54C5DDBBB3AE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15AC5EC8-0EEF-4B28-B813-54C5DDBBB3AE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6c423567-a24d-446b-bae8-e6206777b66a-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27B70163-956E-4C28-8AA6-730071D340AD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27B70163-956E-4C28-8AA6-730071D340AD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e41dc5ec-a011-405b-b39b-a07d7fabbd09-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40B87F90-3538-4A71-BC14-59376A7A90A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40B87F90-3538-4A71-BC14-59376A7A90A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\89c71c68" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{47D6B61B-0545-46A6-A101-DC276C20F791}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47D6B61B-0545-46A6-A101-DC276C20F791}" => Key deleted successfully.
C:\Windows\System32\Tasks\YUHCVSH => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YUHCVSH" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{495F4BCF-B653-4185-B295-84D30E258939}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{495F4BCF-B653-4185-B295-84D30E258939}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e41dc5ec-a011-405b-b39b-a07d7fabbd09-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{51F4C2FB-6377-48BF-9E58-1A1B1E9F43B3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51F4C2FB-6377-48BF-9E58-1A1B1E9F43B3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6c423567-a24d-446b-bae8-e6206777b66a-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{548A203E-4591-4BC4-9409-B7CE95683ADD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{548A203E-4591-4BC4-9409-B7CE95683ADD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\35a3f634" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EDDABF4-CFA1-43DB-8965-BA858AF67208}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EDDABF4-CFA1-43DB-8965-BA858AF67208}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d46c188" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{803D09BF-5D5F-44FF-AE82-E813380836E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{803D09BF-5D5F-44FF-AE82-E813380836E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e41dc5ec-a011-405b-b39b-a07d7fabbd09-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DD095ED-D883-4F54-8CD8-D4B9B0F8DAAE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DD095ED-D883-4F54-8CD8-D4B9B0F8DAAE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6c423567-a24d-446b-bae8-e6206777b66a-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E69FF61-9EE2-4BF4-AD27-6C905EACFD91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E69FF61-9EE2-4BF4-AD27-6C905EACFD91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92466507-5F8D-4638-BA90-1CBE750DE35E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92466507-5F8D-4638-BA90-1CBE750DE35E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6c423567-a24d-446b-bae8-e6206777b66a-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A2244095-07AF-4CFD-B1BB-4AF91B1F4E80}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2244095-07AF-4CFD-B1BB-4AF91B1F4E80}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e41dc5ec-a011-405b-b39b-a07d7fabbd09-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8F6DDDF-E04E-4331-ACCE-4CDB5687CA6C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8F6DDDF-E04E-4331-ACCE-4CDB5687CA6C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e41dc5ec-a011-405b-b39b-a07d7fabbd09-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF680C3E-C575-431C-BEB3-C2A04572A885}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF680C3E-C575-431C-BEB3-C2A04572A885}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cf1fda54" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB3CD0A8-9018-4216-BFFA-7CB6E0FFEF38}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB3CD0A8-9018-4216-BFFA-7CB6E0FFEF38}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a236e608" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC22D0A7-76A5-4418-9536-B01BA1395F2E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC22D0A7-76A5-4418-9536-B01BA1395F2E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1CEE527-15C7-4CB0-A60B-166BAFE519BE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1CEE527-15C7-4CB0-A60B-166BAFE519BE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e41dc5ec-a011-405b-b39b-a07d7fabbd09-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2F22492-6D15-4343-9284-50680C3AD4C5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2F22492-6D15-4343-9284-50680C3AD4C5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e41dc5ec-a011-405b-b39b-a07d7fabbd09-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB163A95-3306-4CDF-8BA8-B8392B95324B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB163A95-3306-4CDF-8BA8-B8392B95324B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6c423567-a24d-446b-bae8-e6206777b66a-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC024F21-C619-432B-9621-573957290A60}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC024F21-C619-432B-9621-573957290A60}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6c423567-a24d-446b-bae8-e6206777b66a-5" => Key deleted successfully.
C:\Windows\Tasks\MYCBDE.job => Moved successfully.
C:\Windows\Tasks\YUHCVSH.job => Moved successfully.
"C:\Users\Admin\AppData\Roaming\MYCBDE.exe" => File/Directory not found.
"C:\Users\Admin\AppData\Roaming\YUHCVSH.exe" => File/Directory not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F095B610-E74E-49DE-873D-4D5386CEDFC6}\\NameServer => value deleted successfully.
nvlddmkm => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
phionvpn => Service deleted successfully.
EmptyTemp: => Removed 581.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         
Ads tauchen noch auf leider.

Ach, eventuell ist es hilfreich euch zu sagen, dass gewisse Seiten von den Ads verschont bleiben, u.a google, wikipedia, youtube und facebook.
Vielleicht hilft euch das ja zu erkennen, womit ich es zu tun habe.


Alt 12.12.2014, 09:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Öffne bitte FRST, setz nen Haken bei Addition und scanne, poste beide Logfiles. In welchen Browsern kommen die Ads?
__________________
--> Ads by BetterMarkIt

Alt 16.12.2014, 15:31   #7
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



In allen eigentlich, IE, Firefox, Opera. Chrome noch nicht ausprobiert, aber ich vermute es mal. Was mir auch noch auffällt, ist dass jedes Testeingabefeld im Browser mit starker Verzögerung auf jeglichen Input reagiert.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2014
Ran by Admin (administrator) on ADMIN-PC on 16-12-2014 15:20:45
Running from c:\Users\Admin\Downloads
Loaded Profile: Admin (Available profiles: Admin)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files\Razer\Diamondback 3G\razerhid.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Razer Inc.) C:\Program Files\Razer\Diamondback 3G\razerofa.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Belkin\F7D4101\V1\PBN.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Diamondback] => C:\Program Files\Razer\Diamondback 3G\razerhid.exe [147456 2007-08-01] ()
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2007-02-28] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [5479224 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3618648 2014-11-27] (Electronic Arts)
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {0a432b9c-5628-11e1-8beb-002215f64712} - H:\iStudio.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {45ff7cad-e803-11dd-afeb-8edf4b91f0b7} - G:\INSTALL.EXE
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {58376522-d1a8-11e2-85fc-002215f64712} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\index.html
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {678c0f35-9d3c-11de-946d-002215f64712} - Iexplores.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Produktregistrierung.lnk
ShortcutTarget: Logitech blank Produktregistrierung.lnk -> C:\Program Files\Logitech\G35\eReg.exe (No File)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
ShortcutTarget: Wireless Configuration Utility HW.51.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = 
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ulsh45d3.default-1418245811959
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2849090330-1973166882-654260307-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-02-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2012-12-10] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2012-12-10] (Cisco Systems, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [28968 2007-08-08] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-30] ()
S3 atxboxfl; C:\Windows\System32\DRIVERS\atxboxfl.sys [25537 2003-12-15] (Compuware Corporation) [File not signed]
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2007-08-20] (EnTech Taiwan)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47616 2008-06-30] (Atheros Communications, Inc.)
S3 LADF_CaptureOnly; C:\Windows\System32\DRIVERS\ladfGSCi386.sys [378568 2011-04-11] (Logitech)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53976 2010-09-29] (Logitech)
S3 LADF_RenderOnly; C:\Windows\System32\DRIVERS\ladfGSRi386.sys [317384 2011-04-11] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [335064 2010-09-29] (Logitech)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-30] ()
S3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [253952 2006-11-02] (Marvell Semiconductor, Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 P17; C:\Windows\System32\drivers\P17.sys [1168896 2009-10-16] (Creative Technology Ltd.)
S3 Razerlow; C:\Windows\System32\Drivers\DB3G.sys [13225 2005-04-24] (Razer (Asia-Pacific) Pte Ltd)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [1170464 2010-03-23] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-01-21] () [File not signed]
S3 W8335XP; C:\Windows\System32\DRIVERS\Mrv8000c.sys [265984 2005-03-25] (Marvell Semiconductor, Inc) [File not signed]
R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [56992 2014-12-05] (Corsica)
U3 au0t2mg7; C:\Windows\system32\Drivers\au0t2mg7.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 15:07 - 2014-12-16 15:07 - 340246887 _____ () C:\Windows\MEMORY.DMP
2014-12-16 15:07 - 2014-12-16 15:07 - 00144432 _____ () C:\Windows\Minidump\Mini121614-01.dmp
2014-12-10 09:57 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:57 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:54 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 09:35 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 09:35 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 09:35 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 09:35 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 09:35 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 09:35 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 09:35 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 09:35 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 09:35 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 22:30 - 2014-12-09 22:30 - 00000000 ____D () C:\Windows\ERUNT
2014-12-09 22:28 - 2014-12-09 22:29 - 01707646 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-12-09 19:24 - 2014-12-09 19:25 - 00033180 _____ () C:\Users\Admin\Downloads\Addition.txt
2014-12-09 19:23 - 2014-12-16 15:24 - 00014291 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-12-09 19:23 - 2014-12-16 15:20 - 00000000 ____D () C:\FRST
2014-12-09 19:23 - 2014-12-09 19:23 - 01111040 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-12-09 18:28 - 2014-12-09 18:28 - 00000000 ____D () C:\Users\Admin\Documents\Tunngle
2014-12-09 17:36 - 2014-12-09 17:36 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 17:35 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 13:17 - 2014-12-09 13:17 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2014-12-09 01:09 - 2014-12-09 13:16 - 00000000 ____D () C:\Program Files\Opera
2014-12-09 00:52 - 2014-12-09 00:53 - 32532216 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_26.0.1656.32_Setup.exe
2014-12-08 19:42 - 2014-12-08 19:42 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable(1).exe
2014-12-08 19:37 - 2014-12-08 19:37 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable.exe
2014-12-08 17:44 - 2014-12-08 17:44 - 01174352 _____ () C:\Users\Admin\Downloads\HijackThis - CHIP-Installer.exe
2014-12-08 17:44 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-12-08 17:44 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-12-06 02:50 - 2014-12-06 03:18 - 00000000 ____D () C:\AdwCleaner
2014-12-06 02:50 - 2014-12-06 03:17 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-06 02:50 - 2014-12-06 02:50 - 02153472 _____ () C:\Users\Admin\Downloads\adwcleaner_4.104.exe
2014-12-06 02:35 - 2014-12-09 18:29 - 00038988 _____ () C:\Windows\PFRO.log
2014-12-05 22:17 - 2014-12-09 12:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 22:16 - 2014-12-08 19:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-12-05 22:16 - 2014-12-05 22:16 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-05 22:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 22:14 - 2014-12-05 22:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-05 22:07 - 2014-12-05 22:07 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Admin\Downloads\SpyHunter-Installer(1).exe
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\Program Files\STab
2014-12-05 21:04 - 2014-12-05 21:04 - 00056992 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys
2014-12-05 21:04 - 2014-12-05 21:04 - 00002393 _____ () C:\Windows\patsearch.bin
2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-05 20:59 - 2014-12-05 20:59 - 00508568 _____ () C:\Users\Admin\Downloads\NeoliveApp_setup_2_ff.exe
2014-12-03 00:01 - 2014-12-03 00:01 - 00000552 _____ () C:\Users\Admin\AppData\Local\d3d8caps.dat
2014-12-02 23:46 - 2014-12-02 23:47 - 28281816 _____ () C:\Users\Admin\Downloads\Turok 2 - Seeds of Evil (D).zip
2014-12-02 23:12 - 2014-12-02 23:12 - 11848358 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire (Europe).zip
2014-11-25 23:28 - 2014-11-25 23:28 - 11781055 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire.zip
2014-11-20 02:34 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 00:21 - 2014-11-20 00:21 - 00244120 _____ () C:\Users\Admin\Downloads\Firefox Setup Stub 33.1.1.exe
2014-11-20 00:06 - 2014-11-20 00:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-20 00:04 - 2014-11-20 00:04 - 00638888 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jxpiinstall.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 15:23 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 15:22 - 2012-06-13 15:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-16 15:22 - 2008-01-21 02:35 - 01865161 _____ () C:\Windows\WindowsUpdate.log
2014-12-16 15:19 - 2012-12-19 23:50 - 00000000 ____D () C:\Program Files\Steam
2014-12-16 15:19 - 2011-09-29 17:30 - 00000000 ____D () C:\ProgramData\Origin
2014-12-16 15:17 - 2013-10-25 12:40 - 00000000 ____D () C:\Program Files\Origin
2014-12-16 15:17 - 2009-04-07 22:12 - 00000431 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-16 15:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 15:16 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-16 15:16 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-16 15:07 - 2011-06-07 20:20 - 00000000 ____D () C:\Windows\Minidump
2014-12-16 15:07 - 2006-11-02 14:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-10 22:32 - 2009-01-04 18:01 - 00000000 ____D () C:\Users\Admin
2014-12-10 18:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 18:15 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-10 09:57 - 2013-07-19 00:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 09:55 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 20:22 - 2012-06-13 15:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 20:22 - 2011-06-08 19:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 18:51 - 2009-01-04 18:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-09 18:34 - 2009-01-04 18:02 - 00058872 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 18:30 - 2006-11-02 13:47 - 00256712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 18:28 - 2010-11-03 19:10 - 00000000 _____ () C:\Windows\system32\Access.dat
2014-12-09 18:25 - 2013-02-18 16:50 - 00000000 ____D () C:\Program Files\OriginLab
2014-12-09 18:22 - 2009-02-18 22:15 - 00000000 ____D () C:\Users\Public\Documents\STALKER-SHOC
2014-12-09 18:09 - 2009-01-28 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Local\Fallout3
2014-12-09 18:07 - 2009-01-24 19:57 - 00000000 ____D () C:\Users\Admin\Documents\My Games
2014-12-09 18:01 - 2010-03-24 21:12 - 00000000 ____D () C:\ProgramData\Solidshield
2014-12-09 12:47 - 2009-01-04 18:02 - 00000949 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-06 02:34 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2014-12-06 02:33 - 2012-02-05 16:47 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-05 21:43 - 2013-07-27 02:29 - 00000350 _____ () C:\Users\Admin\Desktop\Welli Futter.txt
2014-12-05 21:43 - 2011-07-13 22:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Media Player Classic
2014-12-05 21:17 - 2009-01-04 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-12-05 21:07 - 2010-05-31 18:58 - 00000000 ____D () C:\Program Files\Google
2014-11-24 16:56 - 2012-07-27 18:18 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-11-20 00:07 - 2013-11-03 12:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-20 00:06 - 2014-08-23 08:59 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-20 00:06 - 2013-11-03 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-20 00:05 - 2010-02-25 11:14 - 00000000 ____D () C:\Program Files\Java

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-16 15:23

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-12-2014
Ran by Admin at 2014-12-16 15:25:05
Running from c:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.64 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (Version: 1.00.0000 - Ubisoft) Hidden
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.34 - Atheros Communications Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Creative Audio-Systemsteuerung (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Der Kleine Turnierplaner 6.7.3.1a (HKLM\...\Der_Deploy_0) (Version: 6.7.3.1a - Der Kleine Turnierplaner)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. )
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Eigenschaften von Creative Sound Blaster (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
Far Cry® 3 (HKLM\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
IEEE 802.11g Wireless Cardbus/PCI Adapter (HKLM\...\InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}) (Version: 1.00.0000 - OEM)
IEEE 802.11g Wireless Cardbus/PCI Adapter (Version: 1.00.0000 - OEM) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016F0}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF Image Extraction Wizard 1.2 (HKLM\...\PDF Image Extraction Wizard 1.2_is1) (Version:  - RL Vision)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Play Wireless USB Adapter (HKLM\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin)
Play Wireless USB Adapter (Version: 1.0.0.03 - Belkin) Hidden
Razer Diamondback 3G (HKLM\...\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}) (Version: 5.01 - Razer USA Ltd.)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Rockstar Games Social Club (HKLM\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Sound Blaster Audigy (HKLM\...\{C5828861-B97B-4037-995C-C65E9CC13A3B}) (Version: 1.0 - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
USB GAME PAD (HKLM\...\USB GAME PAD) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Warcraft III (HKLM\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Warcraft III) (Version:  - )
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path

==================== Restore Points  =========================

06-12-2014 01:46:45 Revo Uninstaller's restore point - Windows Media Player Firefox Plugin
08-12-2014 19:15:13 Geplanter Prüfpunkt
09-12-2014 11:44:53 Revo Uninstaller's restore point - Cliqz
09-12-2014 11:47:03 Revo Uninstaller's restore point - Opera Stable 26.0.1656.32
09-12-2014 13:43:26 Windows Update
09-12-2014 16:26:44 Revo Uninstaller's restore point - Mozilla Firefox 34.0.5 (x86 de)
09-12-2014 16:31:08 Revo Uninstaller's restore point - Explorer Suite III
09-12-2014 16:31:58 Revo Uninstaller's restore point - Windows Media Player Firefox Plugin
09-12-2014 16:55:00 Revo Uninstaller's restore point - SopCast 3.4.0
09-12-2014 16:56:09 Revo Uninstaller's restore point - Crysis(R)
09-12-2014 17:01:01 Revo Uninstaller's restore point - Crysis® 2
09-12-2014 17:01:11 Removed Crysis® 2
09-12-2014 17:07:05 Revo Uninstaller's restore point - Fallout 3
09-12-2014 17:07:45 Removed Fallout 3
09-12-2014 17:10:01 Revo Uninstaller's restore point - Fallout New Vegas
09-12-2014 17:11:22 Revo Uninstaller's restore point - Far Cry 2
09-12-2014 17:12:23 Revo Uninstaller's restore point - Magic Set Editor 2 - 0.3.8 beta
09-12-2014 17:13:57 Entfernt Far Cry 2
09-12-2014 17:15:46 Revo Uninstaller's restore point - SPORE™
09-12-2014 17:16:13 Entfernt SPORE™
09-12-2014 17:20:31 Revo Uninstaller's restore point - Premiumplay Codec-C
09-12-2014 17:22:30 Revo Uninstaller's restore point - S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
09-12-2014 17:23:58 Revo Uninstaller's restore point - Origin90
09-12-2014 17:27:52 Revo Uninstaller's restore point - Tunngle beta
09-12-2014 17:48:24 Revo Uninstaller's restore point - Portal 2
09-12-2014 17:49:43 Revo Uninstaller's restore point - Combined Community Codec Pack 2011-06-26
09-12-2014 17:50:49 Revo Uninstaller's restore point - Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
10-12-2014 08:53:55 Windows Update
11-12-2014 13:09:13 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2012-12-20 12:10 - 00000801 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
132.187.1.5	vpngw.uni-wuerzburg.de


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {6DD52B62-EAD0-4D72-A080-08A53787DCF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {945E8773-666E-4BB1-B663-544350D73767} - System32\Tasks\Run_Bobby_Browser => C:\Users\Admin\AppData\Local\BoBrowser\Application\bobrowser.exe
Task: {EC1640A5-19DE-4C81-9A80-C15A9EE0B712} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {ED14B6EE-D593-4A67-96C4-83033B584D2B} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Admin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-09-28 02:10 - 2012-09-28 02:10 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2009-01-15 20:37 - 2007-08-01 14:07 - 00147456 _____ () C:\Program Files\Razer\Diamondback 3G\razerhid.exe
2009-05-29 17:34 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2009-05-29 17:34 - 2009-07-10 09:07 - 00166912 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2009-12-28 17:25 - 2009-12-28 17:25 - 00036864 ____N () C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
2009-11-25 18:45 - 2009-11-25 18:45 - 00110592 ____N () C:\Program Files\Belkin\F7D4101\V1\PBN.exe
2009-09-15 19:17 - 2009-09-15 19:17 - 00200704 ____N () C:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
2005-04-12 10:03 - 2005-04-12 10:03 - 00458752 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
2005-04-12 10:44 - 2005-04-12 10:44 - 00049152 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanDll.dll
2014-12-09 17:36 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-12-09 20:22 - 2014-12-09 20:22 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: FilterHost => C:\Users\Admin\AppData\Roaming\mmserver\FilterHost.exe
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry

========================= Accounts: ==========================

Admin (S-1-5-21-2849090330-1973166882-654260307-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2849090330-1973166882-654260307-500 - Administrator - Disabled)
Gast (S-1-5-21-2849090330-1973166882-654260307-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/16/2014 03:18:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 03:09:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 03:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2014 10:37:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2014 10:17:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2014 10:14:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16599, Zeitstempel 0x5473964b, fehlerhaftes Modul atiumdag.dll, Version 9.14.10.926, Zeitstempel 0x5064fef0, Ausnahmecode 0xc0000005, Fehleroffset 0x001517e2,
Prozess-ID 0xe04, Anwendungsstartzeit iexplore.exe0.

Error: (12/10/2014 10:14:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16599, Zeitstempel 0x5473964b, fehlerhaftes Modul atiumdag.dll, Version 9.14.10.926, Zeitstempel 0x5064fef0, Ausnahmecode 0xc0000005, Fehleroffset 0x001517e2,
Prozess-ID 0x1644, Anwendungsstartzeit iexplore.exe0.

Error: (12/10/2014 10:14:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16599, Zeitstempel 0x5473964b, fehlerhaftes Modul atiumdag.dll, Version 9.14.10.926, Zeitstempel 0x5064fef0, Ausnahmecode 0xc0000005, Fehleroffset 0x001517e2,
Prozess-ID 0xe40, Anwendungsstartzeit iexplore.exe0.

Error: (12/10/2014 10:14:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16599, Zeitstempel 0x5473964b, fehlerhaftes Modul atiumdag.dll, Version 9.14.10.926, Zeitstempel 0x5064fef0, Ausnahmecode 0xc0000005, Fehleroffset 0x001517e2,
Prozess-ID 0x1724, Anwendungsstartzeit iexplore.exe0.

Error: (12/10/2014 10:13:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16599, Zeitstempel 0x5473964b, fehlerhaftes Modul atiumdag.dll, Version 9.14.10.926, Zeitstempel 0x5064fef0, Ausnahmecode 0xc0000005, Fehleroffset 0x001517e2,
Prozess-ID 0x15c8, Anwendungsstartzeit iexplore.exe0.


System errors:
=============
Error: (12/16/2014 03:18:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/16/2014 03:18:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (12/16/2014 03:16:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 16.12.2014 um 15:11:46 unerwartet heruntergefahren.

Error: (12/16/2014 03:09:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/16/2014 03:07:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 16.12.2014 um 15:05:32 unerwartet heruntergefahren.

Error: (12/16/2014 03:01:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/11/2014 10:37:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/11/2014 10:36:13 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (12/10/2014 10:17:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/10/2014 10:17:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent


Microsoft Office Sessions:
=========================
Error: (12/16/2014 03:18:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 03:09:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 03:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2014 10:37:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2014 10:17:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2014 10:14:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165995473964batiumdag.dll9.14.10.9265064fef0c0000005001517e2e0401d014be597d149e

Error: (12/10/2014 10:14:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165995473964batiumdag.dll9.14.10.9265064fef0c0000005001517e2164401d014be504f70ce

Error: (12/10/2014 10:14:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165995473964batiumdag.dll9.14.10.9265064fef0c0000005001517e2e4001d014be504f70ce

Error: (12/10/2014 10:14:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165995473964batiumdag.dll9.14.10.9265064fef0c0000005001517e2172401d014be0b199b2e

Error: (12/10/2014 10:13:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165995473964batiumdag.dll9.14.10.9265064fef0c0000005001517e215c801d014be2833214e


CodeIntegrity Errors:
===================================
  Date: 2014-12-16 15:24:55.095
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:54.791
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:54.470
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:54.194
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:53.704
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:53.464
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:53.168
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:52.825
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:09:10.832
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:09:10.645
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 67%
Total physical RAM: 3326.12 MB
Available physical RAM: 1077.13 MB
Total Pagefile: 6873.21 MB
Available Pagefile: 4007.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:55.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Lokaler Datenträger) (Fixed) (Total:315.76 GB) (Free:280.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1214D70B)
Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=315.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 16.12.2014, 21:46   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Kannste mir mal nen Screenshot davon machen? Andere Rechner in deinem Netz haben keine Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.12.2014, 23:14   #9
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Habe hier mal den kompletten Wahnsinn versammelt inklusive Extra-Tabs, Pop-Ups und Sound Ads. Nein andere Rechner haben keine Probleme, zumindest nicht dass ich wüsste.



Alt 17.12.2014, 20:20   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Das sind Firefox Screens. Besteht das Problem weiterhin in ALLEN Browsern?

Ich sehe einen UNI-VPN. Bist Du immer nur dort online?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.12.2014, 21:23   #11
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Nein, den UNI-VPN benutze ich nur um wissenschaftliche Veröffentlichungen herunterladen zu können, ansonsten nie.

Ja, es sind weiterhin alle Browser betroffen, zumindest die vier der "großen" Browser die ich getestet habe, IE, Forefox, Chrome und Opera.
Surfen ist zur Qual geworden und ich traue mich nicht mehr irgendwas in die Richtung Online-Banking oder Online-Shopping an meinem Rechner zu machen, aus Angst dass Kontodaten gestohlen werden. Habe sämtliche Weihnachtseinkäufe an Rechnern von Freunden erledigen müssen. Bin völlig verzweifelt.

Alt 18.12.2014, 20:33   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Zitat:
Nein andere Rechner haben keine Probleme, zumindest nicht dass ich wüsste.
Trotzdem will ich jetzt den Router ausschliessen:

Router komplett auf Werkseinstellungen zurücksetzen, Verbindungsdaten neu eingeben. Dann sämtliche BRowser einmal komplett zurücksetzen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.12.2014, 15:53   #13
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Erledigt. Fritz.Box zurückgesetzt, Verbindungsdaten neu eingegeben, Browser zurückgesetzt.

Ads sind noch da, in allen Browsern.

Alt 20.12.2014, 15:36   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Bitte zwei frische FRST Logs von dem Rechner.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.12.2014, 16:13   #15
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Ist es normal das FRST zwischendurch immer wieder mal "abstürzt"?
Bekomme während dem Scan mehrmals "(Keine Rückmeldung)" in der Fensterleiste angezeigt.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2014
Ran by Admin (administrator) on ADMIN-PC on 20-12-2014 16:09:05
Running from c:\Users\Admin\Downloads
Loaded Profile: Admin (Available profiles: Admin)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Belkin\F7D4101\V1\PBN.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2007-02-28] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {0a432b9c-5628-11e1-8beb-002215f64712} - H:\iStudio.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {45ff7cad-e803-11dd-afeb-8edf4b91f0b7} - G:\INSTALL.EXE
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {58376522-d1a8-11e2-85fc-002215f64712} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\index.html
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {678c0f35-9d3c-11de-946d-002215f64712} - Iexplores.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
ShortcutTarget: Wireless Configuration Utility HW.51.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7etp4u8.default-1418998594878
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2849090330-1973166882-654260307-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-02-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2012-12-10] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2012-12-10] (Cisco Systems, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [28968 2007-08-08] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-30] ()
S3 atxboxfl; C:\Windows\System32\DRIVERS\atxboxfl.sys [25537 2003-12-15] (Compuware Corporation) [File not signed]
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2007-08-20] (EnTech Taiwan)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47616 2008-06-30] (Atheros Communications, Inc.)
S3 LADF_CaptureOnly; C:\Windows\System32\DRIVERS\ladfGSCi386.sys [378568 2011-04-11] (Logitech)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53976 2010-09-29] (Logitech)
S3 LADF_RenderOnly; C:\Windows\System32\DRIVERS\ladfGSRi386.sys [317384 2011-04-11] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [335064 2010-09-29] (Logitech)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-30] ()
S3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [253952 2006-11-02] (Marvell Semiconductor, Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 P17; C:\Windows\System32\drivers\P17.sys [1168896 2009-10-16] (Creative Technology Ltd.)
S3 Razerlow; C:\Windows\System32\Drivers\DB3G.sys [13225 2005-04-24] (Razer (Asia-Pacific) Pte Ltd)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [1170464 2010-03-23] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-01-21] () [File not signed]
S3 W8335XP; C:\Windows\System32\DRIVERS\Mrv8000c.sys [265984 2005-03-25] (Marvell Semiconductor, Inc) [File not signed]
R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [56992 2014-12-05] (Corsica)
U3 agjup13w; C:\Windows\system32\Drivers\agjup13w.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 16:08 - 2014-12-20 16:08 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2014-12-18 11:43 - 2014-12-18 11:43 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VSRevoGroup
2014-12-17 21:13 - 2014-12-17 21:13 - 00880784 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup.exe
2014-12-16 15:07 - 2014-12-16 15:07 - 340246887 _____ () C:\Windows\MEMORY.DMP
2014-12-16 15:07 - 2014-12-16 15:07 - 00144432 _____ () C:\Windows\Minidump\Mini121614-01.dmp
2014-12-10 09:57 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:57 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:54 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 09:35 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 09:35 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 09:35 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 09:35 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 09:35 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 09:35 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 09:35 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 09:35 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 09:35 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 22:30 - 2014-12-09 22:30 - 00000000 ____D () C:\Windows\ERUNT
2014-12-09 22:28 - 2014-12-09 22:29 - 01707646 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-12-09 19:24 - 2014-12-16 15:27 - 00027771 _____ () C:\Users\Admin\Downloads\Addition.txt
2014-12-09 19:23 - 2014-12-20 16:09 - 00011723 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-12-09 19:23 - 2014-12-20 16:09 - 00000000 ____D () C:\FRST
2014-12-09 19:23 - 2014-12-20 16:08 - 01114112 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-12-09 18:28 - 2014-12-09 18:28 - 00000000 ____D () C:\Users\Admin\Documents\Tunngle
2014-12-09 17:36 - 2014-12-09 17:36 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 17:35 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 13:17 - 2014-12-09 13:17 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2014-12-09 01:09 - 2014-12-09 13:16 - 00000000 ____D () C:\Program Files\Opera
2014-12-09 00:52 - 2014-12-09 00:53 - 32532216 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_26.0.1656.32_Setup.exe
2014-12-08 19:42 - 2014-12-08 19:42 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable(1).exe
2014-12-08 19:37 - 2014-12-08 19:37 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable.exe
2014-12-08 17:44 - 2014-12-08 17:44 - 01174352 _____ () C:\Users\Admin\Downloads\HijackThis - CHIP-Installer.exe
2014-12-08 17:44 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-12-08 17:44 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-12-06 02:50 - 2014-12-06 03:18 - 00000000 ____D () C:\AdwCleaner
2014-12-06 02:50 - 2014-12-06 03:17 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-06 02:50 - 2014-12-06 02:50 - 02153472 _____ () C:\Users\Admin\Downloads\adwcleaner_4.104.exe
2014-12-06 02:35 - 2014-12-18 10:56 - 00039300 _____ () C:\Windows\PFRO.log
2014-12-05 22:17 - 2014-12-09 12:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 22:16 - 2014-12-08 19:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-12-05 22:16 - 2014-12-05 22:16 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-05 22:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 22:14 - 2014-12-05 22:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-05 22:07 - 2014-12-05 22:07 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Admin\Downloads\SpyHunter-Installer(1).exe
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\Program Files\STab
2014-12-05 21:04 - 2014-12-05 21:04 - 00056992 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys
2014-12-05 21:04 - 2014-12-05 21:04 - 00002393 _____ () C:\Windows\patsearch.bin
2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-05 20:59 - 2014-12-05 20:59 - 00508568 _____ () C:\Users\Admin\Downloads\NeoliveApp_setup_2_ff.exe
2014-12-03 00:01 - 2014-12-03 00:01 - 00000552 _____ () C:\Users\Admin\AppData\Local\d3d8caps.dat
2014-12-02 23:46 - 2014-12-02 23:47 - 28281816 _____ () C:\Users\Admin\Downloads\Turok 2 - Seeds of Evil (D).zip
2014-12-02 23:12 - 2014-12-02 23:12 - 11848358 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire (Europe).zip
2014-11-25 23:28 - 2014-11-25 23:28 - 11781055 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire.zip
2014-11-20 02:34 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 00:21 - 2014-11-20 00:21 - 00244120 _____ () C:\Users\Admin\Downloads\Firefox Setup Stub 33.1.1.exe
2014-11-20 00:06 - 2014-11-20 00:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-20 00:04 - 2014-11-20 00:04 - 00638888 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jxpiinstall.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 15:22 - 2012-06-13 15:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-20 14:22 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 14:22 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 10:27 - 2008-01-21 02:35 - 01967631 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 10:22 - 2009-04-07 22:12 - 00000431 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-20 10:22 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 02:38 - 2006-11-02 14:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-19 19:40 - 2012-12-19 23:50 - 00000000 ____D () C:\Program Files\Steam
2014-12-19 15:00 - 2010-05-31 18:58 - 00000000 ____D () C:\Program Files\Google
2014-12-19 14:59 - 2010-05-31 18:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-12-19 01:50 - 2012-11-21 18:30 - 00000000 ____D () C:\Users\Admin\Downloads\Neuer Ordner
2014-12-18 11:18 - 2013-10-25 12:40 - 00000000 ____D () C:\Program Files\Origin
2014-12-17 19:39 - 2011-09-29 17:30 - 00000000 ____D () C:\ProgramData\Origin
2014-12-16 15:23 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 15:07 - 2011-06-07 20:20 - 00000000 ____D () C:\Windows\Minidump
2014-12-10 22:32 - 2009-01-04 18:01 - 00000000 ____D () C:\Users\Admin
2014-12-10 18:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 18:15 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-10 09:57 - 2013-07-19 00:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 09:55 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 20:22 - 2012-06-13 15:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 20:22 - 2011-06-08 19:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 18:51 - 2009-01-04 18:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-09 18:34 - 2009-01-04 18:02 - 00058872 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 18:30 - 2006-11-02 13:47 - 00256712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 18:28 - 2010-11-03 19:10 - 00000000 _____ () C:\Windows\system32\Access.dat
2014-12-09 18:25 - 2013-02-18 16:50 - 00000000 ____D () C:\Program Files\OriginLab
2014-12-09 18:22 - 2009-02-18 22:15 - 00000000 ____D () C:\Users\Public\Documents\STALKER-SHOC
2014-12-09 18:09 - 2009-01-28 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Local\Fallout3
2014-12-09 18:07 - 2009-01-24 19:57 - 00000000 ____D () C:\Users\Admin\Documents\My Games
2014-12-09 18:01 - 2010-03-24 21:12 - 00000000 ____D () C:\ProgramData\Solidshield
2014-12-09 12:47 - 2009-01-04 18:02 - 00000949 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-06 02:34 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2014-12-06 02:33 - 2012-02-05 16:47 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-05 21:43 - 2013-07-27 02:29 - 00000350 _____ () C:\Users\Admin\Desktop\Welli Futter.txt
2014-12-05 21:43 - 2011-07-13 22:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Media Player Classic
2014-12-05 21:17 - 2009-01-04 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-11-24 16:56 - 2012-07-27 18:18 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-11-24 14:04 - 2009-10-02 16:45 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-20 00:07 - 2013-11-03 12:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-20 00:06 - 2014-08-23 08:59 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-20 00:06 - 2013-11-03 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-20 00:05 - 2010-02-25 11:14 - 00000000 ____D () C:\Program Files\Java

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-20 10:37

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-12-2014
Ran by Admin at 2014-12-20 16:10:05
Running from c:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.64 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (Version: 1.00.0000 - Ubisoft) Hidden
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.34 - Atheros Communications Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Creative Audio-Systemsteuerung (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Der Kleine Turnierplaner 6.7.3.1a (HKLM\...\Der_Deploy_0) (Version: 6.7.3.1a - Der Kleine Turnierplaner)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. )
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Eigenschaften von Creative Sound Blaster (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
Far Cry® 3 (HKLM\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
IEEE 802.11g Wireless Cardbus/PCI Adapter (HKLM\...\InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}) (Version: 1.00.0000 - OEM)
IEEE 802.11g Wireless Cardbus/PCI Adapter (Version: 1.00.0000 - OEM) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016F0}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF Image Extraction Wizard 1.2 (HKLM\...\PDF Image Extraction Wizard 1.2_is1) (Version:  - RL Vision)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Play Wireless USB Adapter (HKLM\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin)
Play Wireless USB Adapter (Version: 1.0.0.03 - Belkin) Hidden
Razer Diamondback 3G (HKLM\...\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}) (Version: 5.01 - Razer USA Ltd.)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Rockstar Games Social Club (HKLM\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Sound Blaster Audigy (HKLM\...\{C5828861-B97B-4037-995C-C65E9CC13A3B}) (Version: 1.0 - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
USB GAME PAD (HKLM\...\USB GAME PAD) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Warcraft III (HKLM\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Warcraft III) (Version:  - )
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path

==================== Restore Points  =========================

09-12-2014 17:55:00 Revo Uninstaller's restore point - SopCast 3.4.0
09-12-2014 17:56:09 Revo Uninstaller's restore point - Crysis(R)
09-12-2014 18:01:01 Revo Uninstaller's restore point - Crysis® 2
09-12-2014 18:01:11 Removed Crysis® 2
09-12-2014 18:07:05 Revo Uninstaller's restore point - Fallout 3
09-12-2014 18:07:45 Removed Fallout 3
09-12-2014 18:10:01 Revo Uninstaller's restore point - Fallout New Vegas
09-12-2014 18:11:22 Revo Uninstaller's restore point - Far Cry 2
09-12-2014 18:12:23 Revo Uninstaller's restore point - Magic Set Editor 2 - 0.3.8 beta
09-12-2014 18:13:57 Entfernt Far Cry 2
09-12-2014 18:15:46 Revo Uninstaller's restore point - SPORE™
09-12-2014 18:16:13 Entfernt SPORE™
09-12-2014 18:20:31 Revo Uninstaller's restore point - Premiumplay Codec-C
09-12-2014 18:22:30 Revo Uninstaller's restore point - S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
09-12-2014 18:23:58 Revo Uninstaller's restore point - Origin90
09-12-2014 18:27:52 Revo Uninstaller's restore point - Tunngle beta
09-12-2014 18:48:24 Revo Uninstaller's restore point - Portal 2
09-12-2014 18:49:43 Revo Uninstaller's restore point - Combined Community Codec Pack 2011-06-26
09-12-2014 18:50:49 Revo Uninstaller's restore point - Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
10-12-2014 09:53:55 Windows Update
11-12-2014 14:09:13 Geplanter Prüfpunkt
16-12-2014 15:27:20 Windows Update
17-12-2014 15:26:19 Geplanter Prüfpunkt
19-12-2014 14:59:08 Revo Uninstaller's restore point - Google Chrome
20-12-2014 12:34:44 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2012-12-20 12:10 - 00000801 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
132.187.1.5	vpngw.uni-wuerzburg.de


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1F0BD6DB-B3F0-4D85-8BAA-759AAD65D1AB} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Admin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {6DD52B62-EAD0-4D72-A080-08A53787DCF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {945E8773-666E-4BB1-B663-544350D73767} - System32\Tasks\Run_Bobby_Browser => C:\Users\Admin\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {EC1640A5-19DE-4C81-9A80-C15A9EE0B712} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2009-12-28 17:25 - 2009-12-28 17:25 - 00036864 ____N () C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
2012-09-28 02:10 - 2012-09-28 02:10 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2009-05-29 17:34 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2009-05-29 17:34 - 2009-07-10 09:07 - 00166912 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2009-11-25 18:45 - 2009-11-25 18:45 - 00110592 ____N () C:\Program Files\Belkin\F7D4101\V1\PBN.exe
2009-09-15 19:17 - 2009-09-15 19:17 - 00200704 ____N () C:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
2005-04-12 10:03 - 2005-04-12 10:03 - 00458752 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
2005-04-12 10:44 - 2005-04-12 10:44 - 00049152 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanDll.dll
2014-12-09 17:36 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-12-09 20:22 - 2014-12-09 20:22 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: FilterHost => C:\Users\Admin\AppData\Roaming\mmserver\FilterHost.exe
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry

========================= Accounts: ==========================

Admin (S-1-5-21-2849090330-1973166882-654260307-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2849090330-1973166882-654260307-500 - Administrator - Disabled)
Gast (S-1-5-21-2849090330-1973166882-654260307-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/20/2014 10:23:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2014 03:13:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16599 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1074
Anfangszeit: 01d01b947a478713
Zeitpunkt der Beendigung: 0

Error: (12/19/2014 02:59:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {c4ec5f44-2586-418e-8e38-b1735b8adf4c}

Error: (12/19/2014 10:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:24 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (12/18/2014 10:58:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:38:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:35:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000374, Fehleroffset 0x000b06fc,
Prozess-ID 0x440, Anwendungsstartzeit svchost.exe0.

Error: (12/17/2014 10:41:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/20/2014 10:23:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/19/2014 03:08:32 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (12/19/2014 10:45:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/18/2014 09:13:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/18/2014 10:58:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/17/2014 07:38:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/17/2014 07:38:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (12/17/2014 10:41:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/17/2014 10:40:18 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (12/16/2014 03:18:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt


Microsoft Office Sessions:
=========================
Error: (12/20/2014 10:23:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2014 03:13:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16599107401d01b947a4787130

Error: (12/19/2014 02:59:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {c4ec5f44-2586-418e-8e38-b1735b8adf4c}

Error: (12/19/2014 10:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:24 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (12/18/2014 10:58:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:38:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:35:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.0.6001.1800047918b89ntdll.dll6.0.6002.1888151da3e27c0000374000b06fc44001d019dd635bc61e

Error: (12/17/2014 10:41:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-12-20 16:10:02.735
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:02.547
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:02.360
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:02.173
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:01.892
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:01.705
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:01.518
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:01.346
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:55.095
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:54.791
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 36%
Total physical RAM: 3326.12 MB
Available physical RAM: 2112.33 MB
Total Pagefile: 6877.21 MB
Available Pagefile: 5847.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:53.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Lokaler Datenträger) (Fixed) (Total:315.76 GB) (Free:280.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1214D70B)
Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=315.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Antwort

Themen zu Ads by BetterMarkIt
ads, bettermarkit, browser, dateien, firefox, gefundene, gefundenen, gelöscht, grüne, installer, installiert, komplett, kriege, links, mehrfach, neu, nichts, opera, popups, problem, ratlos, reset, revo-uninstaller, software, verzweifelt, wanted, überall





Zum Thema Ads by BetterMarkIt - Hallo, habe ein Problem mit einer Art Browser Hijacker. Egal welchen Browser ich benutze, ob Firefox, Chrome, Opera, IE, ich kriege überall Werbebanner, Werbepop-ups inkl. grüne Links, 3 Extrafenster und - Ads by BetterMarkIt...
Archiv
Du betrachtest: Ads by BetterMarkIt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.