Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


Plagegeister aller Art und deren Bekämpfung: Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 02.06.2015, 23:27   #1
Zweyssfelder
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


Guten Tag,

Kaspersky meldete mir heute, dass es eine infizierte Datei gefunden hat und zwar im Objektpfad: c:\programdata\qxqktazqdvw\dat\dnuzhldei.dll
Der Name dieses Objektes ist: not-a-virus_AdWare.Win64.Agent.y

Nachdem ich nun erstmal Kaspersky versuchen lassen wollte das Problem zu beheben. Sah es vorerst gut aus. Als ich aber den IE geöffnet hatte meckerte Kaspersky wieder eine Datei mit ähnlichem Dateipfad an.

Da ich nun nicht weiß, was dieser Trojaner anstellt. Habe ich mich entschlossen mir hier Hilfe zu suchen. Habe zwar bereits ein Thema mit dem ähnlichem Problem gefunden bin mir aber nicht sicher ob man die Lösungen so eins-zu-eins übernehmen kann.

Hier der heutige Log von Kaspersky:

Code:
ATTFilter
Gefundenes Objekt (Datei) wurde desinfiziert	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk	HEUR:Trojan.WinLNK.StartPage.gena	Trojanisches Programm	Gestern, 12:19
Gefundenes Objekt (Datei) wurde gelöscht	c:\programdata\qxqktazqdvw\dat\dnuzhldei.dll	c:\programdata\qxqktazqdvw\dat\dnuzhldei.dll	not-a-virus:AdWare.Win64.Agent.y	Adware	Heute, 00:02
Gefundenes Objekt (Datei) wurde desinfiziert	c:\documents and settings\müller\anwendungsdaten\microsoft\windows\start menu\programme\accessories\system tools\internet explorer (no add-ons).lnk	c:\documents and settings\müller\anwendungsdaten\microsoft\windows\start menu\programme\accessories\system tools\internet explorer (no add-ons).lnk	HEUR:Trojan.WinLNK.StartPage.gena	Trojanisches Programm	Gestern, 12:23
Gefundenes Objekt (Datei) wurde gelöscht	c:\programdata\qxqktazqdvw\dat\zttqajkh.dll	c:\programdata\qxqktazqdvw\dat\zttqajkh.dll	not-a-virus:AdWare.Win64.Agent.y	Adware	Gestern, 12:17
Gefundenes Objekt (Datei) wurde gelöscht	c:\programdata\qxqktazqdvw\dat\dfdncafppw.dll	c:\programdata\qxqktazqdvw\dat\dfdncafppw.dll	not-a-virus:AdWare.Win64.Agent.y	Adware	Gestern, 23:53
Gefundenes Objekt (Datei) wurde gelöscht	C:\ProgramData\qxqktaZqdvw\dat\bfsIruzaq.dll	C:\ProgramData\qxqktaZqdvw\dat\bfsIruzaq.dll	not-a-virus:AdWare.Win64.Agent.y	Adware	Gestern, 23:46
Gefundenes Objekt (Datei) wurde gelöscht	C:\ProgramData\qxqktaZqdvw\dat\oxljHgabNw.dll	C:\ProgramData\qxqktaZqdvw\dat\oxljHgabNw.dll	not-a-virus:AdWare.Win64.Agent.y	Adware	Gestern, 23:48
Gefundenes Objekt (Datei) ist nicht mehr verfügbar	C:\Users\Müller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk	C:\Users\Müller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk	HEUR:Trojan.WinLNK.StartPage.gena	Trojanisches Programm	Gestern, 12:17
Gefundenes Objekt (Datei) wurde desinfiziert	C:\Users\Müller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk	C:\Users\Müller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk	HEUR:Trojan.WinLNK.StartPage.gena	Trojanisches Programm	Gestern, 12:19

Vielen Dank im Vorraus
und mit freundlichen Grüßen
Christoph

Alt 03.06.2015, 00:01   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 03.06.2015, 07:53   #3
Zweyssfelder
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


Guten Morgen,

nein, andere Scanner habe ich nicht laufen lassen. Das war auch der aktuellste Log den ich habe.

Nun hier die Logs von FRST.

FRST.txt:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Müller (administrator) on MUELLER on 03-06-2015 08:40:48
Running from C:\Users\Müller\Desktop
Loaded Profiles: Müller (Available Profiles: Müller)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\WaInternetEnhancer\WaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe
(Rational Thought Solutions) C:\ProgramData\qxqktaZqdvw\NXBrRCfhk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Dropbox, Inc.) F:\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\ProgramData\Couleamaf\1.0.1.0\sohluvna.exe
() C:\ProgramData\Couleamaf\1.0.1.0\sohluvna.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [294896 2013-09-26] (Intel Corporation)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [183808 2013-07-12] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\...\Run: [DAEMON Tools Lite] => F:\Deamon Tools\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\...\MountPoints2: {f78d7de2-20a4-11e4-b856-806e6f6e6963} - E:\Run.exe
Startup: C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-10-24]
ShortcutTarget: Dropbox.lnk -> F:\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}
HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509
HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D060215-A166D148A50&form=CONBDF&conlogo=CT3334470&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D060215-A166D148A50&form=CONBDF&conlogo=CT3334470&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 192.168.123.254
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509

FireFox:
========
FF ProfilePath: C:\Users\Müller\AppData\Roaming\Mozilla\Firefox\Profiles\qvt7qv3f.default
FF NewTab: hxxp://www.istartsurf.com/newtab/?type=nt&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-30] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-09-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-09-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-4191990908-1262559360-2760880772-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: Adblock Plus - C:\Users\Müller\AppData\Roaming\Mozilla\Firefox\Profiles\qvt7qv3f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-11]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-08-10]
FF Extension: No Name - F:\Browser\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
StartMenuInternet: FIREFOX.EXE - F:\Browser\Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-11-25] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 NXBrRCfhk; C:\ProgramData\qxqktaZqdvw\NXBrRCfhk.exe [2731504 2015-06-02] (Rational Thought Solutions)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [837824 2015-05-15] (Valve Corporation) [File not signed]
R2 WaInternetEnhancer Service; C:\Program Files (x86)\WaInternetEnhancer\WaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe [1073152 2015-05-28] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-18] (Disc Soft Ltd)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77480 2013-07-03] (Fresco Logic)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27120 2013-09-26] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-02-18] (Duplex Secure Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
U3 a1ekrpi9; C:\Windows\System32\Drivers\a1ekrpi9.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 08:40 - 2015-06-03 08:41 - 00022344 _____ () C:\Users\Müller\Desktop\FRST.txt
2015-06-03 08:40 - 2015-06-03 08:40 - 00000000 ____D () C:\FRST
2015-06-03 08:40 - 2015-06-03 08:38 - 02108928 _____ (Farbar) C:\Users\Müller\Desktop\FRST64.exe
2015-06-02 23:59 - 2015-06-02 23:59 - 00003444 _____ () C:\Windows\System32\Tasks\Couleamaf
2015-06-02 23:59 - 2015-06-02 23:59 - 00000000 ____D () C:\ProgramData\Browser
2015-06-02 12:21 - 2015-06-02 12:21 - 00001284 _____ () C:\Windows\PFRO.log
2015-06-02 12:18 - 2015-06-02 12:18 - 00000000 ____D () C:\ProgramData\Couleamaf
2015-06-02 12:17 - 2015-06-02 12:17 - 00262144 _____ () C:\Windows\system32\config\elam
2015-06-02 12:17 - 2015-06-02 12:17 - 00000000 ____D () C:\Users\Müller\AppData\Roaming\istartsurf
2015-06-02 12:13 - 2015-06-02 12:13 - 00003300 _____ () C:\Windows\System32\Tasks\watchHealth
2015-06-02 12:13 - 2015-06-02 12:13 - 00000000 ____D () C:\Users\Müller\AppData\Local\CouponAlert
2015-06-02 12:13 - 2015-06-02 12:13 - 00000000 ____D () C:\ProgramData\qxqktaZqdvw
2015-06-02 12:13 - 2015-06-02 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInternetEnhancer
2015-06-02 12:13 - 2015-06-02 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-02 12:13 - 2015-06-02 12:13 - 00000000 ____D () C:\ProgramData\CouponAlert
2015-06-02 12:13 - 2015-06-02 12:13 - 00000000 ____D () C:\Program Files (x86)\Wajam
2015-06-02 12:13 - 2015-06-02 12:13 - 00000000 ____D () C:\Program Files (x86)\WaInternetEnhancer
2015-06-02 12:13 - 2015-06-02 12:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-06-02 02:03 - 2015-06-02 02:03 - 00002744 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-06-02 02:03 - 2015-06-02 02:03 - 00002744 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-06-02 02:03 - 2015-06-02 02:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-06-02 02:03 - 2015-05-25 10:24 - 00429392 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-06-02 02:03 - 2015-05-25 10:24 - 00347976 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-06-02 02:02 - 2015-06-02 02:02 - 00000000 ____D () C:\Users\Müller\AppData\Roaming\OpenCandy
2015-05-29 01:10 - 2015-05-29 01:10 - 00000385 _____ () C:\Windows\DirectX.log
2015-05-22 23:25 - 2015-06-03 00:03 - 00004892 _____ () C:\Windows\setupact.log
2015-05-22 23:25 - 2015-05-22 23:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-14 03:00 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:00 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 16:43 - 2015-05-13 16:43 - 00000000 ____D () C:\Users\Müller\Desktop\Volvo
2015-05-13 15:55 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 15:55 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 15:55 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 15:55 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 15:55 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 15:55 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 15:55 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 15:55 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 15:55 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 15:55 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 15:55 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 15:55 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 15:55 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 15:55 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 15:55 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 15:55 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 15:55 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 15:55 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 15:55 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 15:55 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 15:55 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 15:55 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 15:55 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 15:55 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 15:55 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 15:55 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 15:55 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 15:55 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 15:55 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 15:55 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 15:55 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 15:55 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 15:55 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 15:55 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 15:55 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 15:55 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 15:55 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 15:55 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 15:55 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 15:55 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 15:55 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 15:55 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 15:55 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 15:55 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 15:55 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 15:55 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 15:55 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 15:55 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 15:55 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 15:55 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 15:55 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 15:55 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 15:55 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 15:55 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 15:55 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 15:55 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 15:55 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 15:55 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 15:55 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 15:55 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 15:55 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 15:55 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 15:55 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 15:55 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 15:55 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:55 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 15:55 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:55 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 15:55 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 15:55 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 15:55 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 15:55 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 15:55 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 15:55 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 15:55 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 15:55 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 15:55 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 15:55 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 15:55 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 15:55 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 15:55 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 15:55 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 15:55 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 15:55 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 15:55 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 15:55 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 15:55 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 15:54 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 15:54 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 15:54 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 15:54 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 15:54 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 15:54 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-09 08:45 - 2015-05-09 08:45 - 00000341 _____ () C:\Users\Müller\Documents\yhd.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 08:39 - 2014-09-13 14:58 - 00000000 ____D () C:\Users\Müller\AppData\Roaming\vlc
2015-06-03 00:27 - 2014-08-11 03:41 - 00700454 _____ () C:\Windows\system32\perfh007.dat
2015-06-03 00:27 - 2014-08-11 03:41 - 00150092 _____ () C:\Windows\system32\perfc007.dat
2015-06-03 00:27 - 2009-07-14 07:13 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-03 00:11 - 2009-07-14 06:45 - 00028672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 00:11 - 2009-07-14 06:45 - 00028672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 00:06 - 2015-05-03 15:19 - 00876203 _____ () C:\Windows\WindowsUpdate.log
2015-06-03 00:03 - 2015-03-25 17:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-06-03 00:03 - 2014-08-10 18:47 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-06-03 00:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 23:53 - 2014-10-24 10:40 - 00000000 ___RD () C:\Users\Müller\Dropbox
2015-06-02 23:52 - 2014-10-24 10:39 - 00000000 ____D () C:\Users\Müller\AppData\Roaming\Dropbox
2015-06-02 12:21 - 2015-02-03 20:17 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-02 12:06 - 2015-04-09 00:38 - 00000000 ____D () C:\Users\Müller\AppData\Local\Warframe
2015-05-14 03:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 03:25 - 2009-07-14 06:45 - 00470856 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 03:08 - 2014-08-11 08:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 03:05 - 2014-08-11 08:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-08-11 10:40 - 2014-11-08 15:04 - 0007603 _____ () C:\Users\Müller\AppData\Local\resmon.resmoncfg
2014-08-10 17:57 - 2014-08-10 17:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Müller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpagrpjm.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 00:21

==================== End of log ============================
________________________________________________________________________

Additon.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Müller at 2015-06-03 08:41:11
Running from C:\Users\Müller\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4191990908-1262559360-2760880772-500 - Administrator - Disabled)
Gast (S-1-5-21-4191990908-1262559360-2760880772-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4191990908-1262559360-2760880772-1002 - Limited - Enabled)
Müller (S-1-5-21-4191990908-1262559360-2760880772-1000 - Administrator - Enabled) => C:\Users\Müller

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)
3DMark (Version: 1.4.828.0 - Futuremark) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CouponAlert (HKLM-x32\...\CouponAlert) (Version: 3.0.59 - Rational Thought Solutions) <==== ATTENTION
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
FINAL FANTASY XIII-2 (HKLM-x32\...\Steam App 292140) (Version:  - SQUARE ENIX)
Fresco Logic USB3.0 Host Controller (HKLM\...\{AEF0A2AC-A266-41A8-84EC-B0D7C2A0535B}) (Version: 3.5.100.0 - Fresco Logic Inc.)
Futuremark SystemInfo (HKLM-x32\...\{03856D3F-DDDC-4C9A-9202-36529D21D94C}) (Version: 4.32.483.0 - Futuremark)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.8.0.1108 - Intel Corporation)
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version:  - istartsurf) <==== ATTENTION
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
Naval Action Beta (HKLM-x32\...\Steam App 311310) (Version:  - )
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version:  - Cryptic Studios)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version:  - 11 bit studios)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wajam (HKLM-x32\...\WaInternetEnhancer) (Version: 2.32.2.15 (i2.6) - WaInternetEnhancer) <==== ATTENTION
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wolfenstein The New Order German Subbed Edition 1.0.0.1 (HKLM-x32\...\Wolfenstein The New Order German Subbed Edition 1.0.0.1) (Version:  - )
Wondershare Video Converter Ultimate(Build 6.0.3.2) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 6.0.3.2 - Wondershare Software)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
Xilisoft Video Converter Platinum (HKLM-x32\...\Xilisoft Video Converter Platinum) (Version: 5.1.26.0703 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Müller\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> F:\Open Office\program\shlxthdl\ooofilt_x64.d No File
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

12-05-2015 15:41:08 Windows Update
14-05-2015 03:00:27 Windows Update
15-05-2015 03:00:25 Windows Update
19-05-2015 13:38:38 Windows Update
27-05-2015 05:25:36 Geplanter Prüfpunkt
29-05-2015 01:10:32 DirectX wurde installiert
02-06-2015 02:02:55 LavasoftWeCompanion
02-06-2015 02:05:06 LavasoftWeCompanion

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {069072C5-166B-40BF-87E1-EB497468580D} - System32\Tasks\Opera scheduled Autoupdate 1422987441 => C:\Program Files (x86)\Opera\launcher.exe
Task: {137FC737-00A1-4A9D-BA0B-529A4093D725} - System32\Tasks\{F4B83278-CC58-4797-B169-8CCB9BA14997} => pcalua.exe -a C:\Users\Müller\Downloads\ProMod.exe -d C:\Users\Müller\Downloads
Task: {5E1BE5DD-33B0-404A-A881-CF42215BCC70} - System32\Tasks\Couleamaf => C:\ProgramData\Couleamaf\1.0.1.0\sohluvna.exe [2015-06-02] ()
Task: {6E518FC2-506C-4DBF-86E5-3B8C24CF3EBF} - System32\Tasks\watchHealth => C:\ProgramData\CouponAlert\watcher\watcher.exe [2015-06-02] (Microsoft)
Task: {B4636D02-5E21-4D55-89DB-A6C39F066CAA} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-09-09] (Microsoft Corporation)
Task: {B6E6AB30-1A36-4157-ACDC-95535B9F532D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-25 17:47 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-28 15:53 - 2015-05-28 15:53 - 01073152 _____ () C:\Program Files (x86)\WaInternetEnhancer\WaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe
2014-11-14 18:30 - 2012-11-20 12:05 - 00727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
2015-06-02 23:59 - 2015-06-02 23:59 - 00158208 _____ () C:\ProgramData\Couleamaf\1.0.1.0\sohluvna.exe
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2015-06-03 00:03 - 2015-06-03 00:03 - 00043008 _____ () c:\users\mller~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpagrpjm.dll
2014-10-24 10:47 - 2013-08-23 21:01 - 25100288 _____ () F:\Dropbox\bin\libcef.dll
2014-10-16 03:30 - 2014-10-16 03:30 - 00019968 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PSIClient\a57d459556acdccb9c7cd3e9787287fe\PSIClient.ni.dll
2014-08-10 17:53 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8E7ADBC3-D68B-4C5C-A2BE-7137E9C2EA1E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{187572A4-567A-48D1-AEB1-02A736348B68}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{24F620C6-E36B-4B17-B8F9-F1AA714EA74A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{CFE1B3B7-6CAD-46B7-9A17-931F5ECF0F07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A54C0B78-44E1-4419-9CF9-D8F844D6482E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FE6ABB65-CD8C-407F-ACE1-A69244C8E196}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{513F7AE0-12CA-49C1-AF99-45D5E5839EBB}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{87F93132-7C10-4E8E-B018-BDEC08137448}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{D600D416-6FF5-442C-B1D8-3985A8BE9783}] => (Allow) F:\Steam\SteamApps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{E9F9E534-CB31-4CE8-9B1B-6824371C5ED4}] => (Allow) F:\Steam\SteamApps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{B136662C-8BC8-4861-8C9A-3EEB5970CCDF}] => (Allow) F:\Player\Winamp\winamp.exe
FirewallRules: [{1C3C5BB8-961E-4F83-BD7C-C2C17FEFC839}] => (Allow) F:\Player\Winamp\winamp.exe
FirewallRules: [{F2E9885D-B9ED-47C2-881A-1B07DBC7FB63}] => (Allow) F:\Steam\bin\steamwebhelper.exe
FirewallRules: [{6F529700-0F7A-4894-A6C1-21198A9116AD}] => (Allow) F:\Steam\bin\steamwebhelper.exe
FirewallRules: [{BFAE3ABC-B68D-4B89-9C0B-A8EAFD52A9B0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5890421B-0877-4331-AB82-5CEFFD724C35}] => (Allow) F:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{966ED567-66B5-45E6-B2AB-1CD34441BD22}] => (Allow) F:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{F0DF3CD2-4614-4594-97EA-FEE45352FE4B}] => (Allow) F:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{1F6FA067-52AB-4DF0-9EC3-9994314B4E30}] => (Allow) F:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{C9DD84BF-0599-441C-8B50-2426EC53AA75}] => (Allow) F:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{8375F7E3-E8C9-44D3-8A22-3E9220F44101}] => (Allow) F:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{639A3E85-8883-44CD-AEC1-216437E1DFE5}] => (Allow) F:\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{CA4C3517-FD61-4C42-91C7-904F6858638B}] => (Allow) F:\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{AD2C1FDE-A8A0-48F0-96D3-2D9AF2E454F3}] => (Allow) C:\Users\Müller\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{52A7496C-0673-4F0A-B5B5-D402C83584CA}] => (Allow) C:\Users\Müller\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0F487279-C224-4CAC-A7E5-6FCEDF99CE19}] => (Block) F:\Xilisoft\Video Converter Platinum\vcloader.exe
FirewallRules: [{269713C5-56B6-47C6-8951-77FAAE24E9E1}] => (Allow) F:\Steam\SteamApps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{A1742CBE-D6DE-4F8F-908F-A9D7E643B768}] => (Allow) F:\Steam\SteamApps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{340775D7-E403-41E2-AA56-FC95A11EA176}] => (Allow) F:\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{3E9A206D-CA79-4F76-A5B3-9792511CE3F6}] => (Allow) F:\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{A8E65F93-57D8-4BA6-8706-171C740C4200}] => (Allow) F:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{E33C4A7D-30E0-4093-8207-A22AC37B287B}] => (Allow) F:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{ED05D227-BCF4-44AE-B086-42CD21AAB7D8}] => (Allow) F:\Steam\SteamApps\common\FINAL FANTASY XIII-2\FFXiii2Launcher.exe
FirewallRules: [{6B5F3442-D1AA-41F4-8402-B37349867589}] => (Allow) F:\Steam\SteamApps\common\FINAL FANTASY XIII-2\FFXiii2Launcher.exe
FirewallRules: [{BFECCC39-36FC-436A-A15A-B69FFE84E6C6}] => (Allow) F:\Steam\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{8634AB96-7C69-45B7-BD3A-36AFC3FAFCE1}] => (Allow) F:\Steam\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{EC7A998A-2887-4F7C-92F4-D4C5B6C6A03E}] => (Allow) F:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{928D85F6-9402-4C30-8666-C0B1351D532D}] => (Allow) F:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{73E8AF62-D6EE-40A6-84B5-DC396620778F}] => (Allow) F:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{7CF09D12-5C17-4587-AB5E-D2C84CEFB88B}] => (Allow) F:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{83600904-6E05-4FE0-900B-F59F4D5FA881}] => (Allow) F:\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{DEF16313-939D-4F72-A1B3-C68CA7856E5A}] => (Allow) F:\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{8ED0C61E-1A5A-4C19-9C27-933484181B84}] => (Allow) F:\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{EAF24577-8092-4D58-B767-335892D2E9C8}] => (Allow) F:\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{1231BD1B-DF0C-48F9-89E9-E67CA8F0E5AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{16D5F080-8754-4375-956B-668ADE0A2FD1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B22F8A57-F4CC-44F0-80CA-E537C7A57080}] => (Allow) F:\Steam\SteamApps\common\Naval Action\Client.exe
FirewallRules: [{A00738A8-FE1A-4501-9250-916A09F2ECC3}] => (Allow) F:\Steam\SteamApps\common\Naval Action\Client.exe
FirewallRules: [{29DB9AA1-A983-4DEC-9A5E-F82A691E1452}] => (Allow) F:\Steam\SteamApps\common\Naval Action\NavalActionCrashSender.exe
FirewallRules: [{002DA699-C69B-4E34-ABC8-F5B843080798}] => (Allow) F:\Steam\SteamApps\common\Naval Action\NavalActionCrashSender.exe
FirewallRules: [{84631648-6FAE-4942-9FE2-FC2CE6376C6B}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{C2A1A311-EBC7-45B1-A843-9650E40B323B}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{C0EB30EC-5904-4695-AABA-273CC423E9F1}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6DCB46BA-EB6F-48EA-8449-0FA69FE4E239}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{7D39D62A-6012-4562-B6D8-937E46475B79}] => (Allow) F:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{645664B7-E4E3-4955-8DFC-E89367DDEE90}] => (Allow) F:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{E8AC6240-35D3-4058-AF50-B3F4D73A7FDF}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{5C156734-C721-437F-8E0D-499E214FBEB2}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B014E01B-159F-44D1-9205-2F1B2A0EE557}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A8996E0D-2796-43B6-9AFE-C098B93A26B0}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{7E469075-6D93-42F1-88D3-0E71738CB0E6}] => (Allow) F:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{B787CD1D-9A10-4283-A181-26FCD13C5A88}] => (Allow) F:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{BF04A8E7-FD5B-4E58-BD13-99415F21A712}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.exe
FirewallRules: [{C411818C-8CD7-4791-A8D0-4E91B2D9097A}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{2CC485F8-3B4D-40C4-9E77-A2AEDFFD25EC}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.exe
FirewallRules: [{72FA0732-334D-4A06-94FA-6481E69BF087}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{3FB3BD6B-916C-42E5-B699-17A16B2F8D5B}] => (Allow) C:\Users\Müller\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{437D793F-3060-4843-A1F8-4EAC94E217FA}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{62D91598-77A1-41E0-AE03-EF252E132D42}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.exe
FirewallRules: [{67E0FBCE-7D05-42BC-B507-CCA2FE8217F5}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{9271A718-FEFB-49F2-BDE8-056AC1FB082A}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.exe
FirewallRules: [{E0E4FAD1-E5CF-4407-84C7-26F1EFD78C8E}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{3EDB0966-300E-481A-B9F1-CD61E6E78CC7}] => (Allow) C:\Users\Müller\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{A21DC0E8-F615-45B5-8CC3-F8DD58A65486}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Tools\RemoteCrashSender.exe

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Leistungsindikatoren
Description: Leistungsindikatoren
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Systeminterrupt-Controller
Description: Systeminterrupt-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Leistungsindikatoren
Description: Leistungsindikatoren
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Leistungsindikatoren
Description: Leistungsindikatoren
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2015 00:04:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:56:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:49:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:48:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17801, Zeitstempel: 0x5536642c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000cea0b
ID des fehlerhaften Prozesses: 0x1924
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (06/02/2015 00:45:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 00:26:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Uninstall_PCSpeedUp.tmp, Version 51.1052.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1290

Startzeit: 01d09d1e8d3f795f

Endzeit: 1

Anwendungspfad: C:\Users\MLLER~1\AppData\Local\Temp\is-L5IOU.tmp\Uninstall_PCSpeedUp.tmp

Berichts-ID:

Error: (06/02/2015 00:26:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Uninstall_PCSpeedUp.tmp, Version 51.1052.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 104c

Startzeit: 01d09d1e50c4d7ec

Endzeit: 1

Anwendungspfad: C:\Users\MLLER~1\AppData\Local\Temp\is-OE7VU.tmp\Uninstall_PCSpeedUp.tmp

Berichts-ID:

Error: (06/02/2015 00:25:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm _iu14D2N.tmp, Version 51.1052.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1548

Startzeit: 01d09d1e174562ca

Endzeit: 1

Anwendungspfad: C:\Users\MLLER~1\AppData\Local\Temp\_iu14D2N.tmp

Berichts-ID:

Error: (06/02/2015 00:23:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/03/2015 00:03:06 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (06/02/2015 11:54:27 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (06/02/2015 11:51:20 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (06/02/2015 11:48:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/02/2015 11:48:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/02/2015 11:48:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/02/2015 11:48:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/02/2015 11:48:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/02/2015 11:48:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (06/02/2015 11:47:19 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.


Microsoft Office:
=========================
Error: (06/03/2015 00:04:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:56:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:49:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:48:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cntdll.dll6.1.7601.187985507b3e0c0000374000cea0b192401d09d7de4cfb430C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll23dfb42e-0971-11e5-8371-74d435e13fbc

Error: (06/02/2015 00:45:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 00:26:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Uninstall_PCSpeedUp.tmp51.1052.0.0129001d09d1e8d3f795f1C:\Users\MLLER~1\AppData\Local\Temp\is-L5IOU.tmp\Uninstall_PCSpeedUp.tmp

Error: (06/02/2015 00:26:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Uninstall_PCSpeedUp.tmp51.1052.0.0104c01d09d1e50c4d7ec1C:\Users\MLLER~1\AppData\Local\Temp\is-OE7VU.tmp\Uninstall_PCSpeedUp.tmp

Error: (06/02/2015 00:25:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: _iu14D2N.tmp51.1052.0.0154801d09d1e174562ca1C:\Users\MLLER~1\AppData\Local\Temp\_iu14D2N.tmp

Error: (06/02/2015 00:23:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-10-16 00:30:12.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-16 00:30:12.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-16 00:30:12.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-16 00:30:12.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-16 00:30:12.410
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-16 00:30:12.410
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 00:30:14.202
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 00:30:14.201
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 00:30:14.200
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 00:30:14.197
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4930K CPU @ 3.40GHz
Percentage of memory in use: 7%
Total physical RAM: 65455.26 MB
Available physical RAM: 60327.54 MB
Total Pagefile: 65453.45 MB
Available Pagefile: 60025.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:123.59 GB) NTFS
Drive d: (Spiele) (Fixed) (Total:1009.57 GB) (Free:894.84 GB) NTFS
Drive e: (Media) (Fixed) (Total:4657.4 GB) (Free:3552.49 GB) NTFS
Drive f: (Programme) (Fixed) (Total:387.7 GB) (Free:242.85 GB) NTFS
Drive h: () (Removable) (Total:59.62 GB) (Free:41.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: CD260456)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 7BC8AB42)
Partition 1: (Not Active) - (Size=1009.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=387.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 4657.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================
__________________
Alt 03.06.2015, 09:31   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    CouponAlert

    istartsurf uninstall

    Wajam

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.06.2015, 10:32   #5
Zweyssfelder
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


Ok, das habe ich nun alles soweit erledigt. Die 3 Programme finde ich nun nicht mehr im Revo Uninstaller. Hat soweit alles gut geglappt. Wie geht es weiter?


Alt 03.06.2015, 10:45   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
--> Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung

Alt 03.06.2015, 11:39   #7
Zweyssfelder
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


Soooo.....

Gesagt - Getan.

Hier die Logs:

MBAM - Protection Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 03.06.2015 12:15:04, SYSTEM, MUELLER, Manual, Failed, Unable to access update server, 
Update, 03.06.2015 12:15:26, SYSTEM, MUELLER, Manual, Failed, Unable to access update server, 
Scan, 03.06.2015 12:22:30, SYSTEM, MUELLER, Manual, Start: 03.06.2015 12:15:26, Dauer: 4 Minuten 23 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "38" nicht-Malwareerkennung, 
Error, 03.06.2015 12:23:31, SYSTEM, MUELLER, Protection, IsLicensed, 13, 
Protection, 03.06.2015 12:23:31, SYSTEM, MUELLER, Protection, Malware Protection, Stopping, 
Protection, 03.06.2015 12:23:31, SYSTEM, MUELLER, Protection, Malware Protection, Stopped, 

(end)
________________________________________________________________________

MBAM - Scan Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 03.06.2015
Suchlauf-Zeit: 12:15:26
Logdatei: MBAM_Scan.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Müller

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 339247
Verstrichene Zeit: 4 Min, 23 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.CouponAlert.A, C:\ProgramData\qxqktaZqdvw\NXBrRCfhk.exe, 2172, Löschen bei Neustart, [1861aa99bad03303431062c35ca6dc24]

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 9
PUP.Optional.CouponAlert.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NXBrRCfhk, In Quarantäne, [1861aa99bad03303431062c35ca6dc24], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [621756ed830761d546eff52ce91abd43], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [621756ed830761d546eff52ce91abd43], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [621756ed830761d546eff52ce91abd43], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [a7d24af93b4f0333a2fdf026778e25db], 
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [fd7c8eb52d5dca6c7bd4b117b053bf41], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [0970e95af4967db9c9d6c05619ec817f], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\SOFTWARE\WajIEnhance, In Quarantäne, [84f5f152c1c9d16565458f23c0431de3], 
PUP.Optional.Qone8, HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [32477ec53753f73f2777c650e81d18e8], 

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 16
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "F:\Browser\Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509, Gut: (firefox.exe), Schlecht: ("F:\Browser\Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509),Ersetzt,[7bfe0b383753142205b67264a0652fd1]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509),Ersetzt,[d1a856ed810945f1685423b3c83dee12]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509),Ersetzt,[1a5f0b381a70b0862fe70bca2ed76d93]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}),Ersetzt,[e693fa49f2984cea26f0dff69b6a6c94]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509),Ersetzt,[db9e89baeaa00a2cbe5832a357ae2ad6]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}),Ersetzt,[2851c3800c7eb97d0e087c597d88c13f]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[f881b88b503ade58f6a430b1de273ac6]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "F:\Browser\Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509, Gut: (firefox.exe), Schlecht: ("F:\Browser\Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509),Ersetzt,[accd9aa9b8d27eb8d8e32ea8000549b7]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509),Ersetzt,[601949fac3c71a1c2c90e0f684819e62]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509),Ersetzt,[95e482c1f595c47232e45382ae572dd3]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}),Ersetzt,[3c3dec57d2b82b0ba76f6e67b0558b75]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509),Ersetzt,[cdac54ef9feb1b1b0e08ca0b23e27a86]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509&q={searchTerms}),Ersetzt,[86f397aca3e7b87ea96d597ce322926e]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[5e1b85be464477bf6d2d3aa730d5956b]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509),Ersetzt,[6217d96afb8f59dd1202429338cd6f91]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509),Ersetzt,[25544cf76f1bba7ca371b91cd530d32d]

Ordner: 3
PUP.Optional.OpenCandy, C:\Users\Müller\AppData\Roaming\OpenCandy, In Quarantäne, [15649ba887038ea86817fd6c71925ca4], 
PUP.Optional.OpenCandy, C:\Users\Müller\AppData\Roaming\OpenCandy\093904286EE64F7CB8DC5A4C9747EC77, In Quarantäne, [15649ba887038ea86817fd6c71925ca4], 
PUP.Optional.CouponAlert.A, C:\Users\Müller\AppData\Local\CouponAlert, In Quarantäne, [c2b7b58eef9bde589ef92c7547bca65a], 

Dateien: 9
PUP.Optional.CouponAlert.A, C:\ProgramData\qxqktaZqdvw\NXBrRCfhk.exe, Löschen bei Neustart, [1861aa99bad03303431062c35ca6dc24], 
PUP.Optional.CouponAlert.A, C:\ProgramData\qxqktaZqdvw\dat\eccXVf.exe, In Quarantäne, [67128fb4e6a4b28457fc6eb7d62ceb15], 
PUP.Optional.CouponAlert.A, C:\ProgramData\qxqktaZqdvw\dat\oXHvsyONfvF.exe, In Quarantäne, [84f580c32f5bc76fafa41510d42eb050], 
PUP.Optional.ZombieInvasion.A, C:\ProgramData\qxqktaZqdvw\dat\rDglmRAnAgs.dll, In Quarantäne, [8aef281b0e7c5bdb594ad7fa16ef956b], 
PUP.Optional.CouponAlert.A, C:\$Recycle.Bin\S-1-5-21-4191990908-1262559360-2760880772-1000\$ROMX3LC\uninstall.exe, In Quarantäne, [0d6c49fafa9061d59fb4e441e81af60a], 
PUP.Optional.OpenCandy, C:\Users\Müller\AppData\Roaming\OpenCandy\093904286EE64F7CB8DC5A4C9747EC77\WebCompanionInstallerOC141001-0506.exe, In Quarantäne, [15649ba887038ea86817fd6c71925ca4], 
PUP.Optional.IStartSurf.A, C:\Users\Müller\AppData\Roaming\Mozilla\Firefox\Profiles\qvt7qv3f.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.istartsurf.com/?type=hp&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509");), Ersetzt,[0b6e5be8e1a97abca246ab72a26437c9]
PUP.Optional.IStartSurf.A, C:\Users\Müller\AppData\Roaming\Mozilla\Firefox\Profiles\qvt7qv3f.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.istartsurf.com/newtab/?type=nt&ts=1433240234&z=e47b8b689e0afdec78b550eg1z2cac5o7zfedoaw4z&from=pcs&uid=SanDiskXSDSSDHP256G_142198403509");), Ersetzt,[2d4c340f7218ea4c3faaa578d13532ce]
PUP.Optional.IStartSurf.A, C:\Users\Müller\AppData\Roaming\Mozilla\Firefox\Profiles\qvt7qv3f.default\search.json, Gut: (), Schlecht: (istartsurf), Ersetzt,[1d5c9ea51f6b4cea137c1902689eaa56]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
________________________________________________________________________

AdWareCleaner Log:

Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 03/06/2015 um 12:27:19
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Müller - MUELLER
# Gestarted von : C:\Users\Müller\Desktop\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Browser
Ordner Gelöscht : C:\Program Files (x86)\JustCloud
Ordner Gelöscht : C:\Users\Müller\AppData\Roaming\pdfforge

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WebBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.istartsurf.com

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 de)

[qvt7qv3f.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "istartsurf");

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [1859 Bytes] - [03/06/2015 12:26:36]
AdwCleaner[S0].txt - [1734 Bytes] - [03/06/2015 12:27:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1793  Bytes] ##########
________________________________________________________________________

JRT Log:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.7 (06.01.2015:1)
OS: Windows 7 Ultimate x64
Ran by Mller on 03.06.2015 at 12:29:33,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Failed to delete: [File] C:\Windows\syswow64\wscm64.dll
Successfully deleted: [File] C:\Windows\syswow64\wscm32.dll



~~~ Folders

Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.06.2015 at 12:31:11,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
________________________________________________________________________

Und der neue FRST Log:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Müller (administrator) on MUELLER on 03-06-2015 12:31:51
Running from C:\Users\Müller\Desktop
Loaded Profiles: Müller (Available Profiles: Müller)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\WaInternetEnhancer\WaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe [294896 2013-09-26] (Intel Corporation)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [183808 2013-07-12] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\...\Run: [DAEMON Tools Lite] => F:\Deamon Tools\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\...\MountPoints2: {f78d7de2-20a4-11e4-b856-806e6f6e6963} - E:\Run.exe
Startup: C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-10-24]
ShortcutTarget: Dropbox.lnk -> F:\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 192.168.123.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Müller\AppData\Roaming\Mozilla\Firefox\Profiles\qvt7qv3f.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-30] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-09-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-09-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-4191990908-1262559360-2760880772-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: Adblock Plus - C:\Users\Müller\AppData\Roaming\Mozilla\Firefox\Profiles\qvt7qv3f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-11]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-08-10]
FF Extension: No Name - F:\Browser\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-11-25] (Futuremark)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [837824 2015-05-15] (Valve Corporation) [File not signed]
R2 WaInternetEnhancer Service; C:\Program Files (x86)\WaInternetEnhancer\WaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe [1073152 2015-05-28] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-18] (Disc Soft Ltd)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77480 2013-07-03] (Fresco Logic)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27120 2013-09-26] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-02-18] (Duplex Secure Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
U3 aahw3ds9; C:\Windows\System32\Drivers\aahw3ds9.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 12:31 - 2015-06-03 12:31 - 00000785 _____ () C:\Users\Müller\Desktop\JRT.txt
2015-06-03 12:29 - 2015-06-03 12:29 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MUELLER-Windows-7-Ultimate-(64-bit).dat
2015-06-03 12:29 - 2015-06-03 12:29 - 00000000 ____D () C:\RegBackup
2015-06-03 12:29 - 2015-06-03 12:13 - 02947766 _____ (Thisisu) C:\Users\Müller\Desktop\JRT.exe
2015-06-03 12:28 - 2015-06-03 12:28 - 00001881 _____ () C:\Users\Müller\Desktop\AdwCleaner[S0].txt
2015-06-03 12:26 - 2015-06-03 12:27 - 00000000 ____D () C:\AdwCleaner
2015-06-03 12:26 - 2015-06-03 12:12 - 02231296 _____ () C:\Users\Müller\Desktop\AdwCleaner_4.206.exe
2015-06-03 12:25 - 2015-06-03 12:25 - 00012315 _____ () C:\Users\Müller\Desktop\MBAM_Scan.txt
2015-06-03 12:25 - 2015-06-03 12:25 - 00000711 _____ () C:\Users\Müller\Desktop\MBAM_Protect.txt
2015-06-03 12:15 - 2015-06-03 12:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-03 12:14 - 2015-06-03 12:14 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-03 12:14 - 2015-06-03 12:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-03 12:14 - 2015-06-03 12:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-03 12:14 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-03 12:14 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-03 12:14 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-03 11:24 - 2015-06-03 11:24 - 00001268 _____ () C:\Users\Müller\Desktop\Revo Uninstaller.lnk
2015-06-03 11:24 - 2015-06-03 11:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-06-03 11:23 - 2015-06-03 11:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Müller\Desktop\revosetup95.exe
2015-06-03 08:41 - 2015-06-03 08:41 - 00050386 _____ () C:\Users\Müller\Desktop\Addition.txt
2015-06-03 08:40 - 2015-06-03 12:31 - 00017321 _____ () C:\Users\Müller\Desktop\FRST.txt
2015-06-03 08:40 - 2015-06-03 12:31 - 00000000 ____D () C:\FRST
2015-06-03 08:40 - 2015-06-03 08:38 - 02108928 _____ (Farbar) C:\Users\Müller\Desktop\FRST64.exe
2015-06-02 23:59 - 2015-06-02 23:59 - 00003444 _____ () C:\Windows\System32\Tasks\Couleamaf
2015-06-02 12:21 - 2015-06-03 12:28 - 00004320 _____ () C:\Windows\PFRO.log
2015-06-02 12:18 - 2015-06-02 12:18 - 00000000 ____D () C:\ProgramData\Couleamaf
2015-06-02 12:17 - 2015-06-02 12:17 - 00262144 _____ () C:\Windows\system32\config\elam
2015-06-02 12:13 - 2015-06-03 12:23 - 00000000 ____D () C:\ProgramData\qxqktaZqdvw
2015-06-02 12:13 - 2015-06-02 12:13 - 00003300 _____ () C:\Windows\System32\Tasks\watchHealth
2015-06-02 12:13 - 2015-06-02 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-02 12:13 - 2015-06-02 12:13 - 00000000 ____D () C:\Program Files (x86)\WaInternetEnhancer
2015-06-02 12:13 - 2015-06-02 12:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-06-02 02:03 - 2015-06-02 02:03 - 00002744 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-06-02 02:03 - 2015-06-02 02:03 - 00002744 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-06-02 02:03 - 2015-06-02 02:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-06-02 02:03 - 2015-05-25 10:24 - 00429392 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-06-02 02:03 - 2015-05-25 10:24 - 00347976 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-05-29 01:10 - 2015-05-29 01:10 - 00000385 _____ () C:\Windows\DirectX.log
2015-05-22 23:25 - 2015-06-03 12:28 - 00005228 _____ () C:\Windows\setupact.log
2015-05-22 23:25 - 2015-05-22 23:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-14 03:00 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:00 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 16:43 - 2015-05-13 16:43 - 00000000 ____D () C:\Users\Müller\Desktop\Volvo
2015-05-13 15:55 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 15:55 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 15:55 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 15:55 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 15:55 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 15:55 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 15:55 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 15:55 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 15:55 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 15:55 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 15:55 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 15:55 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 15:55 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 15:55 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 15:55 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 15:55 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 15:55 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 15:55 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 15:55 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 15:55 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 15:55 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 15:55 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 15:55 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 15:55 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 15:55 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 15:55 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 15:55 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 15:55 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 15:55 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 15:55 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 15:55 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 15:55 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 15:55 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 15:55 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 15:55 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 15:55 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 15:55 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 15:55 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 15:55 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 15:55 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 15:55 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 15:55 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 15:55 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 15:55 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 15:55 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 15:55 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 15:55 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 15:55 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 15:55 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 15:55 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 15:55 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 15:55 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 15:55 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 15:55 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 15:55 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 15:55 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 15:55 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 15:55 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 15:55 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 15:55 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 15:55 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 15:55 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 15:55 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 15:55 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 15:55 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:55 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 15:55 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:55 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 15:55 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 15:55 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 15:55 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 15:55 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 15:55 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 15:55 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 15:55 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 15:55 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 15:55 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 15:55 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 15:55 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 15:55 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 15:55 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 15:55 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 15:55 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 15:55 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 15:55 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 15:55 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 15:55 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 15:55 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 15:54 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 15:54 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 15:54 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 15:54 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 15:54 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 15:54 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-09 08:45 - 2015-05-09 08:45 - 00000341 _____ () C:\Users\Müller\Documents\yhd.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 12:28 - 2015-03-25 17:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-06-03 12:28 - 2014-08-10 18:47 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-06-03 12:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-03 12:27 - 2015-05-03 15:19 - 00912032 _____ () C:\Windows\WindowsUpdate.log
2015-06-03 12:27 - 2009-07-14 06:45 - 00028672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 12:27 - 2009-07-14 06:45 - 00028672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 11:27 - 2014-08-11 03:41 - 00700454 _____ () C:\Windows\system32\perfh007.dat
2015-06-03 11:27 - 2014-08-11 03:41 - 00150092 _____ () C:\Windows\system32\perfc007.dat
2015-06-03 11:27 - 2009-07-14 07:13 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-03 08:39 - 2014-09-13 14:58 - 00000000 ____D () C:\Users\Müller\AppData\Roaming\vlc
2015-06-02 23:53 - 2014-10-24 10:40 - 00000000 ___RD () C:\Users\Müller\Dropbox
2015-06-02 23:52 - 2014-10-24 10:39 - 00000000 ____D () C:\Users\Müller\AppData\Roaming\Dropbox
2015-06-02 12:21 - 2015-02-03 20:17 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-02 12:06 - 2015-04-09 00:38 - 00000000 ____D () C:\Users\Müller\AppData\Local\Warframe
2015-05-14 03:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 03:25 - 2009-07-14 06:45 - 00470856 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 03:08 - 2014-08-11 08:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 03:05 - 2014-08-11 08:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-08-11 10:40 - 2014-11-08 15:04 - 0007603 _____ () C:\Users\Müller\AppData\Local\resmon.resmoncfg
2014-08-10 17:57 - 2014-08-10 17:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Müller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpia8yup.dll
C:\Users\Müller\AppData\Local\Temp\Quarantine.exe
C:\Users\Müller\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 00:21

==================== End of log ============================

Alt 03.06.2015, 12:01   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.06.2015, 12:08   #9
Zweyssfelder
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


Hier der Addition Log:

[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Müller at 2015-06-03 13:05:14
Running from C:\Users\Müller\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4191990908-1262559360-2760880772-500 - Administrator - Disabled)
Gast (S-1-5-21-4191990908-1262559360-2760880772-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4191990908-1262559360-2760880772-1002 - Limited - Enabled)
Müller (S-1-5-21-4191990908-1262559360-2760880772-1000 - Administrator - Enabled) => C:\Users\Müller

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)
3DMark (Version: 1.4.828.0 - Futuremark) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
FINAL FANTASY XIII-2 (HKLM-x32\...\Steam App 292140) (Version:  - SQUARE ENIX)
Fresco Logic USB3.0 Host Controller (HKLM\...\{AEF0A2AC-A266-41A8-84EC-B0D7C2A0535B}) (Version: 3.5.100.0 - Fresco Logic Inc.)
Futuremark SystemInfo (HKLM-x32\...\{03856D3F-DDDC-4C9A-9202-36529D21D94C}) (Version: 4.32.483.0 - Futuremark)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.8.0.1108 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
Naval Action Beta (HKLM-x32\...\Steam App 311310) (Version:  - )
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version:  - Cryptic Studios)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version:  - 11 bit studios)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wolfenstein The New Order German Subbed Edition 1.0.0.1 (HKLM-x32\...\Wolfenstein The New Order German Subbed Edition 1.0.0.1) (Version:  - )
Wondershare Video Converter Ultimate(Build 6.0.3.2) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 6.0.3.2 - Wondershare Software)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
Xilisoft Video Converter Platinum (HKLM-x32\...\Xilisoft Video Converter Platinum) (Version: 5.1.26.0703 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Müller\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> F:\Open Office\program\shlxthdl\ooofilt_x64.d No File
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> F:\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

14-05-2015 03:00:27 Windows Update
15-05-2015 03:00:25 Windows Update
19-05-2015 13:38:38 Windows Update
27-05-2015 05:25:36 Geplanter Prüfpunkt
29-05-2015 01:10:32 DirectX wurde installiert
02-06-2015 02:02:55 LavasoftWeCompanion
02-06-2015 02:05:06 LavasoftWeCompanion
03-06-2015 11:25:19 Revo Uninstaller's restore point - CouponAlert
03-06-2015 11:26:48 Revo Uninstaller's restore point - istartsurf uninstall
03-06-2015 11:27:46 Revo Uninstaller's restore point - Wajam

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {069072C5-166B-40BF-87E1-EB497468580D} - System32\Tasks\Opera scheduled Autoupdate 1422987441 => C:\Program Files (x86)\Opera\launcher.exe
Task: {137FC737-00A1-4A9D-BA0B-529A4093D725} - System32\Tasks\{F4B83278-CC58-4797-B169-8CCB9BA14997} => pcalua.exe -a C:\Users\Müller\Downloads\ProMod.exe -d C:\Users\Müller\Downloads
Task: {5E1BE5DD-33B0-404A-A881-CF42215BCC70} - System32\Tasks\Couleamaf => C:\ProgramData\Couleamaf\1.0.1.0\sohluvna.exe [2015-06-02] ()
Task: {6E518FC2-506C-4DBF-86E5-3B8C24CF3EBF} - System32\Tasks\watchHealth => C:\ProgramData\CouponAlert\watcher\watcher.exe
Task: {B4636D02-5E21-4D55-89DB-A6C39F066CAA} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-09-09] (Microsoft Corporation)
Task: {B6E6AB30-1A36-4157-ACDC-95535B9F532D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-28 15:53 - 2015-05-28 15:53 - 01073152 _____ () C:\Program Files (x86)\WaInternetEnhancer\WaInternetEnhancer Internet Enhancer\InternetEnhancerService.exe
2014-11-14 18:30 - 2012-11-20 12:05 - 00727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-10-16 03:30 - 2014-10-16 03:30 - 00019968 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PSIClient\a57d459556acdccb9c7cd3e9787287fe\PSIClient.ni.dll
2014-08-10 17:53 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4191990908-1262559360-2760880772-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8E7ADBC3-D68B-4C5C-A2BE-7137E9C2EA1E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{187572A4-567A-48D1-AEB1-02A736348B68}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{24F620C6-E36B-4B17-B8F9-F1AA714EA74A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{CFE1B3B7-6CAD-46B7-9A17-931F5ECF0F07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A54C0B78-44E1-4419-9CF9-D8F844D6482E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FE6ABB65-CD8C-407F-ACE1-A69244C8E196}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{513F7AE0-12CA-49C1-AF99-45D5E5839EBB}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{87F93132-7C10-4E8E-B018-BDEC08137448}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{D600D416-6FF5-442C-B1D8-3985A8BE9783}] => (Allow) F:\Steam\SteamApps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{E9F9E534-CB31-4CE8-9B1B-6824371C5ED4}] => (Allow) F:\Steam\SteamApps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{B136662C-8BC8-4861-8C9A-3EEB5970CCDF}] => (Allow) F:\Player\Winamp\winamp.exe
FirewallRules: [{1C3C5BB8-961E-4F83-BD7C-C2C17FEFC839}] => (Allow) F:\Player\Winamp\winamp.exe
FirewallRules: [{F2E9885D-B9ED-47C2-881A-1B07DBC7FB63}] => (Allow) F:\Steam\bin\steamwebhelper.exe
FirewallRules: [{6F529700-0F7A-4894-A6C1-21198A9116AD}] => (Allow) F:\Steam\bin\steamwebhelper.exe
FirewallRules: [{BFAE3ABC-B68D-4B89-9C0B-A8EAFD52A9B0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5890421B-0877-4331-AB82-5CEFFD724C35}] => (Allow) F:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{966ED567-66B5-45E6-B2AB-1CD34441BD22}] => (Allow) F:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{F0DF3CD2-4614-4594-97EA-FEE45352FE4B}] => (Allow) F:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{1F6FA067-52AB-4DF0-9EC3-9994314B4E30}] => (Allow) F:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{C9DD84BF-0599-441C-8B50-2426EC53AA75}] => (Allow) F:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{8375F7E3-E8C9-44D3-8A22-3E9220F44101}] => (Allow) F:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{639A3E85-8883-44CD-AEC1-216437E1DFE5}] => (Allow) F:\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{CA4C3517-FD61-4C42-91C7-904F6858638B}] => (Allow) F:\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{AD2C1FDE-A8A0-48F0-96D3-2D9AF2E454F3}] => (Allow) C:\Users\Müller\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{52A7496C-0673-4F0A-B5B5-D402C83584CA}] => (Allow) C:\Users\Müller\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0F487279-C224-4CAC-A7E5-6FCEDF99CE19}] => (Block) F:\Xilisoft\Video Converter Platinum\vcloader.exe
FirewallRules: [{269713C5-56B6-47C6-8951-77FAAE24E9E1}] => (Allow) F:\Steam\SteamApps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{A1742CBE-D6DE-4F8F-908F-A9D7E643B768}] => (Allow) F:\Steam\SteamApps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{340775D7-E403-41E2-AA56-FC95A11EA176}] => (Allow) F:\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{3E9A206D-CA79-4F76-A5B3-9792511CE3F6}] => (Allow) F:\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{A8E65F93-57D8-4BA6-8706-171C740C4200}] => (Allow) F:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{E33C4A7D-30E0-4093-8207-A22AC37B287B}] => (Allow) F:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{ED05D227-BCF4-44AE-B086-42CD21AAB7D8}] => (Allow) F:\Steam\SteamApps\common\FINAL FANTASY XIII-2\FFXiii2Launcher.exe
FirewallRules: [{6B5F3442-D1AA-41F4-8402-B37349867589}] => (Allow) F:\Steam\SteamApps\common\FINAL FANTASY XIII-2\FFXiii2Launcher.exe
FirewallRules: [{BFECCC39-36FC-436A-A15A-B69FFE84E6C6}] => (Allow) F:\Steam\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{8634AB96-7C69-45B7-BD3A-36AFC3FAFCE1}] => (Allow) F:\Steam\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{EC7A998A-2887-4F7C-92F4-D4C5B6C6A03E}] => (Allow) F:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{928D85F6-9402-4C30-8666-C0B1351D532D}] => (Allow) F:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{73E8AF62-D6EE-40A6-84B5-DC396620778F}] => (Allow) F:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{7CF09D12-5C17-4587-AB5E-D2C84CEFB88B}] => (Allow) F:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{83600904-6E05-4FE0-900B-F59F4D5FA881}] => (Allow) F:\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{DEF16313-939D-4F72-A1B3-C68CA7856E5A}] => (Allow) F:\Steam\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{8ED0C61E-1A5A-4C19-9C27-933484181B84}] => (Allow) F:\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{EAF24577-8092-4D58-B767-335892D2E9C8}] => (Allow) F:\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{1231BD1B-DF0C-48F9-89E9-E67CA8F0E5AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{16D5F080-8754-4375-956B-668ADE0A2FD1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B22F8A57-F4CC-44F0-80CA-E537C7A57080}] => (Allow) F:\Steam\SteamApps\common\Naval Action\Client.exe
FirewallRules: [{A00738A8-FE1A-4501-9250-916A09F2ECC3}] => (Allow) F:\Steam\SteamApps\common\Naval Action\Client.exe
FirewallRules: [{29DB9AA1-A983-4DEC-9A5E-F82A691E1452}] => (Allow) F:\Steam\SteamApps\common\Naval Action\NavalActionCrashSender.exe
FirewallRules: [{002DA699-C69B-4E34-ABC8-F5B843080798}] => (Allow) F:\Steam\SteamApps\common\Naval Action\NavalActionCrashSender.exe
FirewallRules: [{84631648-6FAE-4942-9FE2-FC2CE6376C6B}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{C2A1A311-EBC7-45B1-A843-9650E40B323B}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{C0EB30EC-5904-4695-AABA-273CC423E9F1}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6DCB46BA-EB6F-48EA-8449-0FA69FE4E239}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{7D39D62A-6012-4562-B6D8-937E46475B79}] => (Allow) F:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{645664B7-E4E3-4955-8DFC-E89367DDEE90}] => (Allow) F:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{E8AC6240-35D3-4058-AF50-B3F4D73A7FDF}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{5C156734-C721-437F-8E0D-499E214FBEB2}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B014E01B-159F-44D1-9205-2F1B2A0EE557}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A8996E0D-2796-43B6-9AFE-C098B93A26B0}] => (Allow) F:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{7E469075-6D93-42F1-88D3-0E71738CB0E6}] => (Allow) F:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{B787CD1D-9A10-4283-A181-26FCD13C5A88}] => (Allow) F:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{BF04A8E7-FD5B-4E58-BD13-99415F21A712}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.exe
FirewallRules: [{C411818C-8CD7-4791-A8D0-4E91B2D9097A}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{2CC485F8-3B4D-40C4-9E77-A2AEDFFD25EC}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.exe
FirewallRules: [{72FA0732-334D-4A06-94FA-6481E69BF087}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{3FB3BD6B-916C-42E5-B699-17A16B2F8D5B}] => (Allow) C:\Users\Müller\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{437D793F-3060-4843-A1F8-4EAC94E217FA}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{62D91598-77A1-41E0-AE03-EF252E132D42}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.exe
FirewallRules: [{67E0FBCE-7D05-42BC-B507-CCA2FE8217F5}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{9271A718-FEFB-49F2-BDE8-056AC1FB082A}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.exe
FirewallRules: [{E0E4FAD1-E5CF-4407-84C7-26F1EFD78C8E}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{3EDB0966-300E-481A-B9F1-CD61E6E78CC7}] => (Allow) C:\Users\Müller\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{A21DC0E8-F615-45B5-8CC3-F8DD58A65486}] => (Allow) C:\Users\Müller\Desktop\Neuer Ordner\Downloaded\Public\Tools\RemoteCrashSender.exe

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Leistungsindikatoren
Description: Leistungsindikatoren
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Systeminterrupt-Controller
Description: Systeminterrupt-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Leistungsindikatoren
Description: Leistungsindikatoren
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Leistungsindikatoren
Description: Leistungsindikatoren
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2015 00:30:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 00:25:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 00:04:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:56:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:49:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:48:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17801, Zeitstempel: 0x5536642c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000cea0b
ID des fehlerhaften Prozesses: 0x1924
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (06/02/2015 00:45:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 00:26:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Uninstall_PCSpeedUp.tmp, Version 51.1052.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1290

Startzeit: 01d09d1e8d3f795f

Endzeit: 1

Anwendungspfad: C:\Users\MLLER~1\AppData\Local\Temp\is-L5IOU.tmp\Uninstall_PCSpeedUp.tmp

Berichts-ID:

Error: (06/02/2015 00:26:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Uninstall_PCSpeedUp.tmp, Version 51.1052.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 104c

Startzeit: 01d09d1e50c4d7ec

Endzeit: 1

Anwendungspfad: C:\Users\MLLER~1\AppData\Local\Temp\is-OE7VU.tmp\Uninstall_PCSpeedUp.tmp

Berichts-ID:


System errors:
=============
Error: (06/03/2015 00:29:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/03/2015 00:29:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/03/2015 00:29:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/03/2015 00:29:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet Monitoring Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/03/2015 00:29:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/03/2015 00:29:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA GeForce Experience Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/03/2015 00:29:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/03/2015 00:29:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/03/2015 00:29:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/03/2015 00:28:10 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.


Microsoft Office:
=========================
Error: (06/03/2015 00:30:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 00:25:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2015 00:04:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:56:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:49:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 11:48:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.178015536642cntdll.dll6.1.7601.187985507b3e0c0000374000cea0b192401d09d7de4cfb430C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll23dfb42e-0971-11e5-8371-74d435e13fbc

Error: (06/02/2015 00:45:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2015 00:26:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Uninstall_PCSpeedUp.tmp51.1052.0.0129001d09d1e8d3f795f1C:\Users\MLLER~1\AppData\Local\Temp\is-L5IOU.tmp\Uninstall_PCSpeedUp.tmp

Error: (06/02/2015 00:26:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Uninstall_PCSpeedUp.tmp51.1052.0.0104c01d09d1e50c4d7ec1C:\Users\MLLER~1\AppData\Local\Temp\is-OE7VU.tmp\Uninstall_PCSpeedUp.tmp


CodeIntegrity Errors:
===================================
  Date: 2014-10-16 00:30:12.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-16 00:30:12.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-16 00:30:12.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-16 00:30:12.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-16 00:30:12.410
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-16 00:30:12.410
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 00:30:14.202
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 00:30:14.201
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 00:30:14.200
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-15 00:30:14.197
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4930K CPU @ 3.40GHz
Percentage of memory in use: 5%
Total physical RAM: 65455.26 MB
Available physical RAM: 61660.24 MB
Total Pagefile: 65453.45 MB
Available Pagefile: 61579.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:123.81 GB) NTFS
Drive d: (Spiele) (Fixed) (Total:1009.57 GB) (Free:894.84 GB) NTFS
Drive e: (Media) (Fixed) (Total:4657.4 GB) (Free:3552.49 GB) NTFS
Drive f: (Programme) (Fixed) (Total:387.7 GB) (Free:242.85 GB) NTFS
Drive h: () (Removable) (Total:59.62 GB) (Free:41.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: CD260456)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 7BC8AB42)
Partition 1: (Not Active) - (Size=1009.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=387.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 4657.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================
--- --- ---
Alt 03.06.2015, 12:17   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {5E1BE5DD-33B0-404A-A881-CF42215BCC70} - System32\Tasks\Couleamaf => C:\ProgramData\Couleamaf\1.0.1.0\sohluvna.exe [2015-06-02] ()
FF Extension: No Name - F:\Browser\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
C:\Users\Müller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
C:\Users\Müller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
C:\Windows\System32\Tasks\Couleamaf
C:\ProgramData\qxqktaZqdvw
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.06.2015, 02:15   #11
Zweyssfelder
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


Hier der Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Müller at 2015-06-04 03:11:47 Run:1
Running from C:\Users\Müller\Desktop
Loaded Profiles: Müller (Available Profiles: Müller)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {5E1BE5DD-33B0-404A-A881-CF42215BCC70} - System32\Tasks\Couleamaf => C:\ProgramData\Couleamaf\1.0.1.0\sohluvna.exe [2015-06-02] ()
FF Extension: No Name - F:\Browser\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
C:\Users\Müller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
C:\Users\Müller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
C:\Windows\System32\Tasks\Couleamaf
C:\ProgramData\qxqktaZqdvw
EmptyTemp:
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5E1BE5DD-33B0-404A-A881-CF42215BCC70}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E1BE5DD-33B0-404A-A881-CF42215BCC70}" => key Removed successfully
C:\Windows\System32\Tasks\Couleamaf => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Couleamaf" => key Removed successfully
F:\Browser\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
"C:\Users\Müller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk" => File/Folder not found.
C:\Users\Müller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Moved successfully.
"C:\Windows\System32\Tasks\Couleamaf" => File/Folder not found.
C:\ProgramData\qxqktaZqdvw => Moved successfully.
EmptyTemp: => Removed 592.3 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 03:11:57 ====
War das korrekt, dass sich der Rechner nach dem Fix von selbst neustartet?

Alt 04.06.2015, 10:26   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


Okay, dann Kontrollscans mit ESET und SC bitte:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.06.2015, 23:12   #13
Zweyssfelder
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


So, nun hier die beiden Logs.

Eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f5396360ad83c3478e27e321a3683708
# end=init
# utc_time=2015-06-04 09:54:27
# local_time=2015-06-04 11:54:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24167
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f5396360ad83c3478e27e321a3683708
# end=updated
# utc_time=2015-06-04 09:56:04
# local_time=2015-06-04 11:56:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f5396360ad83c3478e27e321a3683708
# engine=24167
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-04 11:26:59
# local_time=2015-06-04 01:26:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777214 100 100 5677 64895241 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 101708 185047069 0 0
# scanned=377663
# found=18
# cleaned=0
# scan_time=5454
sh=D869B932C9E8790305D482CE7680C695A82AD233 ft=1 fh=546b68ed6f7587c2 vn="Variante von MSIL/Adware.PullUpdate.L.gen Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir"
sh=00ECF4F13B1CACB69154124BD02D2839926B396A ft=1 fh=b0ca94fa1963826b vn="Variante von MSIL/Adware.PullUpdate.P Anwendung" ac=I fn="C:\ProgramData\Couleamaf\1.0.1.0\sohluvna.exe"
sh=00ECF4F13B1CACB69154124BD02D2839926B396A ft=1 fh=b0ca94fa1963826b vn="Variante von MSIL/Adware.PullUpdate.P Anwendung" ac=I fn="C:\Users\All Users\Couleamaf\1.0.1.0\sohluvna.exe"
sh=74853742C134A396F5EC817ABD76C1A06CCCA3D9 ft=1 fh=580201d264a31fce vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Disk\Programme\FreeAudioConverter.exe"
sh=848BB4BF9A9A2743DC086BFB0CB9F0A11F0FDA06 ft=1 fh=8d13beaf1272030d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Disk\Programme\FreeYouTubeToMp3Converter(2).exe"
sh=ABA0F43F547A86487917BB706D83F7F32FEA479E ft=1 fh=64f4ef9d4dc3c582 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Disk\Programme\FreeYouTubeToMp3Converter.exe"
sh=E115AC80776D091765ED3EA022A001E0D8AA4DC9 ft=1 fh=85ce5afd4a88c17f vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Disk\Programme\unlocker1.9.0.exe"
sh=197508781FF855AF95458BC86BC195C57862560A ft=1 fh=208c1d4f049b3396 vn="Variante von Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Disk\Programme\vdownloader_setup.exe"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Disk\Programme\daemontools\DTLite4491-0356.exe"
sh=4331AF3AD6723A96DBBAB7A11938DE85B9BB4D2E ft=1 fh=6448e3c295c5f58e vn="MSIL/Solimba evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Lausi\Dateien von Andrea\Downloads\Adobe Reader.exe"
sh=FA0A35C7784B0CF6F64B6F364FDA90A66FD8D06B ft=1 fh=c02d1b503ec635db vn="Variante von Win32/FirseriaInstaller.C evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Lausi\Dateien von Andrea\Downloads\Google Chrome (1).exe"
sh=FA0A35C7784B0CF6F64B6F364FDA90A66FD8D06B ft=1 fh=c02d1b503ec635db vn="Variante von Win32/FirseriaInstaller.C evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Lausi\Dateien von Andrea\Downloads\Google Chrome (2).exe"
sh=16DF9036DCB563F3981EA56CB651655672AC6634 ft=1 fh=4ef84cfd7339cb61 vn="MSIL/Solimba evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Lausi\Dateien von Andrea\Downloads\Google Chrome.exe"
sh=B585ED6093F324B8D7F43CC7CC29F2867FB00D11 ft=1 fh=56c11121f4fd0ffa vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Lausi\Dateien von Andrea\Downloads\SoftonicDownloader_fuer_123-free-solitaire.exe"
sh=0389804668FD3A60D73DFFF31847726B019AC478 ft=1 fh=751143e93d939856 vn="Variante von Win32/SweetIM.N evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup (1).exe"
sh=0389804668FD3A60D73DFFF31847726B019AC478 ft=1 fh=751143e93d939856 vn="Variante von Win32/SweetIM.N evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup (2).exe"
sh=47D132037BB84E0E4B2A731029AD4D982FBC6BE2 ft=1 fh=a42ecc816cf3f79d vn="Variante von Win32/SweetIM.N evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup (3).exe"
sh=0389804668FD3A60D73DFFF31847726B019AC478 ft=1 fh=751143e93d939856 vn="Variante von Win32/SweetIM.N evtl. unerwünschte Anwendung" ac=I fn="E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup.exe"
_______________________________________________________________________

Und Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Mozilla Firefox (38.0.1) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Alt 05.06.2015, 12:07   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\Couleamaf
C:\Users\All Users\Couleamaf
E:\Bck\Disk\Programme\FreeAudioConverter.exe
E:\Bck\Disk\Programme\FreeYouTubeToMp3Converter(2).exe
E:\Bck\Disk\Programme\FreeYouTubeToMp3Converter.exe
E:\Bck\Disk\Programme\unlocker1.9.0.exe
E:\Bck\Disk\Programme\vdownloader_setup.exe
E:\Bck\Disk\Programme\daemontools\DTLite4491-0356.exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\Adobe Reader.exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\Google Chrome (1).exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\Google Chrome (2).exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\Google Chrome.exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\SoftonicDownloader_fuer_123-free-solitaire.exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup (1).exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup (2).exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup (3).exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup.exe
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.06.2015, 17:28   #15
Zweyssfelder
 
Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Standard

Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


So hier der FRST Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Müller at 2015-06-07 18:24:57 Run:2
Running from C:\Users\Müller\Desktop
Loaded Profiles: Müller (Available Profiles: Müller)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\ProgramData\Couleamaf
C:\Users\All Users\Couleamaf
E:\Bck\Disk\Programme\FreeAudioConverter.exe
E:\Bck\Disk\Programme\FreeYouTubeToMp3Converter(2).exe
E:\Bck\Disk\Programme\FreeYouTubeToMp3Converter.exe
E:\Bck\Disk\Programme\unlocker1.9.0.exe
E:\Bck\Disk\Programme\vdownloader_setup.exe
E:\Bck\Disk\Programme\daemontools\DTLite4491-0356.exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\Adobe Reader.exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\Google Chrome (1).exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\Google Chrome (2).exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\Google Chrome.exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\SoftonicDownloader_fuer_123-free-solitaire.exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup (1).exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup (2).exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup (3).exe
E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup.exe
EmptyTemp:
*****************

C:\ProgramData\Couleamaf => Moved successfully.
"C:\Users\All Users\Couleamaf" => File/Folder not found.
E:\Bck\Disk\Programme\FreeAudioConverter.exe => Moved successfully.
E:\Bck\Disk\Programme\FreeYouTubeToMp3Converter(2).exe => Moved successfully.
E:\Bck\Disk\Programme\FreeYouTubeToMp3Converter.exe => Moved successfully.
E:\Bck\Disk\Programme\unlocker1.9.0.exe => Moved successfully.
E:\Bck\Disk\Programme\vdownloader_setup.exe => Moved successfully.
E:\Bck\Disk\Programme\daemontools\DTLite4491-0356.exe => Moved successfully.
E:\Bck\Lausi\Dateien von Andrea\Downloads\Adobe Reader.exe => Moved successfully.
E:\Bck\Lausi\Dateien von Andrea\Downloads\Google Chrome (1).exe => Moved successfully.
E:\Bck\Lausi\Dateien von Andrea\Downloads\Google Chrome (2).exe => Moved successfully.
E:\Bck\Lausi\Dateien von Andrea\Downloads\Google Chrome.exe => Moved successfully.
E:\Bck\Lausi\Dateien von Andrea\Downloads\SoftonicDownloader_fuer_123-free-solitaire.exe => Moved successfully.
E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup (1).exe => Moved successfully.
E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup (2).exe => Moved successfully.
E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup (3).exe => Moved successfully.
E:\Bck\Lausi\Dateien von Andrea\Downloads\sweetimsetup.exe => Moved successfully.
EmptyTemp: => Removed 13 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 18:25:05 ====

Antwort
Seite 1 von 2 1 2

Themen zu Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung
appdata, askbar, code, datei, explorer, guten, heute, heutige, infizierte, internet, internet explorer, launch, log, meldet, microsoft, mozilla, nicht mehr, not-a-virus, problem, programme, roaming, start, system, thema, tools, trojaner, windows


« Internet langsam, Immer wieder öffnet sich http://offers.bycontext.com | Rechner fährt runter ohne Vorankündigung Virus oder nicht? »


Ähnliche Themen: Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung


  1. "not-a-virus:AdWare.Win64.Agent.y" - kann aber nicht entfernt werden
    Log-Analyse und Auswertung - 21.10.2015 (24)
  2. Avast meldet "Bedrohung blockiert"
    Plagegeister aller Art und deren Bekämpfung - 07.10.2015 (7)
  3. Ist ein Download von "http://au.v4.download.windowsupdate.com..." sicher? Avast meldet eine Bedrohung
    Plagegeister aller Art und deren Bekämpfung - 12.09.2015 (1)
  4. Avast meldet "Eine Bedrohung wurde gefunden" - svchost.exe beteiligt
    Plagegeister aller Art und deren Bekämpfung - 18.06.2015 (33)
  5. Von Avast erkannte Bedrohung (Win32:Adware-gen[Adw]), Postfach gehackt & "Hey friend"-Mailversand
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (9)
  6. "TR/Dldr.Agent.1169920.4 in c:\windows\temp\db22.exe" & "ADWARE\InstallCore.771128 in c:\Users\Julian\Downloads\openal-2.0.7.0.exe"
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (9)
  7. Avast meldet Bedrohung "NSIS:NextLive-A[Adw]"
    Log-Analyse und Auswertung - 01.08.2014 (23)
  8. Windows 8.1: Avira meldet Fund "TR/BProtector.Gen2" und Adware
    Log-Analyse und Auswertung - 23.06.2014 (15)
  9. Kaspersky zeigt mir ein bedrohung : not-a-virus:AdWare.Win32.Agent.ahbx
    Plagegeister aller Art und deren Bekämpfung - 28.03.2014 (10)
  10. Kaspersky zeigt mir ein bedrohung : not-a-virus:AdWare.Win32.Agent.ahbx
    Plagegeister aller Art und deren Bekämpfung - 27.12.2013 (3)
  11. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  12. Sicherheitscenter deaktiviert und Virus "ADWARE/InstallCo.HA" "ADWARE/bProtect.D" "TR/Mevade.A.95" gefunden
    Log-Analyse und Auswertung - 10.09.2013 (10)
  13. Avast meldet Bedrohung "JS:lframe-FG (Trj)" nach Start von Firefox
    Plagegeister aller Art und deren Bekämpfung - 01.07.2012 (3)
  14. ESET meldet "JS/TrojanClicker.Agent.NBN Trojaner" - PC (noch) infiziert?
    Log-Analyse und Auswertung - 09.04.2011 (1)
  15. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  16. Adaware Scan meldet "Adware.LinkOptimizer"
    Log-Analyse und Auswertung - 15.11.2006 (2)
  17. "index[2].htm" Adware-Bedrohung gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.03.2005 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung - Guten Tag, Kaspersky meldete mir heute, dass es eine infizierte Datei gefunden hat und zwar im Objektpfad: c:\programdata\qxqktazqdvw\dat\dnuzhldei.dll Der Name dieses Objektes ist: not-a-virus_AdWare.Win64.Agent.y Nachdem ich nun erstmal Kaspersky versuchen - Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung...
Archiv
Du betrachtest: Kaspery meldet mir "not-a-virus:AdWare.Win64.Agent.y" als Bedrohung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19