Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Svchost Bitcoinminer

Svchost Bitcoinminer


Log-Analyse und Auswertung: Svchost Bitcoinminer

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 26.04.2015, 14:44   #1
lolle1
 
Svchost Bitcoinminer - Standard

Svchost Bitcoinminer


Hallo,
Beim Starten des PCs kommt von Kaspersky entweder die Meldung 'Die datei svchost.exe wurde gelöscht da sie irreparabel ist' oder das 'Trojan.Win64.BitMin.ft' gefunden wurde, und es wird gefragt wie es Desinfiziert werden soll. Dabei habe ich bereits mit und ohne System neustart ausgewählt, und bei beiden varianten wurde die Datei bis zum nächsten Systemstart auch wirklich entfernt (sie war nicht mehr in C:\Windows\Temp\svchost.exe zu finden), bei der Desinfektion mit Neustart wird beim 1. systemneustart keine Meldung von Kaspersky angezeigt und die datei ist auch nicht zu finden, aber nach einen Neustart kommt wieder eine Meldung.
GMER log ist zu lang... deshalb als rar!
FRST passt nicht mehr in diesen post kann aber nachgereicht werden!
Suchlauf Datum: 24.04.2015
Suchlauf-Zeit: 13:47:36
Logdatei: 1.txt
Administrator: Ja
Malewarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Version: 2.01.6.1022
Malware Datenbank: v2015.04.24.02
Rootkit Datenbank: v2015.04.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Admin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 357246
Verstrichene Zeit: 17 Min, 42 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 3
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [5909353b9ded79bd7ce788b4fe07a45c], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [6200e68a662454e230503f9e19eaee12], 
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\sweet-page uninstall, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 5
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1426522025&from=cor&uid=TOSHIBAXDT01ACA100_6357HJWNSXX6357HJWNSX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1426522025&from=cor&uid=TOSHIBAXDT01ACA100_6357HJWNSXX6357HJWNSX&q={searchTerms}),Ersetzt,[65fdbab63d4d70c6ad8366a13ec836ca]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1426522025&from=cor&uid=TOSHIBAXDT01ACA100_6357HJWNSXX6357HJWNSX, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1426522025&from=cor&uid=TOSHIBAXDT01ACA100_6357HJWNSXX6357HJWNSX),Ersetzt,[1a48363a206a52e465cb3ec9f80e827e]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1426522025&from=cor&uid=TOSHIBAXDT01ACA100_6357HJWNSXX6357HJWNSX, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1426522025&from=cor&uid=TOSHIBAXDT01ACA100_6357HJWNSXX6357HJWNSX),Ersetzt,[afb38ae6424844f248e8b94e0afce41c]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1426522025&from=cor&uid=TOSHIBAXDT01ACA100_6357HJWNSXX6357HJWNSX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1426522025&from=cor&uid=TOSHIBAXDT01ACA100_6357HJWNSXX6357HJWNSX&q={searchTerms}),Ersetzt,[342e2c444b3f42f498989671c640926e]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[9ec46d032b5f4de97b5be81e32d4da26]

Ordner: 3
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\code, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 

Dateien: 32
PUP.Optional.Somoto.SID.A, C:\Users\Admin\AppData\Local\Temp\nsvDDA.tmp, In Quarantäne, [68fa86ea34562b0bcee2152c18eef808], 
Trojan.CoinMiner, C:\Users\Admin\AppData\Local\Temp\update.exe, In Quarantäne, [e2805818fd8dde585acdb85f2dd5c63a], 
Trojan.Agent.MNR, C:\Windows\Temp\lsass.exe, In Quarantäne, [de84ed832565b482e7f648f012f1e41c], 
PUP.Dialupass, C:\Users\Admin\Downloads\20170_nirsoft_package_1.19.28.zip, In Quarantäne, [ee7484ece6a4f0467d49712c30d057a9], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\294.json, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\MessageBox.xml, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\un.ini, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\uninstallDlg2.xml, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\UninstallManager.exe, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\bg.png, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\bg1.png, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\bk_shadow.png, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\button.png, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\button1.png, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\checkbox.png, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\checkbox_select.png, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\checked.png, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\close.png, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\loading_bg.png, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\loading_light.png, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\min.png, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\scrollbar.bmp, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\Thumbs.db, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\unchecked.png, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\code\code1.jpg, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\code\code2.jpg, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\code\code3.jpg, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\code\code4.jpg, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\code\code5.jpg, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\code\code6.jpg, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Roaming\sweet-page\images\code\Thumbs.db, In Quarantäne, [5b077000652582b49b4f6845b94ac040], 
PUP.Optional.SweetPage.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://www.sweet-page.com/?type=hp&ts=1426522025&from=cor&uid=TOSHIBAXDT01ACA100_6357HJWNSXX6357HJWNSX",), Ersetzt,[f66ce28efa90241227a13314d6308d73]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2015
Ran by Admin at 2015-04-26 14:49:43
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-2897107241-917314487-1310154325-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2897107241-917314487-1310154325-500 - Administrator - Disabled)
Gast (S-1-5-21-2897107241-917314487-1310154325-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2897107241-917314487-1310154325-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\uTorrent) (Version: 3.4.2.38429 - BitTorrent Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Games)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.04.02 - ASUSTeK Computer Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cities Skylines (HKLM-x32\...\Cities Skylines_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
concept/design onlineTV 11 (HKLM-x32\...\{8A4C3184-DA2F-4553-BF61-83F5690C3048}_is1) (Version: 11.3.16.0 - concept/design GmbH)
CrystalDiskInfo 6.3.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.2 - Crystal Dew World)
CSGO (HKLM-x32\...\South Park The Stick of Truth_is1) (Version: 1.0.0.0 - )
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Driver Booster 2.2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.2 - IObit)
Dropbox (HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
DSL Soforthilfe (HKLM-x32\...\DSL Soforthilfe) (Version: 1.1.0.51 - Telefónica Germany GmbH & Co. OHG)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{4705DBFD-9D5E-4D23-817C-8CA7359B7BDE}) (Version: 11.1.20810.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Free YouTube to MP3 Converter version 3.12.56.301 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.56.301 - DVDVideoSoft Ltd.)
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin)
Genymotion version 2.4.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.4.0 - Genymobile)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\Google Chrome SxS) (Version: 44.0.2383.0 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
IsoBuster 3.5 (HKLM-x32\...\IsoBuster_is1) (Version: 3.5 - Smart Projects)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Lemonade Tycoon Deluxe (HKLM-x32\...\Lemonade Tycoon Deluxe) (Version:  - )
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
ManyCam 4.1.1 (HKLM-x32\...\ManyCam) (Version: 4.1.1 - Visicom Media Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20828.01) (HKLM-x32\...\{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) (HKLM-x32\...\{00C84D22-DB8F-4159-BF70-682B8EA56A1E}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 für Windows Desktop - DEU (HKLM-x32\...\{69ec32be-d994-44de-9eae-6d86ced6f352}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed(TM) Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.3 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 28.0.1750.51 (HKLM-x32\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PC Camera (0022.2009.1125.1004) (HKLM-x32\...\{B2920232-19DA-44FC-835F-68E427EAE2CE}) (Version: 10.22.09 - PixArt)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1045.0 - Passmark Software)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.4.15.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
RESCUE 2013 (HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\RESCUE 2013) (Version: 1.10.00.00 - rondomedia GmbH)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Setup - Life Is Strange (c) Square Enix ... (HKLM-x32\...\Setup - Life Is Strange (c) Square Enix ...) (Version: ... - DONTNOD Entertainment)
SHIELD Streaming (Version: 4.0.100 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.13.3 - NVIDIA Corporation) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
Thunder Master v1.9 (HKLM-x32\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 1.9.5.0 - Palit Microsystems Ltd.)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version:  - Ubisoft Singapore)
TransOcean - The Shipping Company (HKLM-x32\...\TransOcean - The Shipping Company_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
TuneGet 3.4.6 (HKLM-x32\...\{050A0D31-6B33-4137-ADE5-C0896E5FA98D}_is1) (Version: 3.4.6 - cyan soft ltd)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XChat 2 (remove only) (HKLM-x32\...\xchat) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2897107241-917314487-1310154325-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2897107241-917314487-1310154325-1000_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\44.0.2383.0\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2897107241-917314487-1310154325-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2897107241-917314487-1310154325-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2897107241-917314487-1310154325-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2897107241-917314487-1310154325-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2897107241-917314487-1310154325-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2897107241-917314487-1310154325-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2897107241-917314487-1310154325-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2897107241-917314487-1310154325-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2897107241-917314487-1310154325-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2897107241-917314487-1310154325-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2897107241-917314487-1310154325-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2897107241-917314487-1310154325-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

20-04-2015 13:18:30 Windows Update
20-04-2015 13:37:25 Installed Java SE Development Kit 8 Update 45 (64-bit)
21-04-2015 12:07:13 Windows Update
24-04-2015 13:37:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C3AE204-53FF-4F95-93EC-601BE4A826B9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {0EB155AB-6154-4A5A-9281-F7AD2F43413A} - System32\Tasks\{81B20F25-A8D3-401B-A8AF-13833EFF0409} => Chrome.exe hxxp://ui.skype.com/ui/0/7.2.0.103/de/abandoninstall?source=lightinstaller&page=tsBing
Task: {11021CBA-17D1-407F-89DB-7D664689B835} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-02-04] () <==== ATTENTION
Task: {12DF5342-9EF1-4E57-A804-14E16C3B9A25} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\mystuff\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {14E65D74-C31C-4796-B2D4-B26FA9D97433} - System32\Tasks\{A6EFA8B0-0E6C-49C3-9DDB-81D542A2D1F5} => pcalua.exe -a C:\Windows\unvise32.exe -c C:\Games\Lemonade Tycoon\Deluxe\uninstal.log
Task: {19818A66-9C6A-4E00-85A9-2C03A58F7AA5} - System32\Tasks\{701E15D1-5EFA-4ED6-9EE6-903E652B9E56} => D:\ConfigTool.exe
Task: {1A1FAE80-3315-4F2A-9838-FE4122F4BE3E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {251C110C-8386-4F6A-A2C9-48A217A2554B} - System32\Tasks\{5BED8C99-B888-433C-B558-29CF724897C0} => Chrome.exe 
Task: {40C1C43A-3E66-4644-B966-CA82D5FE6622} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {448F0E75-EFB7-4AAB-B42F-1C2ED7EDF819} - System32\Tasks\{7B478976-E56C-41B3-A889-25308FB70DC5} => pcalua.exe -a D:\Autorun.exe -d D:\
Task: {4973D486-168C-4467-B4C6-031A94DA92F8} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\MyStuff\Asus\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {50B74EC5-0109-4875-AC5B-08FD351E8E8D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2897107241-917314487-1310154325-1000Core => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {644E50EE-D823-49C0-8673-3C78D8BBBB97} - System32\Tasks\{857C73D2-1CA9-42B6-8B95-D80EF5F91DC1} => pcalua.exe -a "C:\Windows.old\Program Files (x86)\OkayFreedom\setuptool.exe" -d "C:\Windows.old\Program Files (x86)\OkayFreedom"
Task: {6E51A7E0-D38F-4C92-9CCF-E74745EBCCBD} - \Driver Booster SkipUAC (Admin) No Task File <==== ATTENTION
Task: {70E942FB-282D-4E6B-BE51-9BB994DC0A64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {89D8FC99-0E9A-400E-9423-F26BF25E5E33} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {920C1C59-D466-499A-A94A-7A3EE112035E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {9ED27160-0AD5-49A9-980A-1C7A45E33E77} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {9FDBA844-E42E-47E8-9A6A-DF02A597EBD6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {A80F3743-D177-446B-B438-73CF308E9084} - System32\Tasks\ASC8_SkipUac_Admin => C:\mystuff\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit)
Task: {B0BF2EB8-B30B-4D63-B657-2AC8578EC61F} - System32\Tasks\ASC8_PerformanceMonitor => C:\mystuff\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {BC05F33F-5B2E-4BF6-BC97-1F55F9FC7BEC} - System32\Tasks\{91A5B4F2-BB58-42C9-B538-0123CD3354EB} => D:\AutoRun.exe
Task: {C8BB97D8-D717-4E18-AD97-BB0E3A9A34DF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {DCAF1F6D-C500-42FA-A28D-D24AE95C6E27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {DE4064AA-E591-42BA-B5C4-6076972FB21D} - System32\Tasks\Opera scheduled Autoupdate 1429188192 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-07] (Opera Software)
Task: {E16F7F64-785F-4879-BD72-CF3F80A2F6BE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2897107241-917314487-1310154325-1000UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {E8A024B4-4E5C-4E78-AFCE-BF3D16594920} - System32\Tasks\{AC484F85-0206-4066-A413-5D14D2B3271F} => pcalua.exe -a D:\AutoRun.exe -d D:\
Task: {E8F4C604-B99D-4E90-9019-22E5F22289D5} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\MyStuff\Asus\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {F0C522AD-884A-4CDC-843C-1F491C061EB9} - \Driver Booster Update No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2897107241-917314487-1310154325-1000Core.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2897107241-917314487-1310154325-1000UA.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-25 12:45 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-08 14:44 - 2015-03-08 14:44 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2012-12-07 19:27 - 2012-12-07 19:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-02-03 18:46 - 2015-02-03 18:46 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-03-10 19:20 - 2015-03-10 19:20 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-03-02 16:43 - 2015-03-02 16:43 - 00099288 _____ () C:\mystuff\FileZilla FTP Client\fzshellext_64.dll
2014-12-18 16:10 - 2014-12-18 16:10 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-12-13 00:24 - 2014-12-13 00:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-03-14 14:45 - 2013-11-21 22:57 - 20585888 ____N () C:\MyStuff\DSL Soforthilfe\DSL_Soforthilfe.exe
2015-04-25 19:17 - 2015-04-24 19:25 - 01733448 _____ () C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\44.0.2382.0\libglesv2.dll
2015-04-25 19:17 - 2015-04-24 19:25 - 00093000 _____ () C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\44.0.2382.0\libegl.dll
2015-04-26 14:43 - 2015-04-26 14:43 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe
2015-03-22 16:29 - 2013-10-25 13:08 - 00517408 _____ () C:\mystuff\IObit\Advanced SystemCare 8\sqlite3.dll
2015-03-08 14:44 - 2015-04-26 12:32 - 00022528 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-03-08 14:44 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-12-18 16:06 - 2014-12-18 16:06 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 16:08 - 2014-12-18 16:08 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 16:09 - 2014-12-18 16:09 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 16:08 - 2014-12-18 16:08 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 16:09 - 2014-12-18 16:09 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-12-18 16:11 - 2014-12-18 16:11 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-12-18 16:14 - 2014-12-18 16:14 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-08-30 18:12 - 2014-08-30 18:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\kpcengine.2.3.dll
2015-03-22 16:29 - 2013-01-15 19:48 - 00348992 _____ () C:\mystuff\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-03-22 16:29 - 2013-01-15 19:48 - 00183616 _____ () C:\mystuff\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-03-22 16:29 - 2013-01-15 19:48 - 00051008 _____ () C:\mystuff\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-03-08 14:46 - 2011-07-12 20:14 - 00147456 _____ () C:\MyStuff\Asus\AI Suite II\AssistFunc.dll
2015-03-08 14:46 - 2010-10-05 09:22 - 00253952 _____ () C:\MyStuff\Asus\AI Suite II\pngio.dll
2015-03-08 14:46 - 2012-03-21 13:07 - 00972288 _____ () C:\MyStuff\Asus\AI Suite II\BarGadget\BarGadget.dll
2015-03-08 14:46 - 2012-07-12 12:27 - 01125376 _____ () C:\MyStuff\Asus\AI Suite II\Network iControl\Network iControl.dll
2015-03-08 14:46 - 2012-05-25 11:33 - 00883712 _____ () C:\MyStuff\Asus\AI Suite II\Sensor\Sensor.dll
2015-03-08 14:46 - 2012-05-28 22:27 - 01622528 _____ () C:\MyStuff\Asus\AI Suite II\Sensor Graph\SensorGraph.dll
2015-03-08 14:46 - 2011-09-19 21:18 - 01243136 _____ () C:\MyStuff\Asus\AI Suite II\Settings\Settings.dll
2015-03-08 14:46 - 2011-07-21 10:06 - 00846848 _____ () C:\MyStuff\Asus\AI Suite II\Splitter\Splitter.dll
2015-03-08 14:46 - 2011-10-14 21:03 - 00885248 _____ () C:\MyStuff\Asus\AI Suite II\TabGadget\TabGadget.dll
2015-03-08 14:44 - 2010-08-23 10:17 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2015-03-08 14:46 - 2010-10-05 09:22 - 00208896 _____ () C:\MyStuff\Asus\AI Suite II\ImageHelper.dll
2015-03-08 14:46 - 2009-08-12 21:15 - 00253952 _____ () C:\MyStuff\Asus\AI Suite II\Sensor\AlertHelper\pngio.dll
2015-03-08 14:46 - 2012-07-11 14:57 - 00152064 _____ () C:\MyStuff\Asus\AI Suite II\Network iControl\NetSvcHelp\gep.dll
2015-03-22 16:29 - 2013-01-15 19:47 - 00893248 _____ () C:\MyStuff\IObit\Advanced SystemCare 8\webres.dll
2015-03-22 16:29 - 2013-01-15 19:48 - 00348992 _____ () C:\mystuff\IObit\IObit Uninstaller\madExcept_.bpl
2015-03-22 16:29 - 2013-01-15 19:48 - 00183616 _____ () C:\mystuff\IObit\IObit Uninstaller\madBasic_.bpl
2015-03-22 16:29 - 2013-01-15 19:48 - 00051008 _____ () C:\mystuff\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-03-08 14:46 - 2012-05-10 17:38 - 00786432 _____ () C:\MyStuff\Asus\AI Suite II\Network iControl\NetSvcHelp\func.dll
2015-03-08 14:46 - 2010-10-05 09:22 - 00253952 _____ () C:\MyStuff\Asus\AI Suite II\Network iControl\NetSvcHelp\pngio.dll
2015-04-26 12:40 - 2015-04-26 12:40 - 00043008 _____ () c:\users\admin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa3nokf.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\dell.com -> dell.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2897107241-917314487-1310154325-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B5093128-BD39-4F2A-B12A-1B051772CE5E}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F714D1AA-AB26-41F2-9E53-D6860E7D7F4A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{679D759C-B9B6-468A-B7B2-B0DC7E77B63D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D6056236-36AE-4B04-936E-4EDB1FF0F3DC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{01F9A4FD-8944-4780-9B14-A601027B5B54}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9EB602C3-DC7C-4E05-98D1-4E577CDA077D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EFFFB17B-2C45-4AA0-9153-64318F88396B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D8CC8935-7204-419D-AA2B-06AA73B9BC4B}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{6EF97883-B640-4178-AC21-A0D7A8414C85}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{30C0475D-D2B9-4B62-9FCC-AE2BCAFA2BD1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6990B04E-D314-470A-8D65-7B5B367552F9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5068AE5E-6AA6-47BE-8C81-7140864CD90D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FCE483A1-7192-4453-9ACA-3E95FE13CF21}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{304FC498-2FC1-4336-9373-45945AC76FBD}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ED337DB5-F927-403E-B3E8-DD6BE77785C0}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B3995AA-9C43-4A83-A741-96630408D1B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{DEEB3993-5A18-45DA-930D-F5294819FA4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{165FB8D0-8C4B-4E93-B4B9-D8C9207D3834}] => (Allow) C:\Users\Admin\AppData\Local\Apps\2.0\BG1A3Z5H.GLC\KR34V786.273\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [{EEF2ED0A-DFE1-40F9-B5C6-9EA29D479E12}] => (Allow) C:\Users\Admin\AppData\Local\Apps\2.0\BG1A3Z5H.GLC\KR34V786.273\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [{866BCE60-409C-406B-B17B-6B0F5C2BC745}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3CD5DB73-2064-4BB0-A69F-DA06B9F3E5B0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F20897B8-504A-4CF7-B6D0-68A0C2DD2587}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E53865BC-854F-437F-B280-E2D2FEF4C58D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{993D861F-F87A-42A8-A585-DB493A203B0B}] => (Allow) C:\Program Files (x86)\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe
FirewallRules: [{C09B481A-B2B2-435B-A57C-AC0D1E48371A}] => (Allow) C:\Program Files (x86)\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe
FirewallRules: [{FF90BE29-6C97-4F37-ACF8-6C5BD73A0E7B}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5D03016B-9D17-408A-A658-C94E44BEFAD2}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A1AE9762-3551-4BDC-AB21-EA9ECAD8C442}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5F980772-19D0-43A1-95A9-BDBE01C1FF6C}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{79C7C257-EB7B-4541-BA4F-4A6F0C87B309}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{9ED48F84-2FC9-4302-89EF-9061B25DB01D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{6351247D-5EBE-4DB0-AFB6-AFE49C05412C}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{1927CB6E-F8D4-43C1-930E-858DBAD89969}] => (Allow) C:\MyStuff\Asus\AI Suite II\AI Suite II.exe
FirewallRules: [{9FCEC3D0-F7AD-4523-B394-6D35318F5C6F}] => (Allow) C:\MyStuff\Asus\AI Suite II\AI Suite II.exe
FirewallRules: [{A09D318E-8ACA-4DCE-B340-CFE72088E08D}] => (Allow) C:\MyStuff\DSL Soforthilfe\DSL_Soforthilfe.exe
FirewallRules: [{65EDCAC5-BCB8-42E1-94C5-3A5F2D1A8693}] => (Allow) C:\MyStuff\DSL Soforthilfe\DSL_Soforthilfe.exe
FirewallRules: [{DE4F105B-17AF-4C6B-8CF8-12F897450751}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3D4B25CF-908B-41C9-8334-2B7476F3FF1F}] => (Allow) C:\mystuff\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
FirewallRules: [{843A4135-63B2-41AB-9006-302D4F22D044}] => (Allow) C:\Program Files (x86)\concept design\onlineTV 11\onlineTV.exe
FirewallRules: [{BDAF5A92-45B9-430E-A919-4ACCA72B9CCF}] => (Allow) C:\Program Files (x86)\concept design\onlineTV 11\onlineTV.exe
FirewallRules: [{41E12B42-0856-4950-BD64-8F25ED8516AE}] => (Allow) C:\Users\Admin\AppData\Local\Apps\2.0\BG1A3Z5H.GLC\KR34V786.273\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [{C49E55F5-A48F-4ADE-BF3A-BF4E779895F4}] => (Allow) C:\Users\Admin\AppData\Local\Apps\2.0\BG1A3Z5H.GLC\KR34V786.273\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [{D493C102-0FA9-46D5-82CE-2EFF976EB8D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{383DD8F8-4A04-48A4-B6D9-A7AB70DE5930}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6DBF906-C093-4408-B945-B774B9EFDBF8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E7AAEA63-24F3-4D29-9339-153F568F122D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{695BC763-C4E7-4873-8C43-00B4E5D466FC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BF77153F-5186-474C-8F9D-BA2B7A32CE8C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DA9C52C0-4726-4ED4-9129-9C992212429A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5A346E7C-45E5-4464-82E4-928521CA334D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0FF3DFEF-3C6F-425F-863B-A3DF24310498}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8C5AC043-C522-401B-9FA3-E8AFBFD693F5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9EA35874-E0CC-44B3-859A-7F28B2037982}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{DF9EDED3-05C7-412E-8F1A-2099C146364C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{92551A0F-4ADA-40CD-ACCF-839DAEA1A3A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{344422EA-8C04-4DCE-8592-230018B0D896}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{221940D1-E694-46DE-BDF1-FCD4CCBB9A34}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B2CC07E0-3C8B-4719-8920-E49BBEFD328D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9A18ABBF-5A15-418D-9B66-CECD60F2C732}] => (Allow) C:\Windows.old\Program Files (x86)\OkayFreedom\polipo\node.exe
StandardProfile\AuthorizedApplications: [C:\mystuff)\xchat\xchat.exe] => C:\mystuff)\xchat\xchat.exe:*:Enabled:XChat IRC Client

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/26/2015 01:36:28 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (04/26/2015 01:36:28 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (04/26/2015 01:23:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (04/25/2015 09:33:16 PM) (Source: OkayFreedomStarterService) (EventID: 0) (User: )
Description: OkayFreedomStarterServicenStartServiceCtrlDispatcher failed.

Error: (04/25/2015 09:31:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OkayFreedomClient.exe, Version: 1.4.1.11192, Zeitstempel: 0x548af2fa
Name des fehlerhaften Moduls: OkayFreedomClient.exe, Version: 1.4.1.11192, Zeitstempel: 0x548af2fa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0007682a
ID des fehlerhaften Prozesses: 0x2bf8
Startzeit der fehlerhaften Anwendung: 0xOkayFreedomClient.exe0
Pfad der fehlerhaften Anwendung: OkayFreedomClient.exe1
Pfad des fehlerhaften Moduls: OkayFreedomClient.exe2
Berichtskennung: OkayFreedomClient.exe3

Error: (04/25/2015 09:27:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OkayFreedomClient.exe, Version: 1.4.1.11192, Zeitstempel: 0x548af2fa
Name des fehlerhaften Moduls: OkayFreedomClient.exe, Version: 1.4.1.11192, Zeitstempel: 0x548af2fa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0007682a
ID des fehlerhaften Prozesses: 0x2b4c
Startzeit der fehlerhaften Anwendung: 0xOkayFreedomClient.exe0
Pfad der fehlerhaften Anwendung: OkayFreedomClient.exe1
Pfad des fehlerhaften Moduls: OkayFreedomClient.exe2
Berichtskennung: OkayFreedomClient.exe3

Error: (04/25/2015 09:27:14 PM) (Source: OkayFreedomStarterService) (EventID: 0) (User: )
Description: OkayFreedomStarterServicenStartServiceCtrlDispatcher failed.

Error: (04/25/2015 09:25:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OkayFreedomClient.exe, Version: 1.4.1.11192, Zeitstempel: 0x548af2fa
Name des fehlerhaften Moduls: OkayFreedomClient.exe, Version: 1.4.1.11192, Zeitstempel: 0x548af2fa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0007682a
ID des fehlerhaften Prozesses: 0x2710
Startzeit der fehlerhaften Anwendung: 0xOkayFreedomClient.exe0
Pfad der fehlerhaften Anwendung: OkayFreedomClient.exe1
Pfad des fehlerhaften Moduls: OkayFreedomClient.exe2
Berichtskennung: OkayFreedomClient.exe3

Error: (04/24/2015 09:26:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (04/24/2015 07:53:18 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Die Schnittstelle ist unbekannt


System errors:
=============
Error: (04/26/2015 00:32:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kaspersky Anti-Virus Service 15.0.1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/25/2015 07:01:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/25/2015 07:00:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/25/2015 07:00:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost 5 Client Service erreicht.

Error: (04/25/2015 06:59:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎25.‎04.‎2015 um 18:57:35 unerwartet heruntergefahren.

Error: (04/24/2015 08:35:06 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (04/24/2015 08:34:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/24/2015 01:40:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/24/2015 01:40:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/24/2015 01:40:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (04/26/2015 01:36:28 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (04/26/2015 01:36:28 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (04/26/2015 01:23:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

Error: (04/25/2015 09:33:16 PM) (Source: OkayFreedomStarterService) (EventID: 0) (User: )
Description: OkayFreedomStarterServicenStartServiceCtrlDispatcher failed.

Error: (04/25/2015 09:31:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OkayFreedomClient.exe1.4.1.11192548af2faOkayFreedomClient.exe1.4.1.11192548af2fac00000050007682a2bf801d07f8e6e498952C:\MyStuff\OkayFreedom\OkayFreedomClient.exeC:\MyStuff\OkayFreedom\OkayFreedomClient.exeb3c6d596-eb81-11e4-91fb-08002700102a

Error: (04/25/2015 09:27:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OkayFreedomClient.exe1.4.1.11192548af2faOkayFreedomClient.exe1.4.1.11192548af2fac00000050007682a2b4c01d07f8dd70369f7C:\Windows.old\Program Files (x86)\OkayFreedom\OkayFreedomClient.exeC:\Windows.old\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe178faf96-eb81-11e4-91fb-08002700102a

Error: (04/25/2015 09:27:14 PM) (Source: OkayFreedomStarterService) (EventID: 0) (User: )
Description: OkayFreedomStarterServicenStartServiceCtrlDispatcher failed.

Error: (04/25/2015 09:25:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OkayFreedomClient.exe1.4.1.11192548af2faOkayFreedomClient.exe1.4.1.11192548af2fac00000050007682a271001d07f8d9a839ec0C:\Windows.old\Program Files (x86)\OkayFreedom\OkayFreedomClient.exeC:\Windows.old\Program Files (x86)\OkayFreedom\OkayFreedomClient.exee5b878e3-eb80-11e4-91fb-08002700102a

Error: (04/24/2015 09:26:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

Error: (04/24/2015 07:53:18 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Die Schnittstelle ist unbekannt


CodeIntegrity Errors:
===================================
  Date: 2015-02-13 15:55:38.956
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 15:55:38.939
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 15:54:23.643
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-13 15:54:23.584
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 47%
Total physical RAM: 8143.76 MB
Available physical RAM: 4309.91 MB
Total Pagefile: 16285.71 MB
Available Pagefile: 11472.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:641.41 GB) NTFS
Drive d: (DVD) (CDROM) (Total:4.36 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2E426742)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Alt 26.04.2015, 15:04   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Svchost Bitcoinminer - Standard

Svchost Bitcoinminer


Bitte FRST.txt auch in Codetags posten...



Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.


Los geht's:

Schritt 1



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.
__________________

__________________
Alt 26.04.2015, 15:07   #3
lolle1
 
Svchost Bitcoinminer - Standard

Svchost Bitcoinminer


Hallo Jürgen,
Gerne nehme ich deine Hilfe an.
Ich habe das alte FRST log noch also muss ich doch nicht noch mal scannen oder? Habe es nur noch nicht gepostet damit mein Thread bei unbeantwortet angezeigt wird!

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2015
Ran by Admin (administrator) on ADMIN-PC on 26-04-2015 14:49:13
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\MyStuff\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\MyStuff\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(IObit) C:\MyStuff\IObit\Advanced SystemCare 8\Monitor.exe
(ASUSTeK Computer Inc.) C:\MyStuff\Asus\AI Suite II\AsRoutineController.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(ASUSTeK Computer Inc.) C:\MyStuff\Asus\AI Suite II\AI Suite II.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7302\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ASUSTeK Computer Inc.) C:\MyStuff\Asus\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ASUSTeK Computer Inc.) C:\MyStuff\Asus\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
(IObit) C:\MyStuff\IObit\Advanced SystemCare 8\ASCTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\MyStuff\DSL Soforthilfe\DSL_Soforthilfe.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(IObit) C:\MyStuff\IObit\IObit Uninstaller\UninstallMonitor.exe
(ASUSTeK Computer Inc.) C:\MyStuff\Asus\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\plugin-nm-server.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
() C:\Users\Admin\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-19] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [DSL Soforthilfe] => C:\MyStuff\DSL Soforthilfe\DSL_Soforthilfe.exe [20585888 2013-11-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2163496 2013-07-03] (Palit Microsystems Ltd.)
HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\Run: [GoogleChromeAutoLaunch_04AD0F0F83AB3332014E744C67002C4A] => C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe [861512 2015-04-24] (Google Inc.)
HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\Run: [Advanced SystemCare 8] => C:\mystuff\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\Run: [OKAYFREEDOM_Agent] => "C:\Windows.old\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\MountPoints2: {1dcae78a-c26a-11e4-b854-08606eda161e} - E:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-02-13] ()
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-02-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1426522025&from=cor&uid=TOSHIBAXDT01ACA100_6357HJWNSXX6357HJWNSX&q={searchTerms}
SearchScopes: HKLM -> {59DDBC7A-A2A7-475F-94C1-53E3DEA19676} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2897107241-917314487-1310154325-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
SearchScopes: HKU\S-1-5-21-2897107241-917314487-1310154325-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll [2015-02-04] (Kaspersky Lab ZAO)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\MyStuff\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-03-22] (IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\MyStuff\Android\Appprogramierung\Java\bin\ssv.dll [2015-04-20] (Oracle Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll [2015-02-04] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\MyStuff\Android\Appprogramierung\Java\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll [2015-02-04] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll [2015-02-04] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll [2015-02-04] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll [2015-02-04] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\MyStuff\Android\Appprogramierung\Java\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\MyStuff\Android\Appprogramierung\Java\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com [2015-02-04] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\online_banking@kaspersky.com [2015-02-04] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-02-04] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2897107241-917314487-1310154325-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2897107241-917314487-1310154325-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com [2015-02-04]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-02-04]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\online_banking@kaspersky.com [2015-02-04]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1426522025&from=cor&uid=TOSHIBAXDT01ACA100_6357HJWNSXX6357HJWNSX"
CHR DefaultSearchKeyword: Default -> sweet-page
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-03]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-03]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Bookmark Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-03]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\mystuff\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2015-03-08] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2015-03-08] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2015-03-08] (ASUSTeK Computer Inc.)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S4 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-02-26] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-19] (NVIDIA Corporation)
S3 GSService; C:\Windows\SysWOW64\GSService.exe [490208 2013-07-10] ()
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
S4 MBAMScheduler; C:\adwcleaner\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\adwcleaner\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-19] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833872 2015-01-19] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-10] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-03-10] ()
R2 RzKLService; C:\mystuff\Razer Cortex\RzKLService.exe [129168 2015-03-12] (Razer Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2015-03-22] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2015-01-31] (AVM Berlin)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 DIRECTIO; C:\mystuff\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-04-18] (Disc Soft Ltd)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-22] (REALiX(tm))
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-02-04] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-02-04] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527872 2007-11-08] (PixArt Imaging Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-03-10] (Razer, Inc.)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 14:49 - 2015-04-26 14:49 - 00026808 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-04-26 14:48 - 2015-04-26 14:49 - 00000000 ____D () C:\FRST
2015-04-26 14:47 - 2015-04-26 14:47 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log
2015-04-26 14:47 - 2015-04-26 14:47 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-04-26 14:43 - 2015-04-26 14:43 - 02101248 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-04-26 14:43 - 2015-04-26 14:43 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe
2015-04-26 14:42 - 2015-04-26 14:43 - 00380416 _____ () C:\Users\Admin\Downloads\j3ygeo5i.exe
2015-04-26 14:32 - 2015-04-26 14:33 - 00004766 _____ () C:\Users\Admin\Documents\2.txt
2015-04-26 14:31 - 2015-04-26 14:31 - 00008329 _____ () C:\Users\Admin\Documents\1.txt
2015-04-26 13:23 - 2015-04-26 13:23 - 01604608 _____ () C:\Users\Admin\Downloads\WB_XII_1_BinaerdarstellungInformation.ppt
2015-04-25 21:28 - 2015-04-25 21:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Steganos VPN
2015-04-25 21:26 - 2015-04-25 21:26 - 00003222 _____ () C:\Windows\System32\Tasks\{857C73D2-1CA9-42B6-8B95-D80EF5F91DC1}
2015-04-25 21:25 - 2015-04-25 21:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Steganos
2015-04-25 20:19 - 2015-04-25 20:19 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Admin\Downloads\Babylon10_setup_ns.exe
2015-04-24 14:01 - 2015-04-24 14:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\SvchostViewer
2015-04-24 13:56 - 2015-04-24 13:56 - 00040538 _____ () C:\Users\Admin\Downloads\Svchost Viewer Ver 0.5.0.1.zip
2015-04-24 13:47 - 2015-04-26 14:30 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-24 13:46 - 2015-04-24 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-24 13:46 - 2015-04-24 13:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-24 13:46 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-24 13:46 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-24 13:46 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-24 13:45 - 2015-04-24 13:46 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-04-24 13:44 - 2015-04-24 13:44 - 00003981 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-04-24 13:39 - 2015-04-24 13:40 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-24 13:39 - 2015-04-24 13:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ADMIN-PC-Windows-7-Professional-(64-bit).dat
2015-04-24 13:39 - 2015-04-24 13:39 - 00000000 ____D () C:\RegBackup
2015-04-24 13:36 - 2015-04-24 13:38 - 00001764 _____ () C:\Users\Admin\Desktop\Rkill.txt
2015-04-24 13:27 - 2015-04-24 13:27 - 01190415 _____ () C:\Users\Admin\Downloads\ProcessExplorer.zip
2015-04-23 21:22 - 2015-04-23 21:22 - 04156986 _____ () C:\Users\Admin\Downloads\youtube-tubemate.2.95.apk
2015-04-20 15:59 - 2015-04-20 15:59 - 00000000 ____D () C:\Users\Admin\.eclipse
2015-04-20 13:38 - 2015-04-20 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-04-20 13:27 - 2015-04-20 13:37 - 215762517 _____ () C:\Users\Admin\Downloads\eclipse-standard-luna-R-win32.zip
2015-04-20 13:26 - 2015-04-20 13:37 - 189180832 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jdk-8u45-windows-x64.exe
2015-04-19 18:39 - 2015-04-19 18:40 - 41948672 _____ (The Chromium Authors) C:\Users\Admin\Downloads\mini_installer.exe
2015-04-19 18:32 - 2015-04-19 18:34 - 94109972 _____ () C:\Users\Admin\Downloads\chrome-win32.zip
2015-04-18 17:42 - 2015-04-18 17:42 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-04-18 17:39 - 2015-04-18 17:40 - 13223208 _____ (Disc Soft Ltd) C:\Users\Admin\Downloads\DTLite501-0406 (1).exe
2015-04-18 17:36 - 2015-04-18 17:55 - 00000000 ____D () C:\Users\Admin\VirtualBox VMs
2015-04-18 16:27 - 2015-04-18 17:55 - 00000000 ____D () C:\Users\Admin\.VirtualBox
2015-04-18 16:27 - 2015-04-18 16:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\Genymobile
2015-04-18 16:13 - 2015-04-18 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-04-18 16:13 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-04-18 16:12 - 2014-05-16 14:03 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-04-18 16:03 - 2015-04-18 16:04 - 09390250 _____ () C:\Users\Admin\Downloads\Genymotion Flash file.zip
2015-04-18 16:00 - 2015-04-18 16:07 - 133567504 _____ (Genymobile ) C:\Users\Admin\Downloads\genymotion-2.4.0-vbox.exe
2015-04-18 15:20 - 2015-04-18 15:20 - 20614780 _____ () C:\Users\Admin\Downloads\WhatsApp.apk
2015-04-18 14:59 - 2015-04-18 15:00 - 20624992 _____ () C:\Users\Admin\Downloads\WhatsApp42.apk
2015-04-17 17:22 - 2015-04-17 17:22 - 00258097 _____ () C:\Users\Admin\Downloads\nirsoft_package_german-17-06-14.zip
2015-04-17 17:15 - 2015-04-17 17:15 - 01203488 _____ () C:\Users\Admin\Downloads\NirLauncher deutsche Sprachdatei - CHIP-Installer.exe
2015-04-17 17:15 - 2015-04-17 17:15 - 00384068 _____ () C:\Users\Admin\Downloads\nirsoft_sprachpaket_deutsch.zip
2015-04-17 17:15 - 2015-04-17 17:15 - 00384068 _____ () C:\Users\Admin\Downloads\nirsoft_sprachpaket_deutsch (1).zip
2015-04-17 06:05 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-17 06:05 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-17 06:05 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-17 06:05 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-17 06:05 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-17 06:05 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-17 06:05 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-17 06:05 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-17 06:05 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-17 06:05 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-17 06:05 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-17 06:05 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-17 06:05 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-17 06:05 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-17 06:05 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-17 06:05 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-17 06:05 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-17 06:05 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-17 06:05 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-17 06:05 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-17 06:05 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-17 06:05 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-17 06:05 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-17 06:05 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-17 06:05 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-17 06:05 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-17 06:05 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-17 06:05 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-17 06:05 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-17 06:05 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-17 06:05 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-17 06:05 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-17 06:05 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-17 06:05 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-17 06:05 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-17 06:05 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-17 06:05 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-17 06:05 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-17 06:05 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-17 06:05 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-17 06:05 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-17 06:05 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-17 06:05 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-17 06:05 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-17 06:05 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-17 06:05 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-17 06:05 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-17 06:05 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-17 06:05 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-17 06:05 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-17 06:05 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-17 06:05 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-17 06:05 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-17 06:05 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-17 06:05 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-17 06:05 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-17 06:05 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-17 06:05 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-17 06:03 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-17 06:03 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-17 06:03 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-17 06:03 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-17 06:03 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-17 06:03 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-17 06:03 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-17 06:03 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-17 06:02 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-17 06:02 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-17 06:02 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-17 06:02 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-17 06:02 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-17 06:02 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-17 06:02 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-17 06:02 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-17 06:02 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-17 06:02 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-17 06:02 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-17 06:02 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-17 06:02 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-17 06:02 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-17 06:02 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-17 06:02 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-17 06:02 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-17 06:02 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-17 06:02 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-17 06:02 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-17 06:02 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-17 06:02 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-17 06:02 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-17 06:02 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-17 06:02 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-17 06:02 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-17 06:02 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-17 06:02 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-17 06:02 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-17 06:02 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-17 06:02 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-17 06:02 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-17 06:02 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-17 06:02 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-17 05:57 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-17 05:57 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-17 05:57 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 14:43 - 2015-04-16 14:43 - 00003842 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429188192
2015-04-16 14:43 - 2015-04-16 14:43 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-16 14:43 - 2015-04-16 14:43 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2015-04-16 14:43 - 2015-04-16 14:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2015-04-16 14:41 - 2015-04-22 14:04 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-16 14:39 - 2015-04-16 14:39 - 03015656 _____ (Crystal Dew World ) C:\Users\Admin\Downloads\CrystalDiskInfo6_3_2-en.exe
2015-04-14 12:16 - 2015-04-14 12:17 - 52380855 _____ () C:\Users\Admin\Downloads\Clash of Clans_7.1.1.apk
2015-04-14 12:04 - 2015-04-14 12:04 - 00002444 _____ () C:\Users\Admin\Desktop\Chrome App Launcher für Canary.lnk
2015-04-13 14:04 - 2015-04-25 21:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2015-04-12 13:50 - 2015-04-12 13:50 - 00000000 ____D () C:\ProgramData\HP
2015-04-12 08:57 - 2015-04-12 08:57 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2015-04-12 08:56 - 2015-04-12 08:56 - 00977624 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-04-12 08:56 - 2015-04-12 08:56 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-12 08:54 - 2015-04-12 08:54 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-11 02:33 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-11 02:33 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-11 02:33 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-10 15:07 - 2015-04-10 15:07 - 00330518 _____ () C:\Users\Admin\Documents\Documents.rar
2015-04-08 18:23 - 2015-04-08 18:23 - 00000000 ____D () C:\Users\Admin\Documents\PassMark
2015-04-08 18:23 - 2015-04-08 18:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\PassMark
2015-04-08 18:23 - 2015-04-08 18:23 - 00000000 ____D () C:\ProgramData\Passmark
2015-04-08 18:23 - 2015-04-08 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
2015-04-08 16:21 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-04-08 16:21 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-04-08 16:21 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-04-08 16:21 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-04-08 16:21 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-04-08 16:21 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-04-08 16:21 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-04-08 16:21 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-04-08 16:21 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-04-08 16:21 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-04-08 16:21 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-04-08 16:21 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-04-08 16:21 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-08 16:21 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-04-08 16:21 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-08 16:19 - 2015-04-08 16:21 - 00000000 ____D () C:\c8ba8a38767b4e9aaa
2015-04-08 16:18 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-08 16:18 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-08 16:18 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-08 16:18 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-08 16:18 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-08 16:18 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-08 16:18 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-08 16:18 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-08 15:01 - 2015-04-08 15:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\1
2015-04-08 14:40 - 2015-04-08 14:40 - 00000000 ____D () C:\Users\Admin\Documents\Visual Studio 2012
2015-04-08 14:39 - 2015-04-08 14:39 - 00000000 ____D () C:\Program Files (x86)\NuGet
2015-04-08 14:26 - 2015-04-08 14:26 - 00000000 ____D () C:\Windows\symbols
2015-04-06 17:16 - 2015-04-06 19:23 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dvdcss
2015-04-05 21:18 - 2015-04-05 21:18 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 21:18 - 2015-04-05 21:18 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 14:47 - 2015-01-25 12:32 - 00000000 ____D () C:\Users\Admin
2015-04-26 14:34 - 2015-02-03 13:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 14:18 - 2015-01-25 13:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-26 14:16 - 2015-01-25 13:05 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2897107241-917314487-1310154325-1000UA.job
2015-04-26 13:29 - 2015-01-25 13:08 - 00002422 _____ () C:\Users\Admin\Desktop\Google Chrome Canary.lnk
2015-04-26 12:48 - 2015-02-04 14:05 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-26 12:41 - 2015-02-10 18:39 - 00000000 ___RD () C:\Users\Admin\Dropbox
2015-04-26 12:41 - 2009-07-14 06:45 - 00025680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-26 12:41 - 2009-07-14 06:45 - 00025680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-26 12:40 - 2015-02-10 18:39 - 00001017 _____ () C:\Users\Admin\Desktop\Dropbox.lnk
2015-04-26 12:40 - 2015-02-10 18:20 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-26 12:40 - 2015-02-10 18:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2015-04-26 12:38 - 2015-01-25 12:10 - 01743553 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 12:34 - 2015-01-25 15:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-04-26 12:33 - 2015-03-03 15:49 - 00000000 ____D () C:\Users\Admin\AppData\Local\HTC MediaHub
2015-04-26 12:33 - 2015-02-03 13:23 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 12:32 - 2015-02-04 10:59 - 00038164 _____ () C:\Windows\setupact.log
2015-04-26 12:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-25 21:31 - 2015-02-13 18:36 - 00000000 ____D () C:\MyStuff
2015-04-25 20:34 - 2015-01-31 10:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-25 20:16 - 2015-01-25 13:05 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2897107241-917314487-1310154325-1000Core.job
2015-04-24 20:32 - 2015-02-04 10:58 - 00079102 _____ () C:\Windows\PFRO.log
2015-04-24 17:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2015-04-24 13:47 - 2014-02-19 16:09 - 00000000 ____D () C:\adwareentferner
2015-04-24 13:46 - 2014-02-19 15:39 - 00000000 ____D () C:\AdwCleaner
2015-04-24 13:41 - 2015-03-16 18:07 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-04-22 23:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-22 16:28 - 2015-02-05 13:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-22 16:27 - 2015-02-05 13:09 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-22 16:27 - 2015-02-05 13:09 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-21 12:28 - 2015-01-25 21:04 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-04-21 12:28 - 2015-01-25 21:04 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-04-21 12:28 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-21 12:14 - 2015-01-28 15:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-21 12:10 - 2015-01-28 15:04 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-20 15:29 - 2015-03-03 15:38 - 00000000 ____D () C:\Users\Admin\.android
2015-04-20 13:40 - 2015-02-14 11:07 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-20 13:38 - 2015-02-14 11:07 - 00000000 ____D () C:\Program Files\Java
2015-04-20 13:26 - 2015-01-25 12:51 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-19 18:45 - 2015-03-22 16:29 - 00002880 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Admin
2015-04-19 17:25 - 2015-03-22 16:29 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-19 10:07 - 2015-03-22 16:31 - 00002144 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-04-17 01:36 - 2015-02-03 13:25 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 21:18 - 2015-01-25 13:59 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 21:18 - 2015-01-25 13:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 21:18 - 2015-01-25 13:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 12:04 - 2015-01-25 13:08 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary
2015-04-13 17:49 - 2015-01-31 11:19 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-04-12 13:49 - 2015-01-25 13:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
2015-04-12 08:56 - 2015-01-25 12:59 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-04-12 08:56 - 2015-01-25 12:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-12 08:55 - 2015-01-25 12:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-12 08:54 - 2015-01-25 14:53 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-12 08:54 - 2015-01-25 14:53 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-12 08:54 - 2015-01-25 12:45 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-12 08:54 - 2015-01-25 12:45 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-12 08:54 - 2015-01-25 12:45 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-04-12 08:54 - 2015-01-25 12:44 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-10 19:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-10 15:25 - 2015-01-25 14:03 - 00000000 ___HD () C:\ProgramData\Origin
2015-04-10 15:25 - 2015-01-25 14:02 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-09 16:15 - 2015-01-31 13:16 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-04-09 08:37 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-08 22:18 - 2015-01-27 07:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-08 22:18 - 2015-01-27 07:16 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-08 16:24 - 2015-03-18 15:19 - 00000000 ____D () C:\ProgramData\IObit
2015-04-08 16:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-08 14:39 - 2015-01-25 15:27 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-08 14:38 - 2015-03-17 20:56 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-04-08 14:38 - 2015-03-17 20:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-04-08 14:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-08 14:30 - 2015-03-17 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2015-04-08 14:19 - 2015-03-17 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012 Express
2015-04-08 14:12 - 2015-03-17 21:02 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-04-08 14:12 - 2015-03-17 21:02 - 00000000 ____D () C:\Windows\SysWOW64\1031
2015-04-08 14:12 - 2015-03-17 21:02 - 00000000 ____D () C:\Windows\system32\1033
2015-04-08 14:12 - 2015-03-17 21:02 - 00000000 ____D () C:\Windows\system32\1031
2015-04-07 15:06 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-06 19:23 - 2015-01-25 14:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-04-06 08:55 - 2015-03-22 16:29 - 00001878 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-04-05 09:21 - 2015-01-25 13:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-04-05 09:20 - 2015-03-18 15:30 - 00001625 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk

==================== Files in the root of some directories =======

2015-02-04 17:23 - 2015-03-17 14:00 - 0007587 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\bitool.dll
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa3nokf.dll
C:\Users\Admin\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.2-R0.3-66-g43d8943-b3078jnks.dll
C:\Users\Admin\AppData\Local\Temp\launcher_vs2012_sp4_vcredist_x86.exe
C:\Users\Admin\AppData\Local\Temp\procexp64.exe
C:\Users\Admin\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Admin\AppData\Local\Temp\unins000.exe
C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 21:23

==================== End Of Log ============================
--- --- ---
__________________
Alt 26.04.2015, 15:33   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Svchost Bitcoinminer - Standard

Svchost Bitcoinminer


Hi,

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
CloseProcesses:
Task: {11021CBA-17D1-407F-89DB-7D664689B835} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-02-04] () 
Task: {6E51A7E0-D38F-4C92-9CCF-E74745EBCCBD} - \Driver Booster SkipUAC (Admin) No Task File 
Task: {9ED27160-0AD5-49A9-980A-1C7A45E33E77} - \Driver Booster Scan No Task File 
Task: {F0C522AD-884A-4CDC-843C-1F491C061EB9} - \Driver Booster Update No Task File 
C:\ProgramData\Origin\update.vbe
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?
CHR DefaultSearchKeyword: Default -> sweet-page
EmptyTemp:
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 26.04.2015, 15:49   #5
lolle1
 
Svchost Bitcoinminer - Standard

Svchost Bitcoinminer


Log file :
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2015
Ran by Admin at 2015-04-26 16:42:46 Run:1
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
Task: {11021CBA-17D1-407F-89DB-7D664689B835} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-02-04] () 
Task: {6E51A7E0-D38F-4C92-9CCF-E74745EBCCBD} - \Driver Booster SkipUAC (Admin) No Task File 
Task: {9ED27160-0AD5-49A9-980A-1C7A45E33E77} - \Driver Booster Scan No Task File 
Task: {F0C522AD-884A-4CDC-843C-1F491C061EB9} - \Driver Booster Update No Task File 
C:\ProgramData\Origin\update.vbe
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?
CHR DefaultSearchKeyword: Default -> sweet-page
EmptyTemp:
         
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11021CBA-17D1-407F-89DB-7D664689B835}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11021CBA-17D1-407F-89DB-7D664689B835}" => Key deleted successfully.
C:\Windows\System32\Tasks\Origin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E51A7E0-D38F-4C92-9CCF-E74745EBCCBD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E51A7E0-D38F-4C92-9CCF-E74745EBCCBD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Admin)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9ED27160-0AD5-49A9-980A-1C7A45E33E77}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ED27160-0AD5-49A9-980A-1C7A45E33E77}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0C522AD-884A-4CDC-843C-1F491C061EB9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0C522AD-884A-4CDC-843C-1F491C061EB9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key deleted successfully.
C:\ProgramData\Origin\update.vbe => Moved successfully.
"C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe" => File/Directory not found.
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe" => File/Directory not found.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
EmptyTemp: => Removed 3.8 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 16:43:14 ====
(Computer musste nach fix neu gestartet werden)


Fast vergessen! JRT und Rkill hab ich auch schon suchen lassen hier die logs:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2015
Ran by Admin at 2015-04-26 16:42:46 Run:1
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
Task: {11021CBA-17D1-407F-89DB-7D664689B835} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-02-04] () 
Task: {6E51A7E0-D38F-4C92-9CCF-E74745EBCCBD} - \Driver Booster SkipUAC (Admin) No Task File 
Task: {9ED27160-0AD5-49A9-980A-1C7A45E33E77} - \Driver Booster Scan No Task File 
Task: {F0C522AD-884A-4CDC-843C-1F491C061EB9} - \Driver Booster Update No Task File 
C:\ProgramData\Origin\update.vbe
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?
CHR DefaultSearchKeyword: Default -> sweet-page
EmptyTemp:
         
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11021CBA-17D1-407F-89DB-7D664689B835}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11021CBA-17D1-407F-89DB-7D664689B835}" => Key deleted successfully.
C:\Windows\System32\Tasks\Origin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E51A7E0-D38F-4C92-9CCF-E74745EBCCBD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E51A7E0-D38F-4C92-9CCF-E74745EBCCBD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Admin)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9ED27160-0AD5-49A9-980A-1C7A45E33E77}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ED27160-0AD5-49A9-980A-1C7A45E33E77}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0C522AD-884A-4CDC-843C-1F491C061EB9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0C522AD-884A-4CDC-843C-1F491C061EB9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => Key deleted successfully.
C:\ProgramData\Origin\update.vbe => Moved successfully.
"C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe" => File/Directory not found.
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe" => File/Directory not found.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
EmptyTemp: => Removed 3.8 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 16:43:14 ====
Code:
ATTFilter
Rkill 2.6.5 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 hxxp://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/24/2015 01:36:37 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
Sorry hab den 1. code doppelt gepostet!
JRK log ist das hier:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.2 (04.24.2015:1)
OS: Windows 7 Professional x64
Ran by Admin on 24.04.2015 at 13:38:50,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster Scan
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster SkipUAC (Admin)
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster Update



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2897107241-917314487-1310154325-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{59DDBC7A-A2A7-475F-94C1-53E3DEA19676}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}



~~~ Files

Successfully deleted: [File] C:\Users\Admin\favorites\links\startfenster.lnk
Successfully deleted: [File] C:\Users\Admin\favorites\startfenster.lnk
Successfully deleted: [File] C:\Windows\prefetch\DRIVERBOOSTER.EXE-51D78DCC.pf



~~~ Folders

Failed to delete: [Folder] C:\Program Files (x86)\xtab
Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\opencandy





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.04.2015 at 13:44:20,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Alt 26.04.2015, 15:55   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Svchost Bitcoinminer - Standard

Svchost Bitcoinminer


Das Zeug sollte jetzt weg sein. Schauen wir mal was ESET sagt:

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> Svchost Bitcoinminer

Alt 27.04.2015, 06:17   #7
lolle1
 
Svchost Bitcoinminer - Standard

Svchost Bitcoinminer


Sorry das es so lange gedauert hat aber erst kommt beim runterladen ein Fehler (2200) und dann dauern die letzten 5% vom scan fast 7 h...
Hier das log file (habe 64 bit und eset ist nur in Programm x86 aber in deiner Anleitung steht 'auch'...):
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8d8fd1957893d942a0a0c9ad825cb78c
# engine=23570
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-26 10:35:58
# local_time=2015-04-27 12:35:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 28351 181717608 0 0
# scanned=838982
# found=93
# cleaned=0
# scan_time=24792
sh=02DB8C0132596F0E2B2CBED4A81D6DCDFE050D50 ft=1 fh=40c9877dbec53ba0 vn="Win32/AdWare.Linkular.AH Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\DownloadGuide\Offers\Lollipop.exe.vir"
sh=F8935573391555518C560A87DA9D48A7AFB964A9 ft=1 fh=d5f378fbab67b337 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\DownloadGuide\Offers\vis-freeware.exe.vir"
sh=BB72EABF2D1E31EDD3451DC0FE909809E59AE13E ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip.vir"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=93F0172E398465FE8830AB01A70FDCA12EB11C4C ft=1 fh=4084d826ec2cd038 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Windows Net Data\uninstaller.exe.vir"
sh=3A63C614A6BC9FD4BA7BC70409E4B5B996173A74 ft=0 fh=0000000000000000 vn="VBS/Kryptik.DC Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Origin\update.vbe.xBAD"
sh=AEFEA1ED691D37567FF048D6152E460F110271E6 ft=1 fh=f02ac2a1615338bf vn="Variante von Win32/Toolbar.Babylon.AD evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\Babylon10_setup_ns.exe"
sh=521D87DA556F595112FADEEB70289C1EDEC9CD2D ft=1 fh=a4e2f3bd4917d16b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\NirLauncher deutsche Sprachdatei - CHIP-Installer.exe"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Anwendungsdaten\0D0S1L2Z1P1B0T1P1B2Z\PDF Creator Packages\uninstaller.exe"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\AppData\Local\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\AppData\Local\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\AppData\Local\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\AppData\Local\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\AppData\Local\Anwendungsdaten\Temp\DMR\dmr_72.exe"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\AppData\Local\Temp\DMR\dmr_72.exe"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\PDF Creator Packages\uninstaller.exe"
sh=DC237900C3E443C0480D8236445AF1D10CB5D02A ft=1 fh=64f0efab868ca4dc vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Documents\Downloads\Download App\Cloud_Backup_Setup.exe"
sh=D381DFE63CC00A0229BD80532E3784329EF3CB8A ft=1 fh=447adbb61bfaa190 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Documents\Downloads\Download App\driver_booster_setup.exe"
sh=016876E8C5CBA18826434F10EC0FAFC7E59CE566 ft=1 fh=598b52a2dcee33d5 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Documents\Downloads\Download App\iobit-malware-fighter-setup.exe"
sh=39317F29ED71EADD10C47DB1D7E45E019A0B8A65 ft=1 fh=b933aa0a95327e80 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Downloads\Neuer Ordner\Adblock-Plus-fr-Android-lnstall.exe"
sh=29D1C8FC42BD4080B01FC1CBF86D619DDE351A5B ft=1 fh=d20e78d0d2923a70 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Downloads\Neuer Ordner\Vollversion Aiseesoft Video Downloader - CHIP-Installer.exe"
sh=9453718DCDB76BF7BC6C886911D1BB5A815CF1B5 ft=1 fh=f62d8ee4769392ce vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Downloads\Neuer Ordner\Vollversion OkayFreedom Premium Flat - CHIP-Installer.exe"
sh=DC237900C3E443C0480D8236445AF1D10CB5D02A ft=1 fh=64f0efab868ca4dc vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Eigene Dateien\Downloads\Download App\Cloud_Backup_Setup.exe"
sh=D381DFE63CC00A0229BD80532E3784329EF3CB8A ft=1 fh=447adbb61bfaa190 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Eigene Dateien\Downloads\Download App\driver_booster_setup.exe"
sh=016876E8C5CBA18826434F10EC0FAFC7E59CE566 ft=1 fh=598b52a2dcee33d5 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Eigene Dateien\Downloads\Download App\iobit-malware-fighter-setup.exe"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Lokale Einstellungen\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Lokale Einstellungen\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Lokale Einstellungen\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Lokale Einstellungen\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\Admin\Lokale Einstellungen\Temp\DMR\dmr_72.exe"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\All Users\Anwendungsdaten\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\All Users\Anwendungsdaten\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\All Users\Anwendungsdaten\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\All Users\Anwendungsdaten\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\All Users\Application Data\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\All Users\Application Data\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\All Users\Application Data\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\All Users\Application Data\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js"
sh=5D475D7A698727B6822F0A18CDE3123FADD74FBB ft=1 fh=4552286d4a40f6c9 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll"
sh=6DD31638436D3C2645064339B0278D47BCB423CE ft=1 fh=c8582991420ae0a9 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll"
sh=33B87A26CE0E5505F61AA6B11D7613571F7DBD95 ft=1 fh=29656c1da0148433 vn="Variante von Win32/Toolbar.Babylon.AD evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\Babylon\Babylon-Pro\Utils\GUninstaller.exe"
sh=C2D2063A0007EF5EBB2BDE3D2609F32290F559C5 ft=1 fh=115a5dd9e33fd729 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe"
sh=0387A207C939F3D82BF549D141D717762B7A7C79 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SmartSaver+ 15\bfe8919f-c581-4208-af74-d4ce09234fa6.crx"
sh=449D3B6C89552CD53BC23ABC9C48D1E484758BAA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files (x86)\SmartSaver+ 15\bfe8919f-c581-4208-af74-d4ce09234fa6.xpi"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Anwendungsdaten\0D0S1L2Z1P1B0T1P1B2Z\PDF Creator Packages\uninstaller.exe"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\AppData\Local\Temp\DMR\dmr_72.exe"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\PDF Creator Packages\uninstaller.exe"
sh=DC237900C3E443C0480D8236445AF1D10CB5D02A ft=1 fh=64f0efab868ca4dc vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Documents\Downloads\Download App\Cloud_Backup_Setup.exe"
sh=D381DFE63CC00A0229BD80532E3784329EF3CB8A ft=1 fh=447adbb61bfaa190 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Documents\Downloads\Download App\driver_booster_setup.exe"
sh=016876E8C5CBA18826434F10EC0FAFC7E59CE566 ft=1 fh=598b52a2dcee33d5 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Documents\Downloads\Download App\iobit-malware-fighter-setup.exe"
sh=39317F29ED71EADD10C47DB1D7E45E019A0B8A65 ft=1 fh=b933aa0a95327e80 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Downloads\Neuer Ordner\Adblock-Plus-fr-Android-lnstall.exe"
sh=29D1C8FC42BD4080B01FC1CBF86D619DDE351A5B ft=1 fh=d20e78d0d2923a70 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Downloads\Neuer Ordner\Vollversion Aiseesoft Video Downloader - CHIP-Installer.exe"
sh=9453718DCDB76BF7BC6C886911D1BB5A815CF1B5 ft=1 fh=f62d8ee4769392ce vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Downloads\Neuer Ordner\Vollversion OkayFreedom Premium Flat - CHIP-Installer.exe"
sh=DC237900C3E443C0480D8236445AF1D10CB5D02A ft=1 fh=64f0efab868ca4dc vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Eigene Dateien\Downloads\Download App\Cloud_Backup_Setup.exe"
sh=D381DFE63CC00A0229BD80532E3784329EF3CB8A ft=1 fh=447adbb61bfaa190 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Eigene Dateien\Downloads\Download App\driver_booster_setup.exe"
sh=016876E8C5CBA18826434F10EC0FAFC7E59CE566 ft=1 fh=598b52a2dcee33d5 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Eigene Dateien\Downloads\Download App\iobit-malware-fighter-setup.exe"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Lokale Einstellungen\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Lokale Einstellungen\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Lokale Einstellungen\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Lokale Einstellungen\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Admin\Lokale Einstellungen\Temp\DMR\dmr_72.exe"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Anwendungsdaten\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Anwendungsdaten\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Anwendungsdaten\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Anwendungsdaten\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Application Data\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Application Data\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Application Data\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Application Data\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js"
sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-3811033628-1292724682-1629323850-1000\Chrome\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js"
sh=BA39F8C9886EF4AABD72262B192DB8A177C7E206 ft=1 fh=078180abaf06d010 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\System32\roboot64.exe"

Alt 27.04.2015, 10:09   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Svchost Bitcoinminer - Standard

Svchost Bitcoinminer


Hi,
sieht gut aus.

Wie kann ich den Ordner "Windows.old" entfernen?

Bitte nochmal frisches FRST-Log.

Schritt 1



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.


Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 27.04.2015, 13:09   #9
lolle1
 
Svchost Bitcoinminer - Standard

Svchost Bitcoinminer



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015
Ran by Admin (administrator) on ADMIN-PC on 27-04-2015 14:02:22
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\MyStuff\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\MyStuff\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7302\Monitor.exe
(IObit) C:\MyStuff\IObit\Advanced SystemCare 8\Monitor.exe
(ASUSTeK Computer Inc.) C:\MyStuff\Asus\AI Suite II\AsRoutineController.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(IObit) C:\MyStuff\IObit\Advanced SystemCare 8\ASCTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\MyStuff\DSL Soforthilfe\DSL_Soforthilfe.exe
(ASUSTeK Computer Inc.) C:\MyStuff\Asus\AI Suite II\AI Suite II.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK Computer Inc.) C:\MyStuff\Asus\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(ASUSTeK Computer Inc.) C:\MyStuff\Asus\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(IObit) C:\MyStuff\IObit\IObit Uninstaller\UninstallMonitor.exe
(ASUSTeK Computer Inc.) C:\MyStuff\Asus\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cleanmgr.exe
(Microsoft Corporation) C:\Users\Admin\AppData\Local\Temp\33102C93-B2FE-4341-9DAB-E9AC678A5DC3\DismHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-19] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [DSL Soforthilfe] => C:\MyStuff\DSL Soforthilfe\DSL_Soforthilfe.exe [20585888 2013-11-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2163496 2013-07-03] (Palit Microsystems Ltd.)
HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\Run: [GoogleChromeAutoLaunch_04AD0F0F83AB3332014E744C67002C4A] => C:\Users\Admin\AppData\Local\Google\Chrome SxS\Application\chrome.exe [862024 2015-04-25] (Google Inc.)
HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\Run: [Advanced SystemCare 8] => C:\mystuff\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\Run: [OKAYFREEDOM_Agent] => "C:\Windows.old\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
HKU\S-1-5-21-2897107241-917314487-1310154325-1000\...\MountPoints2: {1dcae78a-c26a-11e4-b854-08606eda161e} - E:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-02-13] ()
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-02-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-09] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1426522025&from=cor&uid=TOSHIBAXDT01ACA100_6357HJWNSXX6357HJWNSX&q={searchTerms}
SearchScopes: HKLM -> {59DDBC7A-A2A7-475F-94C1-53E3DEA19676} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2897107241-917314487-1310154325-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
SearchScopes: HKU\S-1-5-21-2897107241-917314487-1310154325-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll [2015-02-04] (Kaspersky Lab ZAO)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\MyStuff\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-03-22] (IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\MyStuff\Android\Appprogramierung\Java\bin\ssv.dll [2015-04-20] (Oracle Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll [2015-02-04] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\MyStuff\Android\Appprogramierung\Java\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll [2015-02-04] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll [2015-02-04] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll [2015-02-04] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll [2015-02-04] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\MyStuff\Android\Appprogramierung\Java\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\MyStuff\Android\Appprogramierung\Java\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com [2015-02-04] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\online_banking@kaspersky.com [2015-02-04] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-02-04] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2897107241-917314487-1310154325-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2897107241-917314487-1310154325-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com [2015-02-04]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-02-04]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\online_banking@kaspersky.com [2015-02-04]

Chrome: 
=======
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-03]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-03]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Bookmark Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-03]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\mystuff\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2015-03-08] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2015-03-08] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2015-03-08] (ASUSTeK Computer Inc.)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S4 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-02-26] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-19] (NVIDIA Corporation)
S3 GSService; C:\Windows\SysWOW64\GSService.exe [490208 2013-07-10] ()
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
S4 MBAMScheduler; C:\adwcleaner\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\adwcleaner\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-19] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833872 2015-01-19] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-10] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-03-10] ()
R2 RzKLService; C:\mystuff\Razer Cortex\RzKLService.exe [129168 2015-03-12] (Razer Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2015-03-22] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2015-01-31] (AVM Berlin)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 DIRECTIO; C:\mystuff\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-04-18] (Disc Soft Ltd)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-22] (REALiX(tm))
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-02-04] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-02-04] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527872 2007-11-08] (PixArt Imaging Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-03-10] (Razer, Inc.)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 14:02 - 2015-04-27 14:02 - 00026241 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-04-27 14:02 - 2015-04-27 14:02 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2015-04-26 20:27 - 2015-04-26 20:27 - 00000856 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2015-04-26 20:27 - 2015-04-26 20:27 - 00000000 ____D () C:\Users\Admin\AppData\Local\gtk-2.0
2015-04-26 20:24 - 2015-04-26 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GML
2015-04-26 20:24 - 2005-07-26 14:49 - 01040436 _____ (Intel Corporation.) C:\Windows\SysWOW64\cxcore097.dll
2015-04-26 20:24 - 2003-03-19 08:19 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2015-04-26 20:24 - 2003-03-19 07:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2015-04-26 20:24 - 2003-02-21 15:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-04-26 20:23 - 2015-04-26 20:23 - 02127062 _____ (GML Computer Vision Group ) C:\Users\Admin\Downloads\GMLMatting0.3_setup.exe
2015-04-26 20:16 - 2015-04-26 20:16 - 00000000 ____D () C:\Users\Admin\.thumbnails
2015-04-26 20:11 - 2015-04-26 20:28 - 00000000 ____D () C:\Users\Admin\.gimp-2.8
2015-04-26 20:11 - 2015-04-26 20:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\gegl-0.2
2015-04-26 20:09 - 2015-04-26 20:09 - 01697884 _____ () C:\Users\Admin\Downloads\gimp-plugins-13.zip
2015-04-26 20:07 - 2015-04-26 20:07 - 00000822 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-04-26 20:03 - 2015-04-26 20:05 - 91931728 _____ (The GIMP Team ) C:\Users\Admin\Downloads\gimp-2.8.14-setup-1.exe
2015-04-26 20:03 - 2015-04-26 20:03 - 01203488 _____ () C:\Users\Admin\Downloads\Top Collection GIMP Plug ins - CHIP-Installer.exe
2015-04-26 20:02 - 2015-04-26 20:02 - 00009127 _____ () C:\Users\Admin\Downloads\gimp-2.8.14-setup-1.exe.torrent
2015-04-26 16:57 - 2015-04-26 16:57 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe
2015-04-26 15:37 - 2015-04-26 15:37 - 00004801 _____ () C:\Users\Admin\Downloads\GMER.rar
2015-04-26 15:11 - 2015-04-26 15:11 - 00179910 _____ () C:\Users\Admin\Downloads\GMER.log
2015-04-26 14:49 - 2015-04-26 15:19 - 00052989 _____ () C:\Users\Admin\Downloads\Addition.txt
2015-04-26 14:48 - 2015-04-27 14:02 - 00000000 ____D () C:\FRST
2015-04-26 14:47 - 2015-04-26 14:47 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log
2015-04-26 14:47 - 2015-04-26 14:47 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-04-26 14:43 - 2015-04-27 14:02 - 02100736 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-04-26 14:43 - 2015-04-26 14:43 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe
2015-04-26 14:42 - 2015-04-26 14:43 - 00380416 _____ () C:\Users\Admin\Downloads\j3ygeo5i.exe
2015-04-26 14:32 - 2015-04-26 14:33 - 00004766 _____ () C:\Users\Admin\Documents\2.txt
2015-04-26 14:31 - 2015-04-26 14:31 - 00008329 _____ () C:\Users\Admin\Documents\1.txt
2015-04-26 13:23 - 2015-04-26 13:23 - 01604608 _____ () C:\Users\Admin\Downloads\WB_XII_1_BinaerdarstellungInformation.ppt
2015-04-25 21:28 - 2015-04-25 21:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Steganos VPN
2015-04-25 21:26 - 2015-04-25 21:26 - 00003222 _____ () C:\Windows\System32\Tasks\{857C73D2-1CA9-42B6-8B95-D80EF5F91DC1}
2015-04-25 21:25 - 2015-04-25 21:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Steganos
2015-04-25 20:19 - 2015-04-25 20:19 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Admin\Downloads\Babylon10_setup_ns.exe
2015-04-24 14:01 - 2015-04-24 14:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\SvchostViewer
2015-04-24 13:56 - 2015-04-24 13:56 - 00040538 _____ () C:\Users\Admin\Downloads\Svchost Viewer Ver 0.5.0.1.zip
2015-04-24 13:47 - 2015-04-26 14:30 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-24 13:46 - 2015-04-24 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-24 13:46 - 2015-04-24 13:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-24 13:46 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-24 13:46 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-24 13:46 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-24 13:45 - 2015-04-24 13:46 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-04-24 13:44 - 2015-04-24 13:44 - 00003981 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-04-24 13:39 - 2015-04-24 13:40 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-24 13:39 - 2015-04-24 13:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ADMIN-PC-Windows-7-Professional-(64-bit).dat
2015-04-24 13:39 - 2015-04-24 13:39 - 00000000 ____D () C:\RegBackup
2015-04-24 13:36 - 2015-04-24 13:38 - 00001764 _____ () C:\Users\Admin\Desktop\Rkill.txt
2015-04-24 13:27 - 2015-04-24 13:27 - 01190415 _____ () C:\Users\Admin\Downloads\ProcessExplorer.zip
2015-04-23 21:22 - 2015-04-23 21:22 - 04156986 _____ () C:\Users\Admin\Downloads\youtube-tubemate.2.95.apk
2015-04-20 15:59 - 2015-04-20 15:59 - 00000000 ____D () C:\Users\Admin\.eclipse
2015-04-20 13:38 - 2015-04-20 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-04-20 13:27 - 2015-04-20 13:37 - 215762517 _____ () C:\Users\Admin\Downloads\eclipse-standard-luna-R-win32.zip
2015-04-20 13:26 - 2015-04-20 13:37 - 189180832 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jdk-8u45-windows-x64.exe
2015-04-19 18:39 - 2015-04-19 18:40 - 41948672 _____ (The Chromium Authors) C:\Users\Admin\Downloads\mini_installer.exe
2015-04-19 18:32 - 2015-04-19 18:34 - 94109972 _____ () C:\Users\Admin\Downloads\chrome-win32.zip
2015-04-18 17:42 - 2015-04-18 17:42 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-04-18 17:39 - 2015-04-18 17:40 - 13223208 _____ (Disc Soft Ltd) C:\Users\Admin\Downloads\DTLite501-0406 (1).exe
2015-04-18 17:36 - 2015-04-18 17:55 - 00000000 ____D () C:\Users\Admin\VirtualBox VMs
2015-04-18 16:27 - 2015-04-18 17:55 - 00000000 ____D () C:\Users\Admin\.VirtualBox
2015-04-18 16:27 - 2015-04-18 16:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\Genymobile
2015-04-18 16:13 - 2015-04-18 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-04-18 16:13 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-04-18 16:12 - 2014-05-16 14:03 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-04-18 16:03 - 2015-04-18 16:04 - 09390250 _____ () C:\Users\Admin\Downloads\Genymotion Flash file.zip
2015-04-18 16:00 - 2015-04-18 16:07 - 133567504 _____ (Genymobile ) C:\Users\Admin\Downloads\genymotion-2.4.0-vbox.exe
2015-04-18 15:20 - 2015-04-18 15:20 - 20614780 _____ () C:\Users\Admin\Downloads\WhatsApp.apk
2015-04-18 14:59 - 2015-04-18 15:00 - 20624992 _____ () C:\Users\Admin\Downloads\WhatsApp42.apk
2015-04-17 17:22 - 2015-04-17 17:22 - 00258097 _____ () C:\Users\Admin\Downloads\nirsoft_package_german-17-06-14.zip
2015-04-17 17:15 - 2015-04-17 17:15 - 01203488 _____ () C:\Users\Admin\Downloads\NirLauncher deutsche Sprachdatei - CHIP-Installer.exe
2015-04-17 17:15 - 2015-04-17 17:15 - 00384068 _____ () C:\Users\Admin\Downloads\nirsoft_sprachpaket_deutsch.zip
2015-04-17 17:15 - 2015-04-17 17:15 - 00384068 _____ () C:\Users\Admin\Downloads\nirsoft_sprachpaket_deutsch (1).zip
2015-04-17 06:05 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-17 06:05 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-17 06:05 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-17 06:05 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-17 06:05 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-17 06:05 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-17 06:05 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-17 06:05 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-17 06:05 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-17 06:05 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-17 06:05 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-17 06:05 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-17 06:05 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-17 06:05 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-17 06:05 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-17 06:05 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-17 06:05 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-17 06:05 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-17 06:05 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-17 06:05 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-17 06:05 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-17 06:05 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-17 06:05 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-17 06:05 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-17 06:05 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-17 06:05 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-17 06:05 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-17 06:05 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-17 06:05 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-17 06:05 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-17 06:05 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-17 06:05 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-17 06:05 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-17 06:05 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-17 06:05 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-17 06:05 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-17 06:05 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-17 06:05 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-17 06:05 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-17 06:05 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-17 06:05 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-17 06:05 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-17 06:05 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-17 06:05 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-17 06:05 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-17 06:05 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-17 06:05 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-17 06:05 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-17 06:05 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-17 06:05 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-17 06:05 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-17 06:05 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-17 06:05 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-17 06:05 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-17 06:05 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-17 06:05 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-17 06:05 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-17 06:05 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-17 06:03 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-17 06:03 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-17 06:03 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-17 06:03 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-17 06:03 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-17 06:03 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-17 06:03 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-17 06:03 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-17 06:03 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-17 06:02 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-17 06:02 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-17 06:02 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-17 06:02 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-17 06:02 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-17 06:02 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-17 06:02 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-17 06:02 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-17 06:02 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-17 06:02 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-17 06:02 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-17 06:02 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-17 06:02 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-17 06:02 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-17 06:02 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-17 06:02 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-17 06:02 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-17 06:02 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-17 06:02 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-17 06:02 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-17 06:02 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-17 06:02 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-17 06:02 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-17 06:02 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-17 06:02 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-17 06:02 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-17 06:02 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-17 06:02 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-17 06:02 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-17 06:02 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-17 06:02 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-17 06:02 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-17 06:02 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-17 06:02 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-17 06:02 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-17 06:02 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-17 06:02 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-17 05:57 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-17 05:57 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-17 05:57 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 14:43 - 2015-04-16 14:43 - 00003842 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429188192
2015-04-16 14:43 - 2015-04-16 14:43 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-16 14:43 - 2015-04-16 14:43 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2015-04-16 14:43 - 2015-04-16 14:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2015-04-16 14:41 - 2015-04-22 14:04 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-16 14:39 - 2015-04-16 14:39 - 03015656 _____ (Crystal Dew World ) C:\Users\Admin\Downloads\CrystalDiskInfo6_3_2-en.exe
2015-04-14 12:16 - 2015-04-14 12:17 - 52380855 _____ () C:\Users\Admin\Downloads\Clash of Clans_7.1.1.apk
2015-04-14 12:04 - 2015-04-14 12:04 - 00002444 _____ () C:\Users\Admin\Desktop\Chrome App Launcher für Canary.lnk
2015-04-13 14:04 - 2015-04-25 21:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2015-04-12 13:50 - 2015-04-12 13:50 - 00000000 ____D () C:\ProgramData\HP
2015-04-12 08:57 - 2015-04-12 08:57 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2015-04-12 08:56 - 2015-04-12 08:56 - 00977624 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-04-12 08:56 - 2015-04-12 08:56 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-12 08:54 - 2015-04-12 08:54 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-12 08:54 - 2015-04-12 08:54 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-11 02:33 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-11 02:33 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-11 02:33 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-10 15:07 - 2015-04-10 15:07 - 00330518 _____ () C:\Users\Admin\Documents\Documents.rar
2015-04-08 18:23 - 2015-04-08 18:23 - 00000000 ____D () C:\Users\Admin\Documents\PassMark
2015-04-08 18:23 - 2015-04-08 18:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\PassMark
2015-04-08 18:23 - 2015-04-08 18:23 - 00000000 ____D () C:\ProgramData\Passmark
2015-04-08 18:23 - 2015-04-08 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
2015-04-08 16:21 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-04-08 16:21 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-04-08 16:21 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-04-08 16:21 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-04-08 16:21 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-04-08 16:21 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-04-08 16:21 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-04-08 16:21 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-04-08 16:21 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-04-08 16:21 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-04-08 16:21 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-04-08 16:21 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-04-08 16:21 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-08 16:21 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-04-08 16:21 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-08 16:19 - 2015-04-08 16:21 - 00000000 ____D () C:\c8ba8a38767b4e9aaa
2015-04-08 16:18 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-08 16:18 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-08 16:18 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-08 16:18 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-08 16:18 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-08 16:18 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-08 16:18 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-08 16:18 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-08 15:01 - 2015-04-08 15:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\1
2015-04-08 14:40 - 2015-04-08 14:40 - 00000000 ____D () C:\Users\Admin\Documents\Visual Studio 2012
2015-04-08 14:39 - 2015-04-08 14:39 - 00000000 ____D () C:\Program Files (x86)\NuGet
2015-04-08 14:26 - 2015-04-08 14:26 - 00000000 ____D () C:\Windows\symbols
2015-04-06 17:16 - 2015-04-06 19:23 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dvdcss
2015-04-05 21:18 - 2015-04-05 21:18 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 21:18 - 2015-04-05 21:18 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 14:03 - 2009-07-14 06:45 - 00025680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-27 14:03 - 2009-07-14 06:45 - 00025680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-27 13:57 - 2015-02-10 18:39 - 00000000 ___RD () C:\Users\Admin\Dropbox
2015-04-27 13:57 - 2015-02-10 18:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2015-04-27 13:56 - 2015-03-22 16:29 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-27 13:55 - 2015-03-03 15:49 - 00000000 ____D () C:\Users\Admin\AppData\Local\HTC MediaHub
2015-04-27 13:54 - 2015-02-04 14:05 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-27 13:54 - 2015-02-04 10:59 - 00038500 _____ () C:\Windows\setupact.log
2015-04-27 13:54 - 2015-02-04 10:58 - 00080290 _____ () C:\Windows\PFRO.log
2015-04-27 13:54 - 2015-02-03 13:23 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-27 13:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-27 07:20 - 2015-01-31 11:19 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-04-27 07:20 - 2015-01-25 12:10 - 01760595 _____ () C:\Windows\WindowsUpdate.log
2015-04-27 07:19 - 2015-03-22 16:29 - 00002880 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Admin
2015-04-27 07:18 - 2015-01-25 13:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-27 07:16 - 2015-01-25 13:05 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2897107241-917314487-1310154325-1000UA.job
2015-04-27 06:34 - 2015-02-03 13:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 20:16 - 2015-01-25 13:05 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2897107241-917314487-1310154325-1000Core.job
2015-04-26 20:16 - 2015-01-25 12:32 - 00000000 ____D () C:\Users\Admin
2015-04-26 20:06 - 2015-02-13 18:36 - 00000000 ____D () C:\MyStuff
2015-04-26 16:46 - 2015-01-25 15:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-04-26 16:42 - 2015-01-25 14:03 - 00000000 ___HD () C:\ProgramData\Origin
2015-04-26 13:29 - 2015-01-25 13:08 - 00002422 _____ () C:\Users\Admin\Desktop\Google Chrome Canary.lnk
2015-04-26 12:40 - 2015-02-10 18:39 - 00001017 _____ () C:\Users\Admin\Desktop\Dropbox.lnk
2015-04-26 12:40 - 2015-02-10 18:20 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-25 20:34 - 2015-01-31 10:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-24 17:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2015-04-24 13:47 - 2014-02-19 16:09 - 00000000 ____D () C:\adwareentferner
2015-04-24 13:46 - 2014-02-19 15:39 - 00000000 ____D () C:\AdwCleaner
2015-04-24 13:41 - 2015-03-16 18:07 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-04-22 23:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-22 16:28 - 2015-02-05 13:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-22 16:27 - 2015-02-05 13:09 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-22 16:27 - 2015-02-05 13:09 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-21 12:28 - 2015-01-25 21:04 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-04-21 12:28 - 2015-01-25 21:04 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-04-21 12:28 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-21 12:14 - 2015-01-28 15:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-21 12:10 - 2015-01-28 15:04 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-20 15:29 - 2015-03-03 15:38 - 00000000 ____D () C:\Users\Admin\.android
2015-04-20 13:40 - 2015-02-14 11:07 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-20 13:38 - 2015-02-14 11:07 - 00000000 ____D () C:\Program Files\Java
2015-04-20 13:26 - 2015-01-25 12:51 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-19 10:07 - 2015-03-22 16:31 - 00002144 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-04-17 01:36 - 2015-02-03 13:25 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 21:18 - 2015-01-25 13:59 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 21:18 - 2015-01-25 13:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 21:18 - 2015-01-25 13:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 12:04 - 2015-01-25 13:08 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary
2015-04-12 13:49 - 2015-01-25 13:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
2015-04-12 08:56 - 2015-01-25 12:59 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-04-12 08:56 - 2015-01-25 12:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-12 08:55 - 2015-01-25 12:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-12 08:54 - 2015-01-25 14:53 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-12 08:54 - 2015-01-25 14:53 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-12 08:54 - 2015-01-25 12:45 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-12 08:54 - 2015-01-25 12:45 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-12 08:54 - 2015-01-25 12:45 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-04-12 08:54 - 2015-01-25 12:44 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-10 19:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-10 15:25 - 2015-01-25 14:02 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-09 16:15 - 2015-01-31 13:16 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-04-09 08:37 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-08 22:18 - 2015-01-27 07:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-08 22:18 - 2015-01-27 07:16 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-08 16:24 - 2015-03-18 15:19 - 00000000 ____D () C:\ProgramData\IObit
2015-04-08 16:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-08 14:39 - 2015-01-25 15:27 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-08 14:38 - 2015-03-17 20:56 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-04-08 14:38 - 2015-03-17 20:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-04-08 14:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-08 14:30 - 2015-03-17 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2015-04-08 14:19 - 2015-03-17 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012 Express
2015-04-08 14:12 - 2015-03-17 21:02 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-04-08 14:12 - 2015-03-17 21:02 - 00000000 ____D () C:\Windows\SysWOW64\1031
2015-04-08 14:12 - 2015-03-17 21:02 - 00000000 ____D () C:\Windows\system32\1033
2015-04-08 14:12 - 2015-03-17 21:02 - 00000000 ____D () C:\Windows\system32\1031
2015-04-07 15:06 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-06 19:23 - 2015-01-25 14:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-04-06 08:55 - 2015-03-22 16:29 - 00001878 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-04-05 09:21 - 2015-01-25 13:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-04-05 09:20 - 2015-03-18 15:30 - 00001625 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk

==================== Files in the root of some directories =======

2015-04-26 20:27 - 2015-04-26 20:27 - 0000856 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2015-02-04 17:23 - 2015-03-17 14:00 - 0007587 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmgxzrk.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 21:23

==================== End Of Log ============================
--- --- ---


Ja der PC hat sich manchmal aufgehängt,kann das wegen dem Virus passiert sein? Sonst wäre das wohl eher etwas für den Windows hilfe bereich.
Eset hat ja einiges gefunden... was ist damit? sollte das nicht auch noch entfernt werden?

Alt 27.04.2015, 16:57   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Svchost Bitcoinminer - Standard

Svchost Bitcoinminer


Wenn Du den PC startest öffnet, sie doch ein Ordner?

Diesen bitte manuell löschen:

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

Du kommst leicht in das Verzeichnis wenn Du %Appdata% bei Dir im Suchfeld eingibst und den Rest durchklickst.

Die meisten ESET-Funde sind ja im Windows.old Ordner. Wie Du den löschen kannst habe ich im Posting vorher schon verlinkt.

Den Rest löschen wir so:

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
CloseProcesses:
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1426522025&from=cor&uid=TOSHIBAXDT01ACA100_6357HJWNSXX6357HJWNSX&q={searchTerms}
SearchScopes: HKLM -> {59DDBC7A-A2A7-475F-94C1-53E3DEA19676} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
2015-04-25 20:19 - 2015-04-25 20:19 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Admin\Downloads\Babylon10_setup_ns.exe
2015-04-17 17:15 - 2015-04-17 17:15 - 01203488 _____ () C:\Users\Admin\Downloads\NirLauncher deutsche Sprachdatei - CHIP-Installer.exe
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 28.04.2015, 11:07   #11
lolle1
 
Svchost Bitcoinminer - Standard

Svchost Bitcoinminer


Nein da öffnet sich kein Ordner...
Hab den Ordner trotzdem mal gelöscht.
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015
Ran by Admin at 2015-04-27 21:03:41 Run:2
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1426522025&from=cor&uid=TOSHIBAXDT01ACA100_6357HJWNSXX6357HJWNSX&q={searchTerms}
SearchScopes: HKLM -> {59DDBC7A-A2A7-475F-94C1-53E3DEA19676} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
2015-04-25 20:19 - 2015-04-25 20:19 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Admin\Downloads\Babylon10_setup_ns.exe
2015-04-17 17:15 - 2015-04-17 17:15 - 01203488 _____ () C:\Users\Admin\Downloads\NirLauncher deutsche Sprachdatei - CHIP-Installer.exe
         
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59DDBC7A-A2A7-475F-94C1-53E3DEA19676}" => Key deleted successfully.
HKCR\CLSID\{59DDBC7A-A2A7-475F-94C1-53E3DEA19676} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\Admin\Downloads\Babylon10_setup_ns.exe => Moved successfully.
C:\Users\Admin\Downloads\NirLauncher deutsche Sprachdatei - CHIP-Installer.exe => Moved successfully.


The system needed a reboot. 

==== End of Fixlog 21:03:41 ====
Mein Browser, Chrome Canary (Crome 64Bit) hat sich beim ''Fix'' geschlossen, nehmer mal an das war beabsichtigt.
Danke für die Hilfe!
Gruß lolle1

Alt 28.04.2015, 11:10   #12
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Svchost Bitcoinminer - Standard

Svchost Bitcoinminer


Zitat:
Zitat von lolle1 Beitrag anzeigen
Mein Browser, Chrome Canary (Crome 64Bit) hat sich beim ''Fix'' geschlossen, nehmer mal an das war beabsichtigt.
Ja, das wird durch FRST verursacht, welches vor nem Fix Prozesse beendet.

Code:
ATTFilter
Java 8 Update 31 (64-bit) 
Java 8 Update 31
Das bitte deinstallieren.



Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.




Alle Logs gepostet? Ja! Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.




>>clean<<
Wir haben es geschafft!
Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Wie kann ich mich in Zukunft besser schützen?

Tipps, Dos & Don'ts

Updates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.



Firewall, Antivirus & Co.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. (Updatefunktion aktivieren!)
    Meine Empfehlungen:
    Kaspersky Antivirus
    Emsisoft Anti-Malware
    avast Free Antivirus
  • Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

    Optional:
  • NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.


Cracks, Downloads & Co.


Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.
Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
  • Auch virustotal.com ist Dein Freund! Lade dubiose oder unbekannte Dateien hoch, bevor Du diese startest oder installierst.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe daher mit Vorsicht und klicke mit Verstand.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von Dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo Deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst Du von einem Deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und Du solltest nicht denselben Fehler machen.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
  • Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu Svchost Bitcoinminer
android/mobserv.a, bitcoinminer, coinminer, installmanager.exe, js/toolbar.crossrider.b, js/toolbar.crossrider.f, launch, pup.dialupass, pup.optional.qone8, pup.optional.somoto.sid.a, pup.optional.sweetpage.a, pup.optional.windowsmangerprotect.a, svchost.exe virus, sweetpage, trojan.agent.mnr, trojan.coinminer, vbs/kryptik.dc, virtualbox, win32/adware.linkular.ah, win32/adware.synatix.a, win32/downloadsponsor.c, win32/installcore.pc, win32/mobogenie.a, win32/mypcbackup.a, win32/toolbar.babylon.ad, win32/toolbar.babylon.p, win32/toolbar.widgi.b, win32/winloadsda.i, win64/systweak.a, windows.old


« Windows 8: "Ads by easy to Shop" entfernen | Agent5.WWL und Generic36.BJLS »


Ähnliche Themen: Svchost Bitcoinminer


  1. TR/BitCoinMiner.Gen und ander TR Viren in C:/User/Jannis/Appdata/Local/Temp/msupdate
    Log-Analyse und Auswertung - 08.10.2015 (13)
  2. TR/BitCoinMiner.Gen Virus will nicht weggehen
    Log-Analyse und Auswertung - 27.09.2015 (9)
  3. Schädlingsbefall mit TR/BitCoinMiner.Gen - permanente Meldungen in Avira Antivirus Pro
    Log-Analyse und Auswertung - 12.09.2015 (8)
  4. HEUR/Modified.SystemFile; 'TR/BitCoinMiner.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.09.2015 (16)
  5. Trojan.BitcoinMiner, Werbung trotz AdBlocker, neue Tabs mit Werbung werden automatisch geöffnet und vieles mehr.
    Log-Analyse und Auswertung - 02.03.2015 (23)
  6. TR/BitCoinMiner.fm
    Log-Analyse und Auswertung - 10.01.2015 (17)
  7. Habe ein TR/BitCoinMiner.Gen
    Plagegeister aller Art und deren Bekämpfung - 08.10.2014 (9)
  8. Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner
    Plagegeister aller Art und deren Bekämpfung - 29.09.2014 (35)
  9. Virus(bitcoinminer) durch svhost.exe
    Plagegeister aller Art und deren Bekämpfung - 10.09.2014 (15)
  10. Windows7: wincpu.exe laut AntiVir ein BitCoinMiner. Entfernte Datei ist nach Systemneustart wieder da.
    Log-Analyse und Auswertung - 03.07.2014 (25)
  11. Avirafund TR/BitCoinMiner.18717
    Plagegeister aller Art und deren Bekämpfung - 27.02.2014 (11)
  12. TR/BitCoinMiner.V
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (11)
  13. 98% Auslastung der GPU im Leerlauf, Malwarebytes erkennt svhost.exe BitCoinMiner
    Log-Analyse und Auswertung - 04.01.2014 (9)
  14. Trojan.BitcoinMiner befall u. a. von svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 21.11.2013 (29)
  15. BitCoinMiner Adware entfernen
    Anleitungen, FAQs & Links - 27.10.2013 (2)
  16. "Trojan.BitCoinMiner" Entfernung mir nicht möglich
    Log-Analyse und Auswertung - 17.08.2013 (15)
  17. svchost Virus ! C:\Benutzer\Windows\Install\svchost.exe - WORM/Rebhip.A.318
    Plagegeister aller Art und deren Bekämpfung - 20.01.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Svchost Bitcoinminer - Hallo, Beim Starten des PCs kommt von Kaspersky entweder die Meldung 'Die datei svchost.exe wurde gelöscht da sie irreparabel ist' oder das 'Trojan.Win64.BitMin.ft' gefunden wurde, und es wird gefragt wie - Svchost Bitcoinminer...
Archiv
Du betrachtest: Svchost Bitcoinminer auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131