Lästige Pop-Ups und Werbeeinblendungen, PC wahrscheinlich mit Trojaner infiziert

Kanso · 26.01.2015, 12:37

Hallo,

habe gestern ein kostenloses Programm zur Aufnahme von Sounddateien runtergeladen. Bei der Installation habe ich leider nicht richtig aufgepasst (war schon ziemlich spät) und dadurch haben sich noch etliche unerwünschte Programme mitinstalliert. Diese habe ich dann versucht wieder zu löschen. Hat auch geklappt, bis auf eine Ausnahme. Bei dem Versuch dieses zu deinstallieren, kommt eine Meldung von meinem Virenprogramm (Benutze Norton Internet Securiry), dass es sich dabei um einen Trojaner handelt und dieser blockiert wird. Seit dem tauchen auf bestimmten Seiten nun die ganze Zeit Werbefenster auf, die vorher nicht da waren. Hab mir einen neuen Browser mit AdBlockPlus zugelegt, leider ohne Erfolg. Bin normalerweise immer vorsichtig mit Downloads usw. Leider einmal nicht aufgepasst und schon ist es passiert. Ich hoffe ihr könnt mir da weiterhelfen.

Gruß Kanso

schrauber · 26.01.2015, 12:50

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Kanso · 26.01.2015, 16:02

Aller klar,

hier der FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Admin (administrator) on ADMIN-PC on 26-01-2015 15:59:25
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(InstallMoon) C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-6.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Rational Thought Solutions) C:\ProgramData\SaYmJbhs\GUKLnctvqF.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-988284940-210793992-766847566-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-988284940-210793992-766847566-1000\...\MountPoints2: {826bd3b9-9226-11e3-81cf-806e6f6e6963} - D:\Run.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk
ShortcutTarget: TP-LINK-Konfigurationstool.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-988284940-210793992-766847566-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-988284940-210793992-766847566-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: GoHD -> {11111111-1111-1111-1111-110611211180} -> C:\Program Files (x86)\GoHD\GoHD-bho64.dll (InstallMoon)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO-x32: GoHD -> {11111111-1111-1111-1111-110611211180} -> C:\Program Files (x86)\GoHD\GoHD-bho.dll (InstallMoon)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxq420uz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin HKU\S-1-5-21-988284940-210793992-766847566-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxq420uz.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-01-26]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-25] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-25] (globalUpdate) [File not signed]
R2 GUKLnctvqF; C:\ProgramData\SaYmJbhs\GUKLnctvqF.exe [2734912 2015-01-25] (Rational Thought Solutions)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-20] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-06-19] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150123.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-06-19] ()
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150125.005\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150125.005\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-05-14] (Realtek Semiconductor Corporation                           )
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-26] (Symantec Corporation)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 15:59 - 2015-01-26 15:59 - 00017063 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-01-26 15:58 - 2015-01-26 15:59 - 00000000 ____D () C:\FRST
2015-01-26 15:57 - 2015-01-26 15:57 - 02129920 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-01-26 02:07 - 2015-01-26 02:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\Macromedia
2015-01-26 02:06 - 2015-01-26 02:06 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-26 02:06 - 2015-01-26 02:06 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-26 02:06 - 2015-01-26 02:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla
2015-01-26 02:06 - 2015-01-26 02:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2015-01-26 02:06 - 2015-01-26 02:06 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-26 02:06 - 2015-01-26 02:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 02:05 - 2015-01-26 02:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 01:56 - 2015-01-26 01:56 - 00000000 ____D () C:\HealthAlert
2015-01-25 05:45 - 2015-01-25 22:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-01-25 05:45 - 2015-01-25 05:45 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-25 05:45 - 2015-01-25 05:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-25 05:45 - 2015-01-25 05:45 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-25 05:44 - 2015-01-25 05:44 - 01191200 _____ () C:\Users\Admin\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2015-01-25 04:50 - 2015-01-26 15:51 - 00002412 _____ () C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5_user.job
2015-01-25 04:50 - 2015-01-26 15:51 - 00002412 _____ () C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5.job
2015-01-25 04:50 - 2015-01-25 04:50 - 00005442 _____ () C:\Windows\System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5
2015-01-25 04:50 - 2015-01-25 04:50 - 00003104 _____ () C:\Windows\System32\Tasks\{459661D1-D2F6-419D-ADE9-E7E05FD0DA52}
2015-01-25 04:49 - 2015-01-26 15:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\HealthAlert
2015-01-25 04:49 - 2015-01-26 15:53 - 00002078 _____ () C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-10_user.job
2015-01-25 04:49 - 2015-01-26 15:51 - 00005484 _____ () C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-7.job
2015-01-25 04:49 - 2015-01-26 15:51 - 00005484 _____ () C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-6.job
2015-01-25 04:49 - 2015-01-26 15:51 - 00003398 _____ () C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-1.job
2015-01-25 04:49 - 2015-01-26 15:51 - 00002076 _____ () C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-2.job
2015-01-25 04:49 - 2015-01-26 15:51 - 00000934 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-25 04:49 - 2015-01-25 22:54 - 00000938 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-01-25 04:49 - 2015-01-25 04:51 - 00000000 ____D () C:\Program Files (x86)\GoHD
2015-01-25 04:49 - 2015-01-25 04:50 - 00005106 _____ () C:\Windows\System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-2
2015-01-25 04:49 - 2015-01-25 04:49 - 00008514 _____ () C:\Windows\System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-7
2015-01-25 04:49 - 2015-01-25 04:49 - 00008512 _____ () C:\Windows\System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-6
2015-01-25 04:49 - 2015-01-25 04:49 - 00006428 _____ () C:\Windows\System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-1
2015-01-25 04:49 - 2015-01-25 04:49 - 00003936 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-01-25 04:49 - 2015-01-25 04:49 - 00003682 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-01-25 04:49 - 2015-01-25 04:49 - 00000000 ____D () C:\Users\Admin\AppData\Local\globalUpdate
2015-01-25 04:49 - 2015-01-25 04:49 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-25 04:49 - 2015-01-25 04:49 - 00000000 ____D () C:\Program Files (x86)\24386585-620d-4ce0-9dba-955e5547dbd7
2015-01-25 04:48 - 2015-01-25 21:28 - 00000000 ____D () C:\MyAudio
2015-01-25 04:48 - 2014-12-08 17:01 - 00020216 _____ () C:\Windows\system32\roboot64.exe
2015-01-25 04:47 - 2015-01-26 03:02 - 00000000 ____D () C:\ProgramData\SaYmJbhs
2015-01-25 04:47 - 2015-01-26 02:31 - 00000000 ____D () C:\ProgramData\HealthAlert
2015-01-25 04:47 - 2015-01-25 21:24 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-25 04:46 - 2015-01-25 04:46 - 00001110 _____ () C:\Users\Public\Desktop\AoA Audio Extractor.lnk
2015-01-25 04:46 - 2015-01-25 04:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA Audio Extractor
2015-01-25 04:46 - 2007-05-13 12:24 - 00086683 _____ (Open Source Software community project) C:\Windows\SysWOW64\pthreadGC2.dll
2015-01-25 04:45 - 2015-01-25 04:46 - 00000000 ____D () C:\Program Files (x86)\AoA Audio Extractor
2015-01-25 04:45 - 2015-01-25 04:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\StormFall
2015-01-25 04:45 - 2015-01-25 04:44 - 08368579 _____ (AoAMedia.com ) C:\Users\Admin\Downloads\audioextractor_CB-DL-Manager [1].exe
2015-01-25 04:44 - 2015-01-25 04:44 - 00823792 _____ ( ) C:\Users\Admin\Downloads\audioextractor_CB-DL-Manager.exe
2015-01-25 04:35 - 2015-01-25 21:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Audacity
2015-01-25 04:35 - 2015-01-25 04:35 - 22892794 _____ (Audacity Team ) C:\Users\Admin\Downloads\audacity-win-2.0.6.exe
2015-01-25 04:35 - 2015-01-25 04:35 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-01-25 04:35 - 2015-01-25 04:35 - 00001003 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-01-25 04:35 - 2015-01-25 04:35 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-01-25 04:34 - 2015-01-25 04:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\mkvtoolnix
2015-01-25 04:33 - 2015-01-25 04:33 - 18790552 _____ (Moritz Bunkus) C:\Users\Admin\Downloads\mkvtoolnix-amd64-7.5.0-setup.exe
2015-01-25 04:33 - 2015-01-25 04:33 - 00001738 _____ () C:\Users\Public\Desktop\MKVToolNix GUI preview.lnk
2015-01-25 04:33 - 2015-01-25 04:33 - 00001655 _____ () C:\Users\Public\Desktop\mkvmerge GUI.lnk
2015-01-25 04:33 - 2015-01-25 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2015-01-25 04:33 - 2015-01-25 04:33 - 00000000 ____D () C:\Program Files\MKVToolNix
2015-01-25 04:27 - 2015-01-25 22:04 - 00000000 ____D () C:\Users\Admin\Desktop\MeGUI
2015-01-25 04:25 - 2015-01-25 04:25 - 78435557 _____ () C:\Users\Admin\Downloads\MeGUI_2507_x86 (1).zip
2015-01-25 04:19 - 2015-01-25 04:19 - 01194185 _____ () C:\Windows\unins000.exe
2015-01-25 04:19 - 2015-01-25 04:19 - 00868025 _____ (INNOMAGIC, Ltd. ) C:\Users\Admin\Downloads\MagicYUV_v1.0 (1).exe
2015-01-25 04:19 - 2015-01-25 04:19 - 00003907 _____ () C:\Windows\unins000.dat
2015-01-25 04:19 - 2015-01-25 04:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicYUV
2015-01-25 04:19 - 2014-09-12 02:07 - 00647168 _____ () C:\Windows\SysWOW64\magicyuv.dll
2015-01-25 04:19 - 2014-09-12 02:06 - 00732160 _____ () C:\Windows\system32\magicyuv.dll
2015-01-25 04:02 - 2015-01-25 04:02 - 93427112 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jre-8u31-windows-x64.exe
2015-01-25 03:45 - 2015-01-25 03:45 - 00003156 _____ () C:\Windows\System32\Tasks\{F1F9B1E2-1649-459F-8D19-CE3F57076C12}
2015-01-25 03:42 - 2015-01-25 03:42 - 00639400 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-8u31 (1).exe
2015-01-25 03:23 - 2015-01-25 03:23 - 00000000 ____D () C:\ProgramData\Sun
2015-01-25 03:23 - 2015-01-25 03:23 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-25 03:22 - 2015-01-25 03:22 - 00639400 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-8u31.exe
2015-01-25 03:21 - 2015-01-25 04:12 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-01-25 02:53 - 2015-01-25 02:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\MPC-HC
2015-01-25 02:26 - 2015-01-25 02:26 - 10420256 _____ (CCCP Project ) C:\Users\Admin\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe
2015-01-25 02:16 - 2015-01-25 04:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\StaxRip
2015-01-25 00:31 - 2015-01-25 00:31 - 00868025 _____ (INNOMAGIC, Ltd. ) C:\Users\Admin\Downloads\MagicYUV_v1.0.exe
2015-01-25 00:05 - 2015-01-25 13:54 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-01-25 00:05 - 2015-01-25 00:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-01-24 23:46 - 2015-01-24 23:46 - 78435578 _____ () C:\Users\Admin\Downloads\MeGUI_2507_x86.zip
2015-01-24 23:44 - 2015-01-26 01:12 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-01-24 23:44 - 2015-01-24 23:44 - 00001082 _____ () C:\Users\Admin\Desktop\MSI Afterburner.lnk
2015-01-24 23:44 - 2015-01-24 23:44 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-01-24 23:40 - 2015-01-24 23:41 - 36210245 _____ () C:\Users\Admin\Downloads\MSIAfterburnerSetup410.zip
2015-01-24 19:34 - 2015-01-24 19:34 - 00000221 _____ () C:\Users\Admin\Desktop\Tropico.url
2015-01-23 22:33 - 2015-01-23 22:34 - 00532944 _____ () C:\Windows\Minidump\012315-41153-01.dmp
2015-01-23 22:20 - 2015-01-23 22:20 - 00000000 ____D () C:\temp
2015-01-23 22:19 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 22:19 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-01-23 22:11 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-23 22:11 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-18 18:28 - 2015-01-18 18:29 - 00297880 _____ () C:\Windows\Minidump\011815-35396-01.dmp
2015-01-18 14:23 - 2015-01-18 14:23 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-18 14:15 - 2015-01-18 14:15 - 00000222 _____ () C:\Users\Admin\Desktop\State of Decay.url
2015-01-16 18:10 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:42 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:42 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:42 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:42 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:42 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:42 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:42 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:42 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:42 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:42 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:42 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:42 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 07:07 - 2015-01-12 07:07 - 00297880 _____ () C:\Windows\Minidump\011215-28017-01.dmp
2015-01-10 06:50 - 2015-01-10 06:50 - 00262144 _____ () C:\Windows\Minidump\011015-27393-01.dmp
2014-12-31 15:41 - 2014-12-31 15:42 - 00266288 _____ () C:\Windows\Minidump\123114-23415-01.dmp
2014-12-27 03:49 - 2014-12-27 03:49 - 00297880 _____ () C:\Windows\Minidump\122714-26083-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 15:55 - 2014-02-10 08:46 - 01998305 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 15:52 - 2014-07-29 20:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 15:52 - 2014-07-29 20:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 15:51 - 2010-11-21 04:47 - 00157162 _____ () C:\Windows\PFRO.log
2015-01-26 15:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 15:51 - 2009-07-14 05:51 - 00156289 _____ () C:\Windows\setupact.log
2015-01-26 03:02 - 2014-08-10 22:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-26 02:04 - 2014-10-15 18:28 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2015-01-26 01:55 - 2014-02-26 22:09 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-26 01:54 - 2014-02-26 22:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-01-26 01:40 - 2009-07-14 05:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 01:40 - 2009-07-14 05:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 00:36 - 2014-04-12 17:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client
2015-01-25 04:49 - 2014-06-29 22:03 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-25 00:06 - 2014-03-04 23:10 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-01-25 00:06 - 2014-03-04 23:10 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-24 19:39 - 2014-08-14 18:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-23 22:37 - 2014-07-20 19:43 - 00100216 _____ () C:\shared.log
2015-01-23 22:34 - 2014-02-10 09:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-23 22:33 - 2014-03-07 16:29 - 835518114 _____ () C:\Windows\MEMORY.DMP
2015-01-23 22:33 - 2014-03-07 16:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-23 22:20 - 2014-02-26 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-22 19:53 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-16 07:41 - 2014-10-23 15:15 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-16 07:41 - 2014-10-23 15:15 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-16 07:41 - 2014-02-26 20:57 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-16 07:41 - 2014-02-26 20:57 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-15 00:53 - 2014-02-10 12:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 00:49 - 2014-02-10 12:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 09:07 - 2014-02-26 20:55 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-10 09:07 - 2014-02-26 20:55 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-10 09:07 - 2014-02-10 09:28 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-10 09:07 - 2014-02-10 09:28 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-10 09:07 - 2014-02-10 09:28 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-10 09:07 - 2014-02-10 09:28 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-01-03 03:02 - 2014-02-10 11:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SoftGrid Client
2015-01-02 20:19 - 2014-12-22 02:39 - 00026346 _____ () C:\Users\Admin\Desktop\Mappe1.xlsx
2015-01-02 16:50 - 2014-02-10 17:38 - 00700906 _____ () C:\Windows\system32\perfh007.dat
2015-01-02 16:50 - 2014-02-10 17:38 - 00150286 _____ () C:\Windows\system32\perfc007.dat
2015-01-02 16:50 - 2009-07-14 06:13 - 01625650 _____ () C:\Windows\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\_isB21F.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 09:52

==================== End Of Log ============================

--- --- ---

und der Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Admin at 2015-01-26 16:00:00
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Spicy Horse Games)
AoA Audio Extractor (HKLM-x32\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version:  - AoAMedia.com)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassins Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - Ihr Firmenname)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Geheimakte Tunguska (HKLM-x32\...\{3B416FDA-CB3E-4514-9616-763E5B0D1140}) (Version: 1.03.02 - Deep Silver)
Health Alert (HKLM-x32\...\HealthAlert) (Version: 2.7.54 - Rational Thought Solutions)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
MagicYUV Lossless Video Codec version 1.0 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 1.0 - INNOMAGIC, Ltd.)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.6129.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MKVToolNix 7.5.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.5.0 - Moritz Bunkus)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge 2 B13.0403.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0403.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge B13.0403.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-988284940-210793992-766847566-1000\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Last Remnant (HKLM-x32\...\Steam App 23310) (Version:  - SQUARE ENIX)
Torchlight (HKLM-x32\...\Steam App 41500) (Version:  - Runic Games)
TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK-Konfigurationstool (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Tropico (HKLM-x32\...\Steam App 33520) (Version:  - PopTop Software)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

25-01-2015 03:42:38 Removed Java 8 Update 31
25-01-2015 03:45:26 Removed Java 8 Update 31
25-01-2015 04:10:13 Removed Java 8 Update 31
25-01-2015 04:11:04 Removed Java 8 Update 31 (64-bit)
26-01-2015 01:27:58 Wiederherstellungsvorgang

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08E85AF2-9A85-4A1E-8E9A-5AE2ED01F0FA} - System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-1 => C:\Program Files (x86)\GoHD\GoHD-codedownloader.exe [2015-01-25] (InstallMoon) <==== ATTENTION
Task: {0A36D9B8-7D02-4117-97D1-9BFA41A95E09} - System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-7 => C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-7.exe [2015-01-25] (InstallMoon) <==== ATTENTION
Task: {0D117D4E-EE80-429D-9B8F-D88A92248012} - System32\Tasks\{A7EDC86C-AC88-4B0D-8EBF-801BB3377055} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Prerequisites\vcredist_x64.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Prerequisites"
Task: {1F12A9F8-7D8D-4065-B944-4AEA70A1E4D3} - System32\Tasks\{F1F9B1E2-1649-459F-8D19-CE3F57076C12} => pcalua.exe -a "C:\Users\Admin\Downloads\chromeinstall-8u31 (1).exe" -d C:\Users\Admin\Downloads
Task: {711FC276-081A-4F3F-B8E2-7D5F811A9709} - System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-10_user => C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-10.exe [2015-01-25] (InstallMoon) <==== ATTENTION
Task: {727CFC4C-60D9-47DE-93CF-60F2038F0B99} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {73285559-8699-4D68-83E0-191E09D05CB8} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-25] (globalUpdate) <==== ATTENTION
Task: {73907E84-CF68-44D4-BC7D-C426518C8A13} - System32\Tasks\{459661D1-D2F6-419D-ADE9-E7E05FD0DA52} => pcalua.exe -a C:\ProgramData\HealthAlert\uninstall.exe -c /kb=y /ic=1
Task: {8910FB30-59D6-48A9-A16F-CA8D29FBEEE2} - System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5 => C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5.exe [2015-01-25] (InstallMoon) <==== ATTENTION
Task: {913389B5-04F0-46E0-A669-0A4366E2555B} - System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5_user => C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5.exe [2015-01-25] (InstallMoon) <==== ATTENTION
Task: {9D3664C7-3A5B-4860-A16F-0E9D966C7EB9} - System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-6 => C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-6.exe [2015-01-25] (InstallMoon) <==== ATTENTION
Task: {A2F40F1C-EB11-4810-9953-E007500691F8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {ADAA0D57-05AF-4D42-97A2-CA60B486A4FD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {CAD9FFF0-EA73-4B0D-8F4D-5775A1279947} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-25] (globalUpdate) <==== ATTENTION
Task: {D319FC0B-3CE6-4F73-9313-E999700C20DA} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E4F1B786-D482-44B9-9A4F-3A8052A05C06} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {ED796285-8858-40B8-B085-98643E49BECC} - System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-2 => C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-2.exe [2015-01-25] (InstallMoon) <==== ATTENTION
Task: C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-1.job => C:\Program Files (x86)\GoHD\GoHD-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-10_user.job => C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-2.job => C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5.job => C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5_user.job => C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-6.job => C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-7.job => C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-02-10 09:30 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-09 05:35 - 2014-07-20 20:29 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-10 08:57 - 2013-03-19 14:25 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-26 02:05 - 2015-01-09 10:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-26 15:52 - 2015-01-26 15:52 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
2014-02-10 08:56 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-988284940-210793992-766847566-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-988284940-210793992-766847566-500 - Administrator - Disabled)
Gast (S-1-5-21-988284940-210793992-766847566-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-988284940-210793992-766847566-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Xbox 360 Wireless Receiver for Windows
Description: Xbox 360 Wireless Receiver for Windows
Class Guid: {d61ca365-5af4-4486-998b-9db4734c6ca3}
Manufacturer: Microsoft
Service: xusb21
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2015 02:03:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce753
ID des fehlerhaften Prozesses: 0x1860
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (01/26/2015 02:00:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x4501feeb
ID des fehlerhaften Prozesses: 0x17fc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (01/26/2015 01:33:34 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: Der ausgewählte Wiederherstellungspunkt wurde während der Wiederherstellung beschädigt oder gelöscht (Removed Java 8 Update 31).

Error: (01/25/2015 10:06:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x1c18
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (01/25/2015 09:18:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x1c30
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (01/25/2015 08:37:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x1f98
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (01/25/2015 07:23:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x15f0
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (01/25/2015 06:24:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x680
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (01/25/2015 06:24:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x150c
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (01/25/2015 03:55:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x1a1c
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3


System errors:
=============
Error: (01/26/2015 03:51:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UsbCharger

Error: (01/26/2015 03:51:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (01/26/2015 03:51:35 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (01/26/2015 03:51:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (01/26/2015 01:33:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UsbCharger

Error: (01/26/2015 01:33:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (01/26/2015 01:33:07 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (01/26/2015 01:33:07 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (01/25/2015 03:54:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
UsbCharger

Error: (01/25/2015 03:54:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275


Microsoft Office Sessions:
=========================
Error: (01/26/2015 02:03:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccntdll.dll6.1.7601.18247521ea8e7c0000374000ce753186001d03903831e1d8cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll34f25f41-a4f7-11e4-a8c8-916020af130f

Error: (01/26/2015 02:00:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccunknown0.0.0.000000000c00000054501feeb17fc01d0390321dc42c6C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownb514062b-a4f6-11e4-a8c8-916020af130f

Error: (01/26/2015 01:33:34 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: Removed Java 8 Update 31

Error: (01/25/2015 10:06:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d1c1801d038e2aa10e433C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll0f3c4f9d-a4d6-11e4-88b1-9a27bf40f208

Error: (01/25/2015 09:18:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d1c3001d038da9c3ad18eC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll49a9b62e-a4cf-11e4-88b1-9a27bf40f208

Error: (01/25/2015 08:37:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d1f9801d038d2c357ebb0C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll91c52f21-a4c9-11e4-88b1-9a27bf40f208

Error: (01/25/2015 07:23:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d15f001d038c3cedf1fdaC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll3b9e7c06-a4bf-11e4-88b1-9a27bf40f208

Error: (01/25/2015 06:24:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d68001d038c3c68f3ec9C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll09231059-a4b7-11e4-88b1-9a27bf40f208

Error: (01/25/2015 06:24:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d150c01d038af311bdca2C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll00e668fe-a4b7-11e4-88b1-9a27bf40f208

Error: (01/25/2015 03:55:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d1a1c01d038aee87080bcC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll2b832c92-a4a2-11e4-88b1-9a27bf40f208


CodeIntegrity Errors:
===================================
  Date: 2014-09-18 23:16:55.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-18 23:16:55.500
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-18 23:16:55.498
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-18 23:16:55.483
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-18 23:16:55.482
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-18 23:16:55.480
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 17:24:26.535
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 17:24:26.533
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 17:24:26.531
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-16 17:24:26.508
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 15%
Total physical RAM: 16262.64 MB
Available physical RAM: 13718 MB
Total Pagefile: 32523.47 MB
Available Pagefile: 29763.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:1581.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 462E0839)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gruß Kanso

schrauber · 26.01.2015, 18:26

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Kanso · 26.01.2015, 20:50

Gut hab ich gemacht, anbei die Log Datei

Code:

ATTFilter

ComboFix 15-01-22.02 - Admin 26.01.2015  20:38:44.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.16263.14056 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\24386585-620d-4ce0-9dba-955e5547dbd7\260efedf-54ea-45b4-941e-4363ce67e15d.dll
c:\program files (x86)\24386585-620d-4ce0-9dba-955e5547dbd7\7991fcc9-5fc8-498a-b543-a56ad628d310.dll
c:\program files (x86)\AMD\24386585-620d-4ce0-9dba-955e5547dbd7.dll
c:\program files (x86)\AMD\ec4a1553-bcd5-4e2d-b087-ee472c7812b4.dll
c:\program files (x86)\GoHD\3ad6112b-f275-49d3-96e7-573f7008e59f.dll
c:\program files (x86)\GoHD\6e3cc15b-682e-4e53-a5b3-0cdaac5f2065.dll
c:\users\Admin\AppData\Local\DeSmuME
c:\users\Admin\AppData\Local\DeSmuME\desmume.ini
c:\windows\msdownld.tmp
c:\windows\SysWow64\SET2230.tmp
c:\windows\SysWow64\SET24C4.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-26 bis 2015-01-26  ))))))))))))))))))))))))))))))
.
.
2015-01-26 19:42 . 2015-01-26 19:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-26 14:58 . 2015-01-26 15:00	--------	d-----w-	C:\FRST
2015-01-26 01:07 . 2015-01-26 01:07	--------	d-----w-	c:\users\Admin\AppData\Local\Macromedia
2015-01-26 01:06 . 2015-01-26 01:06	--------	d-----w-	c:\users\Admin\AppData\Local\Mozilla
2015-01-26 01:06 . 2015-01-26 01:06	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2015-01-26 00:56 . 2015-01-26 00:56	--------	d-----w-	C:\HealthAlert
2015-01-25 04:45 . 2015-01-25 21:06	--------	d-----w-	c:\users\Admin\AppData\Roaming\vlc
2015-01-25 04:45 . 2015-01-25 04:45	--------	d-----w-	c:\program files\VideoLAN
2015-01-25 03:49 . 2015-01-26 16:17	--------	d-----w-	c:\users\Admin\AppData\Local\HealthAlert
2015-01-25 03:49 . 2015-01-25 03:49	--------	d-----w-	c:\users\Admin\AppData\Local\globalUpdate
2015-01-25 03:49 . 2015-01-25 03:49	--------	d-----w-	c:\program files (x86)\globalUpdate
2015-01-25 03:49 . 2015-01-26 19:42	--------	d-----w-	c:\program files (x86)\24386585-620d-4ce0-9dba-955e5547dbd7
2015-01-25 03:49 . 2015-01-26 19:42	--------	d-----w-	c:\program files (x86)\GoHD
2015-01-25 03:48 . 2014-12-08 16:01	20216	----a-w-	c:\windows\system32\roboot64.exe
2015-01-25 03:48 . 2015-01-25 20:28	--------	d-----w-	C:\MyAudio
2015-01-25 03:47 . 2015-01-26 16:31	--------	d-----w-	c:\programdata\SaYmJbhs
2015-01-25 03:47 . 2015-01-26 01:31	--------	d-----w-	c:\programdata\HealthAlert
2015-01-25 03:46 . 2007-05-13 11:24	86683	----a-w-	c:\windows\SysWow64\pthreadGC2.dll
2015-01-25 03:45 . 2015-01-25 03:46	--------	d-----w-	c:\program files (x86)\AoA Audio Extractor
2015-01-25 03:45 . 2015-01-25 03:45	--------	d-----w-	c:\users\Admin\AppData\Local\StormFall
2015-01-25 03:35 . 2015-01-25 20:28	--------	d-----w-	c:\users\Admin\AppData\Roaming\Audacity
2015-01-25 03:35 . 2015-01-25 03:35	--------	d-----w-	c:\program files (x86)\Audacity
2015-01-25 03:34 . 2015-01-25 03:34	--------	d-----w-	c:\users\Admin\AppData\Roaming\mkvtoolnix
2015-01-25 03:33 . 2015-01-25 03:33	--------	d-----w-	c:\program files\MKVToolNix
2015-01-25 03:19 . 2015-01-25 03:19	1194185	----a-w-	c:\windows\unins000.exe
2015-01-25 03:19 . 2014-09-12 01:07	647168	----a-w-	c:\windows\SysWow64\magicyuv.dll
2015-01-25 03:19 . 2014-09-12 01:06	732160	----a-w-	c:\windows\system32\magicyuv.dll
2015-01-25 02:23 . 2015-01-25 02:23	--------	d-----w-	c:\programdata\Oracle
2015-01-25 02:21 . 2015-01-25 03:12	--------	d-----w-	c:\program files (x86)\AviSynth 2.5
2015-01-25 01:53 . 2015-01-25 01:53	--------	d-----w-	c:\users\Admin\AppData\Roaming\MPC-HC
2015-01-25 01:16 . 2015-01-25 03:05	--------	d-----w-	c:\users\Admin\AppData\Local\StaxRip
2015-01-24 23:05 . 2015-01-25 12:54	--------	d-----w-	c:\program files (x86)\RivaTuner Statistics Server
2015-01-24 22:44 . 2015-01-26 00:12	--------	d-----w-	c:\program files (x86)\MSI Afterburner
2015-01-23 21:20 . 2015-01-23 21:20	--------	d-----w-	C:\temp
2015-01-23 21:11 . 2014-11-22 10:46	38032	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2015-01-23 21:11 . 2014-11-22 10:46	32400	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2015-01-18 13:23 . 2015-01-18 13:23	--------	d-----w-	c:\programdata\Package Cache
2015-01-16 17:10 . 2014-12-11 17:47	87040	----a-w-	c:\windows\system32\TSWbPrxy.exe
2015-01-14 15:42 . 2014-12-19 03:06	210432	----a-w-	c:\windows\system32\profsvc.dll
2015-01-14 15:42 . 2014-12-06 04:17	303616	----a-w-	c:\windows\system32\nlasvc.dll
2015-01-14 15:42 . 2014-12-06 03:50	52224	----a-w-	c:\windows\SysWow64\nlaapi.dll
2015-01-14 15:42 . 2014-12-06 03:50	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2015-01-14 15:42 . 2014-12-19 01:46	141312	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2015-01-14 15:42 . 2014-12-12 05:35	5553592	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-01-14 15:42 . 2014-12-12 05:31	503808	----a-w-	c:\windows\system32\srcore.dll
2015-01-14 15:42 . 2014-12-12 05:31	50176	----a-w-	c:\windows\system32\srclient.dll
2015-01-14 15:42 . 2014-12-12 05:31	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-01-14 15:42 . 2014-12-12 05:11	3971512	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 15:42 . 2014-12-12 05:11	3916728	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 15:42 . 2014-12-12 05:07	43008	----a-w-	c:\windows\SysWow64\srclient.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-26 15:31 . 2014-11-13 14:46	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-01-26 14:52 . 2014-07-29 19:26	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-26 14:52 . 2014-07-29 19:26	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-16 06:41 . 2014-10-23 14:15	1316184	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2015-01-16 06:41 . 2014-02-26 19:57	1278920	----a-w-	c:\windows\SysWow64\nvspcap.dll
2015-01-16 06:41 . 2014-10-23 14:15	1756424	----a-w-	c:\windows\system32\nvspbridge64.dll
2015-01-16 06:41 . 2014-02-26 19:57	1514528	----a-w-	c:\windows\system32\nvspcap64.dll
2015-01-14 23:49 . 2014-02-10 11:11	113365784	----a-w-	c:\windows\system32\MRT.exe
2015-01-10 08:07 . 2014-02-26 19:55	18566296	----a-w-	c:\windows\system32\nvwgf2umx.dll
2015-01-10 08:07 . 2014-02-26 19:55	14115944	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2015-01-10 08:07 . 2014-02-10 08:28	3298816	----a-w-	c:\windows\system32\nvapi64.dll
2015-01-10 08:07 . 2014-02-10 08:28	177624	----a-w-	c:\windows\system32\nvinitx.dll
2015-01-10 08:07 . 2014-02-10 08:28	164568	----a-w-	c:\windows\SysWow64\nvinit.dll
2014-12-13 05:09 . 2014-12-18 17:52	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 17:52	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-09 18:23	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-09 18:23	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-09 18:23	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-09 18:23	830976	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-09 18:23	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-09 18:23	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-09 18:23	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-09 18:23	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-09 18:23	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-11-22 10:46 . 2014-02-26 19:55	35472	----a-w-	c:\windows\system32\nvaudcap64v.dll
2014-11-22 03:13 . 2014-12-09 18:23	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-09 18:23	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-09 18:23	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-09 18:23	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-09 18:23	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-09 18:23	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-09 18:23	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-09 18:23	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-09 18:23	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-09 18:23	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-09 18:23	633856	----a-w-	c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-09 18:23	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-09 18:23	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-09 18:23	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-09 18:23	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-09 18:23	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-09 18:23	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-09 18:23	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-09 18:23	199680	----a-w-	c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-09 18:23	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-09 18:23	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-09 18:23	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-09 18:23	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-09 18:23	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-09 18:23	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-09 18:23	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-09 18:23	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-09 18:23	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-09 18:23	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-09 18:23	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-09 18:23	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-09 18:23	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-09 18:23	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-09 18:23	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-09 18:23	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-09 18:23	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-09 18:23	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-09 18:23	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-09 18:23	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2014-11-17 22:18 . 2014-11-24 16:01	31520	----a-w-	c:\windows\system32\nvhdap64.dll
2014-11-17 22:18 . 2014-11-24 16:01	197408	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2014-11-17 22:18 . 2014-02-10 08:28	1538880	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2014-11-13 00:20 . 2014-11-24 16:01	1876296	----a-w-	c:\windows\system32\nvdispco6434475.dll
2014-11-13 00:20 . 2014-11-24 16:01	1540424	----a-w-	c:\windows\system32\nvdispgenco6434475.dll
2014-11-12 21:56 . 2014-02-10 08:30	6897352	----a-w-	c:\windows\system32\nvcpl.dll
2014-11-12 21:56 . 2014-02-10 08:30	3534152	----a-w-	c:\windows\system32\nvsvc64.dll
2014-11-12 21:56 . 2014-11-24 16:02	67072	----a-w-	c:\windows\system32\nv3dappshextr.dll
2014-11-12 21:56 . 2014-11-24 16:02	1092752	----a-w-	c:\windows\system32\nv3dappshext.dll
2014-11-12 21:56 . 2014-02-10 08:30	934032	----a-w-	c:\windows\system32\nvvsvc.exe
2014-11-12 21:56 . 2014-02-10 08:30	62608	----a-w-	c:\windows\system32\nvshext.dll
2014-11-12 21:56 . 2014-02-10 08:30	386368	----a-w-	c:\windows\system32\nvmctray.dll
2014-11-12 21:56 . 2014-02-10 08:30	2559808	----a-w-	c:\windows\system32\nvsvcr.dll
2014-11-11 10:29 . 2014-02-10 08:30	4100776	----a-w-	c:\windows\system32\nvcoproc.bin
2014-11-11 03:09 . 2014-12-09 18:23	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 11:26	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 11:26	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-09 18:23	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 11:26	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 11:26	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-09 18:23	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-09 18:22	2048	----a-w-	c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-09 18:22	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-11-01 10:13 . 2009-08-18 10:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-11-01 10:13 . 2009-08-18 09:24	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-10-30 04:53 . 2014-11-06 17:02	1876296	----a-w-	c:\windows\system32\nvdispco6434460.dll
2014-10-30 04:53 . 2014-11-06 17:02	1539272	----a-w-	c:\windows\system32\nvdispgenco6434460.dll
2014-10-30 02:03 . 2014-12-09 18:22	165888	----a-w-	c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-09 18:22	155136	----a-w-	c:\windows\SysWow64\charmap.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110611211180}]
2015-01-25 03:49	594408	----a-w-	c:\program files (x86)\GoHD\GoHD-bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-03-12 134616]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK-Konfigurationstool.lnk - c:\program files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe -nogui [2014-2-28 846848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150123.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150123.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 GUKLnctvqF;GUKLnctvqF;c:\programdata\SaYmJbhs\GUKLnctvqF.exe;c:\programdata\SaYmJbhs\GUKLnctvqF.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-26 c:\windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-1.job
- c:\program files (x86)\GoHD\GoHD-codedownloader.exe [2015-01-25 03:50]
.
2015-01-26 c:\windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-10_user.job
- c:\program files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-10.exe [2015-01-25 03:49]
.
2015-01-26 c:\windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-2.job
- c:\program files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-2.exe [2015-01-25 03:49]
.
2015-01-26 c:\windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5.job
- c:\program files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5.exe [2015-01-25 03:50]
.
2015-01-26 c:\windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5_user.job
- c:\program files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5.exe [2015-01-25 03:50]
.
2015-01-26 c:\windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-6.job
- c:\program files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-6.exe [2015-01-25 03:49]
.
2015-01-26 c:\windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-7.job
- c:\program files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-7.exe [2015-01-25 03:49]
.
2015-01-26 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-25 03:49]
.
2015-01-26 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-25 03:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 441840]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-26 13423688]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585928]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxq420uz.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\program files (x86)\Steam\steamapps\common\Assassins Creed Brotherhood\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-988284940-210793992-766847566-1000\Software\SecuROM\License information*]
"datasecu"=hex:36,eb,66,42,d2,6c,a2,70,d1,f0,09,fe,72,93,56,82,b2,f9,a6,9a,95,
   ae,99,25,1f,ee,a8,10,f8,86,0d,51,cd,8e,6c,9a,a9,45,c5,60,b8,18,8a,73,63,8d,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-26  20:48:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-26 19:47
.
Vor Suchlauf: 17 Verzeichnis(se), 1.703.328.116.736 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 1.702.777.507.840 Bytes frei
.
- - End Of File - - 5A71992338FAEBE266EA6F5BCACF7130
A36C5E4F47E84449FF07ED3517B43A31

Gruß Kanso

schrauber · 27.01.2015, 07:35

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Kanso · 27.01.2015, 11:13

mbam:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 27.01.2015
Suchlauf-Zeit: 10:28:23
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.27.05
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Admin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 346185
Verstrichene Zeit: 7 Min, 15 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.HealthAlert.A, C:\ProgramData\SaYmJbhs\GUKLnctvqF.exe, 2248, Löschen bei Neustart, [da8755a7ff8a7bbb0ff8b24835cce21e]
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, 1424, Löschen bei Neustart, [5c05ee0e1277f343f653d388a75c12ee]

Module: 1
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, Löschen bei Neustart, [5c05ee0e1277f343f653d388a75c12ee], 

Registrierungsschlüssel: 41
PUP.Optional.HealthAlert.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GUKLnctvqF, In Quarantäne, [da8755a7ff8a7bbb0ff8b24835cce21e], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [19483cc0a4e5e650fd8cf306a35f3dc3], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [19483cc0a4e5e650fd8cf306a35f3dc3], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [204157a5b1d852e4acac6c8db64c46ba], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [204157a5b1d852e4acac6c8db64c46ba], 
PUP.Optional.GoHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110611211180}, In Quarantäne, [223f7983721750e6a63c0eb9bf4206fa], 
PUP.Optional.GoHD.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611211180}, In Quarantäne, [223f7983721750e6a63c0eb9bf4206fa], 
PUP.Optional.GoHD.A, HKLM\SOFTWARE\CLASSES\eba99200f5600131931909dd7c8eb7090062180.BHO, In Quarantäne, [223f7983721750e6a63c0eb9bf4206fa], 
PUP.Optional.GoHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\eba99200f5600131931909dd7c8eb7090062180.BHO, In Quarantäne, [223f7983721750e6a63c0eb9bf4206fa], 
PUP.Optional.GoHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622212280}, In Quarantäne, [223f7983721750e6a63c0eb9bf4206fa], 
PUP.Optional.GoHD.A, HKLM\SOFTWARE\CLASSES\eba99200f5600131931909dd7c8eb7090062180.Sandbox.1, In Quarantäne, [223f7983721750e6a63c0eb9bf4206fa], 
PUP.Optional.GoHD.A, HKLM\SOFTWARE\CLASSES\eba99200f5600131931909dd7c8eb7090062180.Sandbox, In Quarantäne, [223f7983721750e6a63c0eb9bf4206fa], 
PUP.Optional.GoHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\eba99200f5600131931909dd7c8eb7090062180.Sandbox, In Quarantäne, [223f7983721750e6a63c0eb9bf4206fa], 
PUP.Optional.GoHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\eba99200f5600131931909dd7c8eb7090062180.Sandbox.1, In Quarantäne, [223f7983721750e6a63c0eb9bf4206fa], 
PUP.Optional.GoHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622212280}, In Quarantäne, [223f7983721750e6a63c0eb9bf4206fa], 
PUP.Optional.HealthAlert.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HealthAlert, In Quarantäne, [2b36b7459cedbc7a2f21c2c5d82b6e92], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\13641, In Quarantäne, [aeb3c23a494037ff93ee9e176f94c23e], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [69f8a25adaafe254972bccceab58af51], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\13641, In Quarantäne, [51105ca0e4a53ef8592803b2877c26da], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, In Quarantäne, [c1a029d38bfe1a1cf89eec0e10f4e61a], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, In Quarantäne, [9dc416e62b5eb2843c5b18e2f0147e82], 
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [eb76c4386623df571fbcc9d3ee151de3], 
PUP.Optional.MultiIE.A, HKU\S-1-5-21-988284940-210793992-766847566-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, In Quarantäne, [3c255ba12e5b0f27e0279362b84c827e], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-988284940-210793992-766847566-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\13641, In Quarantäne, [7be6b349791064d21c8f4c4273908080], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-988284940-210793992-766847566-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\InstallMoon, In Quarantäne, [540dd62693f60036d1fc3d64d82ba957], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-988284940-210793992-766847566-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [b9a82ece1c6d81b5ddfdb2ea5fa419e7], 
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 

Registrierungswerte: 1
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [69f8a25adaafe254972bccceab58af51]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 9
PUP.Optional.HealthAlert.A, C:\Users\Admin\AppData\Local\HealthAlert, In Quarantäne, [e47dfffd3554ff376ce33d4a020143bd], 
PUP.Optional.HealthAlert.A, C:\ProgramData\HealthAlert, In Quarantäne, [2b36b7459cedbc7a2f21c2c5d82b6e92], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD, In Quarantäne, [b6ab8d6fc4c553e30e02840edf246c94], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, Löschen bei Neustart, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, Löschen bei Neustart, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{A66DB48F-42FB-498D-B92F-C508D81C0121}, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 

Dateien: 54
PUP.Optional.HealthAlert.A, C:\ProgramData\SaYmJbhs\GUKLnctvqF.exe, Löschen bei Neustart, [da8755a7ff8a7bbb0ff8b24835cce21e], 
PUP.Optional.HealthAlert.A, C:\ProgramData\SaYmJbhs\dat\EbCEzzeSaN.exe, Löschen bei Neustart, [025f25d7a8e156e0bb4c24d6fd0410f0], 
PUP.Optional.HealthAlert.A, C:\ProgramData\SaYmJbhs\dat\gwulxUL.exe, Löschen bei Neustart, [c69bca32d3b62610aa5d9367956c49b7], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-10.exe, In Quarantäne, [fd64ae4e3f4ae35316cc86416c953cc4], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-2.exe, In Quarantäne, [4d147b81e6a3f2442cb6b512719013ed], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5.exe, In Quarantäne, [134e7f7d97f28ea83fa327a08f72847c], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-6.exe, In Quarantäne, [550c36c6a1e8c76f459dd1f68f726a96], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-64.exe, In Quarantäne, [263b9468e2a7063029b9d0f7c1401ae6], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-7.exe, In Quarantäne, [0a57827a8603181e7d65af18f40deb15], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\GoHD-bg.exe, In Quarantäne, [bca5c7352c5de84e934f6e59ac5507f9], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\GoHD-bho.dll, In Quarantäne, [223f7983721750e6a63c0eb9bf4206fa], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\GoHD-bho64.dll, In Quarantäne, [223f7983721750e6a63c0eb9bf4206fa], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\GoHD-buttonutil.exe, In Quarantäne, [025fbb41721786b01cc600c75aa7649c], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\GoHD-buttonutil64.exe, In Quarantäne, [d091ac50e9a0ab8b38aa6166f70a7090], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\GoHD-codedownloader.exe, In Quarantäne, [98c926d64f3af145a1412e9921e0ac54], 
PUP.Optional.HealthAlert.A, C:\Users\Admin\AppData\Local\HealthAlert\data2.dat, In Quarantäne, [e47dfffd3554ff376ce33d4a020143bd], 
PUP.Optional.HealthAlert.A, C:\ProgramData\HealthAlert\app.dat, In Quarantäne, [2b36b7459cedbc7a2f21c2c5d82b6e92], 
PUP.Optional.HealthAlert.A, C:\ProgramData\HealthAlert\data.dat, In Quarantäne, [2b36b7459cedbc7a2f21c2c5d82b6e92], 
PUP.Optional.HealthAlert.A, C:\ProgramData\HealthAlert\HealthAlert.ico, In Quarantäne, [2b36b7459cedbc7a2f21c2c5d82b6e92], 
PUP.Optional.HealthAlert.A, C:\ProgramData\HealthAlert\Uninstall.exe, In Quarantäne, [2b36b7459cedbc7a2f21c2c5d82b6e92], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\background.html, In Quarantäne, [b6ab8d6fc4c553e30e02840edf246c94], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\bgNova.html, In Quarantäne, [b6ab8d6fc4c553e30e02840edf246c94], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\GoHD-buttonutil.dll, In Quarantäne, [b6ab8d6fc4c553e30e02840edf246c94], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\GoHD-buttonutil64.dll, In Quarantäne, [b6ab8d6fc4c553e30e02840edf246c94], 
PUP.Optional.GoHD.A, C:\Program Files (x86)\GoHD\GoHD.ico, In Quarantäne, [b6ab8d6fc4c553e30e02840edf246c94], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-1, In Quarantäne, [0c55cc302c5ddf5734893961a162e11f], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-10_user, In Quarantäne, [0a57fefe95f48fa7299499013ec5f40c], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-2, In Quarantäne, [94cd5aa28cfd88ae774633679a6907f9], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5, In Quarantäne, [c29f51abd5b44beb3f7e3d5d15ee5ba5], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5_user, In Quarantäne, [e57c08f4a2e71323eecf8c0e9f6439c7], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-6, In Quarantäne, [520f01fb6524082e229baaf01ce702fe], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-7, In Quarantäne, [84ddfc003d4c4ee8c3fa7f1bc1428779], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-1.job, In Quarantäne, [3031fc00197024124fe410e89074d030], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-10_user.job, In Quarantäne, [223f8478dbae0d29fe355e9ab1538a76], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-2.job, In Quarantäne, [80e1f408424777bffd36a8508d77b54b], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5.job, In Quarantäne, [025f8e6e2861a88eeb480bed5ea61ce4], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-5_user.job, In Quarantäne, [a0c136c686035dd92b087385d430ad53], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-6.job, In Quarantäne, [2f3235c74742d660c073916719ebab55], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\38a215ef-5e39-4f98-a6c7-5bbd16e9f164-7.job, In Quarantäne, [cd94e7156a1feb4b2c07817744c0728e], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, In Quarantäne, [f07132cae1a8f442d1783eba818343bd], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, In Quarantäne, [88d9f20a1d6c7abcbd8dca2e49bb817f], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, In Quarantäne, [1a476b9197f28ea8a3a855a352b2669a], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, In Quarantäne, [263bf9031a6ff1455af201f7d62ebd43], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Löschen bei Neustart, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, Löschen bei Neustart, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, In Quarantäne, [5c05ee0e1277f343f653d388a75c12ee], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v4.109 - Bericht erstellt am 27/01/2015 um 10:58:20
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Admin - ADMIN-PC
# Gestartet von : C:\Users\Admin\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\HealthAlert
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Users\Admin\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\GoHD
Datei Gelöscht : C:\Windows\System32\roboot64.exe

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655215580}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666216680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655215580}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666216680}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\GoHD
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\GoHD
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\GoHD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [6313 octets] - [27/01/2015 10:56:45]
AdwCleaner[S0].txt - [5954 octets] - [27/01/2015 10:58:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6014 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Admin on 27.01.2015 at 11:03:34,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.01.2015 at 11:07:35,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Gruß Kanso

schrauber · 27.01.2015, 19:50

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Kanso · 27.01.2015, 23:29

ESET Online Scanner:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8ec3d38b7f533c4b9ac3a5bc568f541d
# engine=22176
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-27 09:27:03
# local_time=2015-01-27 10:27:03 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 100 100 159874 173056519 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10646240 174023873 0 0
# scanned=172756
# found=14
# cleaned=0
# scan_time=4854
sh=08A5CE348D319335A92076C65C1091277AFED1B9 ft=1 fh=158b9db86261fb7d vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=E1C9B941391D85DFBBAAE28AB5FDEE555BE2EB28 ft=1 fh=b269de449bee0195 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\SaYmJbhs\dat\DjCKhhEJOeI.dll"
sh=77C4ABD3FFE953B065E0C37C74DE3B8FDECB5C68 ft=1 fh=8361f075872d6ba4 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\SaYmJbhs\dat\uafybnK.dll"
sh=680D158A2AF99BC1DC6227E4B3E2F4BD50289683 ft=1 fh=98dc70fd6ad3c059 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\24386585-620d-4ce0-9dba-955e5547dbd7\260efedf-54ea-45b4-941e-4363ce67e15d.dll.vir"
sh=1A622D26DF8089EE7BFBEB8206B906F44DABEBF8 ft=1 fh=033f1e7bded1006e vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\24386585-620d-4ce0-9dba-955e5547dbd7\7991fcc9-5fc8-498a-b543-a56ad628d310.dll.vir"
sh=680D158A2AF99BC1DC6227E4B3E2F4BD50289683 ft=1 fh=98dc70fd6ad3c059 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\AMD\24386585-620d-4ce0-9dba-955e5547dbd7.dll.vir"
sh=1A622D26DF8089EE7BFBEB8206B906F44DABEBF8 ft=1 fh=033f1e7bded1006e vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\AMD\ec4a1553-bcd5-4e2d-b087-ee472c7812b4.dll.vir"
sh=1A622D26DF8089EE7BFBEB8206B906F44DABEBF8 ft=1 fh=033f1e7bded1006e vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\GoHD\3ad6112b-f275-49d3-96e7-573f7008e59f.dll.vir"
sh=680D158A2AF99BC1DC6227E4B3E2F4BD50289683 ft=1 fh=98dc70fd6ad3c059 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\GoHD\6e3cc15b-682e-4e53-a5b3-0cdaac5f2065.dll.vir"
sh=1ECFC21820718B28EF8D02235CF47C9A2B4769C7 ft=1 fh=d64bdcab81966442 vn="Win32/InstallMonetizer.AU evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\audioextractor_CB-DL-Manager [1].exe"
sh=A69DFC22D80BE61D093A9B5E587D006F5A17E58E ft=1 fh=de54c13127cf2561 vn="Variante von Win32/InstallCore.UR evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\audioextractor_CB-DL-Manager.exe"
sh=A4AC633DB74C5EBF4F90C67155C0908AA6BEFF3C ft=1 fh=5d50574df4562ea2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\VLC media player 64 Bit - CHIP-Installer.exe"
sh=E1C9B941391D85DFBBAAE28AB5FDEE555BE2EB28 ft=1 fh=b269de449bee0195 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\SaYmJbhs\dat\DjCKhhEJOeI.dll"
sh=77C4ABD3FFE953B065E0C37C74DE3B8FDECB5C68 ft=1 fh=8361f075872d6ba4 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\SaYmJbhs\dat\uafybnK.dll"

Security Check:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.296  
 Mozilla Firefox (35.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

und das neue FRST log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Admin (administrator) on ADMIN-PC on 27-01-2015 23:19:42
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-988284940-210793992-766847566-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk
ShortcutTarget: TP-LINK-Konfigurationstool.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-988284940-210793992-766847566-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-988284940-210793992-766847566-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-988284940-210793992-766847566-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxq420uz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-988284940-210793992-766847566-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxq420uz.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-01-27]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-20] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-06-19] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150126.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-06-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150126.035\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150126.035\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-05-14] (Realtek Semiconductor Corporation                           )
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-26] (Symantec Corporation)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 23:18 - 2015-01-27 23:18 - 00000902 _____ () C:\Users\Admin\Desktop\checkup.txt
2015-01-27 23:16 - 2015-01-27 23:16 - 00852573 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2015-01-27 20:26 - 2015-01-27 20:26 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe
2015-01-27 11:07 - 2015-01-27 11:07 - 00000695 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-01-27 11:03 - 2015-01-27 11:03 - 01707939 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2015-01-27 11:03 - 2015-01-27 11:03 - 00000000 ____D () C:\Windows\ERUNT
2015-01-27 11:00 - 2015-01-27 11:00 - 00006106 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt
2015-01-27 10:56 - 2015-01-27 10:58 - 00000000 ____D () C:\AdwCleaner
2015-01-27 10:55 - 2015-01-27 10:55 - 02194432 _____ () C:\Users\Admin\Desktop\AdwCleaner_4.109.exe
2015-01-27 10:41 - 2015-01-27 10:41 - 00016968 _____ () C:\Users\Admin\Desktop\mbam.txt
2015-01-27 10:39 - 2015-01-27 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-27 10:27 - 2015-01-27 22:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 10:27 - 2015-01-27 10:27 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-27 10:27 - 2015-01-27 10:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-27 10:27 - 2015-01-27 10:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-27 10:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-27 10:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-27 10:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-27 10:26 - 2015-01-27 10:26 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-26 20:48 - 2015-01-26 20:48 - 00027701 _____ () C:\ComboFix.txt
2015-01-26 20:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-26 20:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-26 20:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-26 20:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-26 20:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-26 20:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-26 20:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-26 20:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-26 20:34 - 2015-01-26 20:48 - 00000000 ____D () C:\Qoobox
2015-01-26 20:34 - 2015-01-26 20:47 - 00000000 ____D () C:\Windows\erdnt
2015-01-26 20:31 - 2015-01-26 20:31 - 05609462 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2015-01-26 20:28 - 2015-01-26 20:28 - 00410544 _____ () C:\Windows\Minidump\012615-36925-01.dmp
2015-01-26 16:03 - 2015-01-27 23:19 - 00017796 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-26 16:00 - 2015-01-26 16:00 - 00033082 _____ () C:\Users\Admin\Downloads\Addition.txt
2015-01-26 15:59 - 2015-01-26 16:00 - 00037582 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-01-26 15:58 - 2015-01-27 23:19 - 00000000 ____D () C:\FRST
2015-01-26 15:57 - 2015-01-26 15:57 - 02129920 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-01-26 02:07 - 2015-01-26 02:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\Macromedia
2015-01-26 02:06 - 2015-01-27 10:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 02:06 - 2015-01-26 02:06 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-26 02:06 - 2015-01-26 02:06 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-26 02:06 - 2015-01-26 02:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla
2015-01-26 02:06 - 2015-01-26 02:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2015-01-26 02:06 - 2015-01-26 02:06 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-25 05:45 - 2015-01-25 22:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-01-25 05:45 - 2015-01-25 05:45 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-25 05:45 - 2015-01-25 05:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-25 05:45 - 2015-01-25 05:45 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-25 05:44 - 2015-01-25 05:44 - 01191200 _____ () C:\Users\Admin\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2015-01-25 04:50 - 2015-01-25 04:50 - 00003104 _____ () C:\Windows\System32\Tasks\{459661D1-D2F6-419D-ADE9-E7E05FD0DA52}
2015-01-25 04:49 - 2015-01-26 20:42 - 00000000 ____D () C:\Program Files (x86)\24386585-620d-4ce0-9dba-955e5547dbd7
2015-01-25 04:48 - 2015-01-25 21:28 - 00000000 ____D () C:\MyAudio
2015-01-25 04:47 - 2015-01-27 10:42 - 00000000 ____D () C:\ProgramData\SaYmJbhs
2015-01-25 04:47 - 2015-01-25 21:24 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-25 04:46 - 2015-01-25 04:46 - 00001110 _____ () C:\Users\Public\Desktop\AoA Audio Extractor.lnk
2015-01-25 04:46 - 2015-01-25 04:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA Audio Extractor
2015-01-25 04:46 - 2007-05-13 12:24 - 00086683 _____ (Open Source Software community project) C:\Windows\SysWOW64\pthreadGC2.dll
2015-01-25 04:45 - 2015-01-25 04:46 - 00000000 ____D () C:\Program Files (x86)\AoA Audio Extractor
2015-01-25 04:45 - 2015-01-25 04:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\StormFall
2015-01-25 04:45 - 2015-01-25 04:44 - 08368579 _____ (AoAMedia.com ) C:\Users\Admin\Downloads\audioextractor_CB-DL-Manager [1].exe
2015-01-25 04:44 - 2015-01-25 04:44 - 00823792 _____ ( ) C:\Users\Admin\Downloads\audioextractor_CB-DL-Manager.exe
2015-01-25 04:35 - 2015-01-25 21:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Audacity
2015-01-25 04:35 - 2015-01-25 04:35 - 22892794 _____ (Audacity Team ) C:\Users\Admin\Downloads\audacity-win-2.0.6.exe
2015-01-25 04:35 - 2015-01-25 04:35 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-01-25 04:35 - 2015-01-25 04:35 - 00001003 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-01-25 04:35 - 2015-01-25 04:35 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-01-25 04:34 - 2015-01-25 04:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\mkvtoolnix
2015-01-25 04:33 - 2015-01-25 04:33 - 18790552 _____ (Moritz Bunkus) C:\Users\Admin\Downloads\mkvtoolnix-amd64-7.5.0-setup.exe
2015-01-25 04:33 - 2015-01-25 04:33 - 00001738 _____ () C:\Users\Public\Desktop\MKVToolNix GUI preview.lnk
2015-01-25 04:33 - 2015-01-25 04:33 - 00001655 _____ () C:\Users\Public\Desktop\mkvmerge GUI.lnk
2015-01-25 04:33 - 2015-01-25 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2015-01-25 04:33 - 2015-01-25 04:33 - 00000000 ____D () C:\Program Files\MKVToolNix
2015-01-25 04:27 - 2015-01-25 22:04 - 00000000 ____D () C:\Users\Admin\Desktop\MeGUI
2015-01-25 04:25 - 2015-01-25 04:25 - 78435557 _____ () C:\Users\Admin\Downloads\MeGUI_2507_x86 (1).zip
2015-01-25 04:19 - 2015-01-25 04:19 - 01194185 _____ () C:\Windows\unins000.exe
2015-01-25 04:19 - 2015-01-25 04:19 - 00868025 _____ (INNOMAGIC, Ltd. ) C:\Users\Admin\Downloads\MagicYUV_v1.0 (1).exe
2015-01-25 04:19 - 2015-01-25 04:19 - 00003907 _____ () C:\Windows\unins000.dat
2015-01-25 04:19 - 2015-01-25 04:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicYUV
2015-01-25 04:19 - 2014-09-12 02:07 - 00647168 _____ () C:\Windows\SysWOW64\magicyuv.dll
2015-01-25 04:19 - 2014-09-12 02:06 - 00732160 _____ () C:\Windows\system32\magicyuv.dll
2015-01-25 04:02 - 2015-01-25 04:02 - 93427112 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jre-8u31-windows-x64.exe
2015-01-25 03:45 - 2015-01-25 03:45 - 00003156 _____ () C:\Windows\System32\Tasks\{F1F9B1E2-1649-459F-8D19-CE3F57076C12}
2015-01-25 03:42 - 2015-01-25 03:42 - 00639400 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-8u31 (1).exe
2015-01-25 03:23 - 2015-01-25 03:23 - 00000000 ____D () C:\ProgramData\Sun
2015-01-25 03:23 - 2015-01-25 03:23 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-25 03:22 - 2015-01-25 03:22 - 00639400 _____ (Oracle Corporation) C:\Users\Admin\Downloads\chromeinstall-8u31.exe
2015-01-25 03:21 - 2015-01-25 04:12 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-01-25 02:53 - 2015-01-25 02:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\MPC-HC
2015-01-25 02:26 - 2015-01-25 02:26 - 10420256 _____ (CCCP Project ) C:\Users\Admin\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe
2015-01-25 02:16 - 2015-01-25 04:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\StaxRip
2015-01-25 00:31 - 2015-01-25 00:31 - 00868025 _____ (INNOMAGIC, Ltd. ) C:\Users\Admin\Downloads\MagicYUV_v1.0.exe
2015-01-25 00:05 - 2015-01-25 13:54 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-01-25 00:05 - 2015-01-25 00:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-01-24 23:46 - 2015-01-24 23:46 - 78435578 _____ () C:\Users\Admin\Downloads\MeGUI_2507_x86.zip
2015-01-24 23:44 - 2015-01-26 01:12 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-01-24 23:44 - 2015-01-24 23:44 - 00001082 _____ () C:\Users\Admin\Desktop\MSI Afterburner.lnk
2015-01-24 23:44 - 2015-01-24 23:44 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-01-24 23:40 - 2015-01-24 23:41 - 36210245 _____ () C:\Users\Admin\Downloads\MSIAfterburnerSetup410.zip
2015-01-24 19:34 - 2015-01-24 19:34 - 00000221 _____ () C:\Users\Admin\Desktop\Tropico.url
2015-01-23 22:33 - 2015-01-23 22:34 - 00532944 _____ () C:\Windows\Minidump\012315-41153-01.dmp
2015-01-23 22:20 - 2015-01-23 22:20 - 00000000 ____D () C:\temp
2015-01-23 22:19 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 22:19 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-23 22:19 - 2015-01-10 09:07 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-01-23 22:11 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-23 22:11 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-18 18:28 - 2015-01-18 18:29 - 00297880 _____ () C:\Windows\Minidump\011815-35396-01.dmp
2015-01-18 14:23 - 2015-01-18 14:23 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-18 14:15 - 2015-01-18 14:15 - 00000222 _____ () C:\Users\Admin\Desktop\State of Decay.url
2015-01-16 18:10 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:42 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:42 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:42 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:42 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:42 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:42 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:42 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:42 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:42 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:42 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:42 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:42 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 07:07 - 2015-01-12 07:07 - 00297880 _____ () C:\Windows\Minidump\011215-28017-01.dmp
2015-01-10 06:50 - 2015-01-10 06:50 - 00262144 _____ () C:\Windows\Minidump\011015-27393-01.dmp
2014-12-31 15:41 - 2014-12-31 15:42 - 00266288 _____ () C:\Windows\Minidump\123114-23415-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 22:03 - 2014-02-10 08:46 - 01065538 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 20:27 - 2009-07-14 05:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 20:27 - 2009-07-14 05:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 20:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 20:19 - 2009-07-14 05:51 - 00157465 _____ () C:\Windows\setupact.log
2015-01-27 11:00 - 2014-10-15 18:28 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2015-01-27 11:00 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-27 10:59 - 2010-11-21 04:47 - 00174622 _____ () C:\Windows\PFRO.log
2015-01-27 10:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-26 23:53 - 2014-08-10 22:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-26 20:48 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-26 20:44 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-26 20:43 - 2009-07-14 03:34 - 61603840 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-26 20:43 - 2009-07-14 03:34 - 21233664 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-26 20:43 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-26 20:43 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-26 20:43 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-26 20:42 - 2014-06-29 22:03 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-26 20:28 - 2014-03-07 16:29 - 1037407091 _____ () C:\Windows\MEMORY.DMP
2015-01-26 20:28 - 2014-03-07 16:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-26 15:52 - 2014-07-29 20:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 15:52 - 2014-07-29 20:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 01:55 - 2014-02-26 22:09 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-26 01:54 - 2014-02-26 22:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-01-26 00:36 - 2014-04-12 17:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client
2015-01-25 00:06 - 2014-03-04 23:10 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-24 19:39 - 2014-08-14 18:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-23 22:37 - 2014-07-20 19:43 - 00100216 _____ () C:\shared.log
2015-01-23 22:34 - 2014-02-10 09:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-23 22:20 - 2014-02-26 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-16 07:41 - 2014-10-23 15:15 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-16 07:41 - 2014-10-23 15:15 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-16 07:41 - 2014-02-26 20:57 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-16 07:41 - 2014-02-26 20:57 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-15 00:53 - 2014-02-10 12:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 00:49 - 2014-02-10 12:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 09:07 - 2014-02-26 20:55 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-10 09:07 - 2014-02-26 20:55 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-10 09:07 - 2014-02-10 09:28 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-10 09:07 - 2014-02-10 09:28 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-10 09:07 - 2014-02-10 09:28 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-10 09:07 - 2014-02-10 09:28 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-01-03 03:02 - 2014-02-10 11:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SoftGrid Client
2015-01-02 20:19 - 2014-12-22 02:39 - 00026346 _____ () C:\Users\Admin\Desktop\Mappe1.xlsx
2015-01-02 16:50 - 2014-02-10 17:38 - 00700906 _____ () C:\Windows\system32\perfh007.dat
2015-01-02 16:50 - 2014-02-10 17:38 - 00150286 _____ () C:\Windows\system32\perfc007.dat
2015-01-02 16:50 - 2009-07-14 06:13 - 01625650 _____ () C:\Windows\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 09:52

==================== End Of Log ============================

--- --- ---

Alles klar, die Pop-Ups und Einblendungen tauchen nicht mehr auf und das Programm, dass ich nicht deinstallieren konnte wurde auch gelöscht. Sollte also alles wieder einwandfrei funktionieren. Sind wir damit durch? Bedanke mich schonmal für deine schnelle Hilfe schrauber. Super, dass es dieses Forum gibt.

Gruß Kanso

schrauber · 28.01.2015, 12:33

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\ProgramData\SaYmJbhs
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Kanso · 28.01.2015, 20:07

Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by Admin at 2015-01-28 19:58:36 Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin &  (Available profiles: Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\SaYmJbhs
Emptytemp:
*****************

C:\ProgramData\SaYmJbhs => Moved successfully.
EmptyTemp: => Removed 636.3 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 19:59:21 ====

Gut, von meiner Seite gibts nichts mehr. Nochmal vielen Dank für deine Hilfe. Du kannst den Thread zumachen.

Gruß Kanso

schrauber · 29.01.2015, 07:08

Gern Geschehen

29.01.2015, 07:08	#12
schrauber /// the machine /// TB-Ausbilder	Lästige Pop-Ups und Werbeeinblendungen, PC wahrscheinlich mit Trojaner infiziert Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Lästige Pop-Ups und Werbeeinblendungen, PC wahrscheinlich mit Trojaner infiziert

Log-Analyse und Auswertung: Lästige Pop-Ups und Werbeeinblendungen, PC wahrscheinlich mit Trojaner infiziert