Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Fehlermeldung " ungültiges Bild" beim öffnen von jedem programm! (https://www.trojaner-board.de/163565-fehlermeldung-ungueltiges-bild-beim-oeffnen-programm.html)

Yannick123 04.02.2015 00:07
Fehlermeldung " ungültiges Bild" beim öffnen von jedem programm!
 
Liste der Anhänge anzeigen (Anzahl: 1)
Servus Leute,
zu meinem Problem, seit heute morgen den 3.2.15 bekomme ich sobald ich den Pc hochgefahren habe und mein Passwort eingegeben habe die Fehlermeldung über ein Ungültiges Bild.
hier die Fehlermeldung:
C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL ist entweder nicht für die Ausführung unter Windows vorgesehen oder enthält einen Fehler. Installieren Sie das Programm mit den Originalinstallationsmedium erneut, oder wenden Sie sich an den Systemadministrator oder Softwarelieferanten, um Unterstützung zu erhalten.

Ich hoffe ich hab nicht falsch geschrieben.
Ich hab mich bei Freunden umgehört und mir wurden diverse Programme wie freefixer zu Herzen gelegt ich auch benutzt habe. Nur habe ich nach dem Scann nicht den Schritt gewagt alle gefundenen Dinge zu reparieren bzw zu löschen da ich einfach zu große Angst davor hatte das ich mein komplettes System schrotte.

Wie schon gesagt die Fehlermeldung kommt bei allen Programmen die ich öffne. Ich habe wie von euch beschrieben die Schritte befolgt und Defogger FRST und Gmer geladen und benutzt.
Ich hab das mit den Anhängen so richtig gemacht.
Zu mir ist noch zu sagen das ich ein absoluter Bimbo bin was Fehlerbehebung angeht. Ich kenn mich minimal mit meinem Pc aus.( Vom Netz nehmen etc. Kleine dinge halt die jeder irgendwann mal gelernt hat)
LG

cosinus 04.02.2015 00:09
Hi und :hallo:

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Yannick123 04.02.2015 00:15
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:39 on 03/02/2015 (YannickReinhard)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
--------------------------------------

-------------------------------------



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by YannickReinhard (administrator) on YANNICKREINHARD on 03-02-2015 23:41:09
Running from C:\Users\YannickReinhard\Downloads
Loaded Profiles: YannickReinhard (Available profiles: YannickReinhard)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ClientConnect Ltd.) C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbrmon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Allin1Convert Home Page Guard 64 bit] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe [548936 2013-11-14] ()
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-23] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [Allin1Convert Search Scope Monitor] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe [44784 2013-11-14] (MindSpark)
HKLM-x32\...\Run: [Allin1Convert_8h Browser Plugin Loader] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbrmon.exe [30096 2013-11-14] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-325977285-756268544-3411964983-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-325977285-756268544-3411964983-1000\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\YannickReinhard\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [253200 2015-01-28] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219408 2015-01-28] ()
Startup: C:\Users\YannickReinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-325977285-756268544-3411964983-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-325977285-756268544-3411964983-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-325977285-756268544-3411964983-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Users\YannickReinhard\AppData\LocalLow\NCH_DE\prxtbNCH2.dll (ClientConnect Ltd.)
URLSearchHook: HKU\S-1-5-21-325977285-756268544-3411964983-1000 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Users\YannickReinhard\AppData\LocalLow\NCH_DE\prxtbNCH2.dll (ClientConnect Ltd.)
SearchScopes: HKLM -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL =
SearchScopes: HKLM-x32 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=AF7953BD-D92E-4D4D-9A3F-40971FF16898&ind=2013111311&n=77fda40f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-325977285-756268544-3411964983-1000 -> DefaultScope {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3317209&octid=EB_ORIGINAL_CTID&ISID=ME73D48B0-EF65-4E7D-98CF-43DBB00B02CF&SearchSource=58&CUI=&UM=2&UP=SP2EA375C4-4A2A-41C3-8522-0F347001456D&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-325977285-756268544-3411964983-1000 -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3317209&octid=EB_ORIGINAL_CTID&ISID=ME73D48B0-EF65-4E7D-98CF-43DBB00B02CF&SearchSource=58&CUI=&UM=2&UP=SP2EA375C4-4A2A-41C3-8522-0F347001456D&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-325977285-756268544-3411964983-1000 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=AF7953BD-D92E-4D4D-9A3F-40971FF16898&ind=2013111311&n=77fda40f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-325977285-756268544-3411964983-1000 -> {78562654-82B7-482A-85FB-2FFAAC49BF89} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282494&CUI=UN58544550624669758&UM=2
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} ->  No File
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Search Assistant BHO -> {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} -> C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll (MindSpark)
BHO-x32: NCH DE Toolbar -> {b106b661-3e1b-4015-af5c-195e909f35c6} -> C:\Users\YannickReinhard\AppData\LocalLow\NCH_DE\prxtbNCH2.dll (ClientConnect Ltd.)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: Toolbar BHO -> {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} -> C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll (MindSpark)
Toolbar: HKLM-x32 - Allin1Convert - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll (MindSpark)
Toolbar: HKLM-x32 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Users\YannickReinhard\AppData\LocalLow\NCH_DE\prxtbNCH2.dll (ClientConnect Ltd.)
Toolbar: HKU\S-1-5-21-325977285-756268544-3411964983-1000 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-325977285-756268544-3411964983-1000 -> No Name - {B106B661-3E1B-4015-AF5C-195E909F35C6} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\YannickReinhard\AppData\Roaming\Mozilla\Firefox\Profiles\ono270ir.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Allin1Convert_8h.com/Plugin -> C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\NP8hStub.dll (MindSpark)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-325977285-756268544-3411964983-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=ME73D48B0-EF65-4E7D-98CF-43DBB00B02CF&SearchSource=55&CUI=&UM=6&UP=SP2EA375C4-4A2A-41C3-8522-0F347001456D&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=ME73D48B0-EF65-4E7D-98CF-43DBB00B02CF&SearchSource=55&CUI=&UM=6&UP=SP2EA375C4-4A2A-41C3-8522-0F347001456D&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-06]
CHR Extension: (Google Drive) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-06]
CHR Extension: (Google-Suche) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-06]
CHR Extension: (Avira SafeSearch) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-16]
CHR Extension: (Google Wallet) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-06]
CHR Extension: (Google Mail) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Allin1Convert_8hService; C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe [44752 2013-11-14] (COMPANYVERS_NAME)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-01-22] (BitRaider, LLC)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 TBSrv; C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [350528 2014-09-23] (ClientConnect Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-11-20] ()
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-01-23] (BitRaider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-11-20] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation                          )
R3 SaiK1713; C:\Windows\System32\DRIVERS\SaiK1713.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1713; C:\Windows\System32\DRIVERS\SaiU1713.sys [47168 2012-09-20] (Saitek)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 23:41 - 2015-02-03 23:41 - 00017342 _____ () C:\Users\YannickReinhard\Downloads\FRST.txt
2015-02-03 23:40 - 2015-02-03 23:41 - 00000000 ____D () C:\FRST
2015-02-03 23:40 - 2015-02-03 23:40 - 02131456 _____ (Farbar) C:\Users\YannickReinhard\Downloads\FRST64.exe
2015-02-03 23:39 - 2015-02-03 23:39 - 00000492 _____ () C:\Users\YannickReinhard\Desktop\defogger_disable.log
2015-02-03 23:39 - 2015-02-03 23:39 - 00000000 _____ () C:\Users\YannickReinhard\defogger_reenable
2015-02-03 23:38 - 2015-02-03 23:38 - 00000264 _____ () C:\Users\YannickReinhard\Downloads\defogger_enable.log
2015-02-03 23:37 - 2015-02-03 23:37 - 00050477 _____ () C:\Users\YannickReinhard\Downloads\Defogger (1).exe
2015-02-03 23:37 - 2015-02-03 23:37 - 00000492 _____ () C:\Users\YannickReinhard\Downloads\defogger_disable.log
2015-02-03 23:36 - 2015-02-03 23:36 - 00050477 _____ () C:\Users\YannickReinhard\Desktop\Defogger.exe
2015-02-03 23:05 - 2015-02-03 23:22 - 00000000 ___SD () C:\ComboFix
2015-02-03 22:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-03 22:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-03 22:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-03 22:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-03 22:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-03 22:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-03 22:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-03 22:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-03 22:48 - 2015-02-03 23:18 - 00000000 ____D () C:\Windows\erdnt
2015-02-03 22:48 - 2015-02-03 22:56 - 00000000 ____D () C:\Qoobox
2015-02-03 22:46 - 2015-02-03 23:03 - 05611380 ____R (Swearware) C:\Users\YannickReinhard\Downloads\ComboFix.exe
2015-02-03 22:44 - 2015-02-03 22:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-03 22:43 - 2015-02-03 22:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\YannickReinhard\Downloads\revosetup95.exe
2015-02-03 22:38 - 2015-02-03 22:38 - 00028732 _____ () C:\Users\YannickReinhard\Downloads\Combo.txt
2015-02-03 16:07 - 2015-02-03 16:35 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Local\Conduit
2015-02-03 16:07 - 2015-02-03 16:07 - 00000000 ____D () C:\Program Files (x86)\Tbccint
2015-02-03 16:06 - 2015-02-03 16:06 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Local\IAC
2015-02-03 15:40 - 2015-02-03 22:58 - 00000328 _____ () C:\Windows\Tasks\FreeFixer background scan.job
2015-02-03 15:40 - 2015-02-03 22:25 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Roaming\FreeFixer
2015-02-03 15:40 - 2015-02-03 15:55 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Local\FreeFixer
2015-02-03 15:40 - 2015-02-03 15:40 - 00003012 _____ () C:\Windows\System32\Tasks\FreeFixer background scan
2015-02-03 15:40 - 2015-02-03 15:40 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2015-02-03 15:40 - 2015-02-03 15:40 - 00000000 ____D () C:\Program Files\FreeFixer
2015-02-03 15:39 - 2015-02-03 15:39 - 02666167 _____ (Kephyr) C:\Users\YannickReinhard\Downloads\freefixersetup1.12.exe
2015-02-03 11:52 - 2015-02-03 11:52 - 00001254 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2015-02-03 11:20 - 2015-02-03 11:20 - 00001118 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-02-03 11:20 - 2015-02-03 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-02-03 11:20 - 2015-02-03 11:20 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-03 11:18 - 2015-02-03 11:18 - 02942368 _____ (Blizzard Entertainment) C:\Users\YannickReinhard\Downloads\World-of-Warcraft-Setup-deDE (1).exe
2015-02-03 11:15 - 2015-02-03 11:15 - 00010409 _____ () C:\Users\YannickReinhard\Documents\Uninstall STAR WARS The Old Republic.log
2015-02-03 11:07 - 2015-02-03 11:11 - 00000000 ____D () C:\Users\YannickReinhard\Desktop\Addons
2015-02-03 10:49 - 2015-02-03 10:49 - 00003550 _____ () C:\Windows\System32\Tasks\avaxvavya
2015-02-03 10:49 - 2015-02-03 10:49 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Local\avaxvavya
2015-02-02 11:27 - 2015-02-02 11:27 - 00194217 _____ () C:\Users\YannickReinhard\Downloads\RCLootCouncil-1.7.0.zip
2015-01-22 23:22 - 2015-01-22 23:22 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Local\SWTORPerf
2015-01-22 23:22 - 2015-01-22 23:22 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2015-01-22 23:22 - 2015-01-22 23:22 - 00000000 ____D () C:\ProgramData\BitRaider
2015-01-22 23:21 - 2015-01-22 23:21 - 00017360 _____ () C:\Users\YannickReinhard\Documents\Install STAR WARS The Old Republic.log
2015-01-22 23:21 - 2015-01-22 23:21 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2015-01-22 23:20 - 2015-01-22 23:20 - 29720272 _____ () C:\Users\YannickReinhard\Downloads\SWTOR_setup.exe
2015-01-15 22:30 - 2015-01-15 22:30 - 00013946 _____ () C:\Users\YannickReinhard\Downloads\TargetCharms (2).zip
2015-01-15 22:29 - 2015-01-15 22:29 - 00390145 _____ () C:\Users\YannickReinhard\Downloads\Recount-v6.0.3h_release.zip
2015-01-15 21:58 - 2015-01-15 21:58 - 00689258 _____ () C:\Users\YannickReinhard\Downloads\TidyPlates_6_15_3.zip
2015-01-15 20:45 - 2015-01-15 20:45 - 00577251 _____ () C:\Users\YannickReinhard\Downloads\Skada-1.4-27.zip
2015-01-14 09:59 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:59 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:59 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:59 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:59 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:59 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:59 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:59 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:59 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 09:59 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:59 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:59 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:59 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 23:39 - 2013-11-13 23:33 - 00000000 ____D () C:\Users\YannickReinhard
2015-02-03 23:36 - 2009-07-14 05:45 - 00035136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 23:36 - 2009-07-14 05:45 - 00035136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 23:32 - 2013-11-13 23:27 - 01331501 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 23:29 - 2014-10-10 19:54 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Local\Deployment
2015-02-03 23:28 - 2014-06-06 00:16 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 23:28 - 2013-11-14 21:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-03 23:28 - 2013-11-13 23:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-03 23:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 23:28 - 2009-07-14 05:51 - 00229777 _____ () C:\Windows\setupact.log
2015-02-03 23:27 - 2014-10-10 19:54 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Local\Apps\2.0
2015-02-03 23:19 - 2010-11-21 04:47 - 00292490 _____ () C:\Windows\PFRO.log
2015-02-03 23:18 - 2009-07-14 03:34 - 71565312 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-03 23:18 - 2009-07-14 03:34 - 19922944 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-03 23:18 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-03 23:18 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-03 23:18 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-03 23:17 - 2013-11-14 21:40 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-02-03 22:58 - 2013-11-23 11:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-03 22:55 - 2013-11-23 11:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-03 22:53 - 2013-11-14 00:43 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-03 22:50 - 2014-06-06 00:16 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 22:50 - 2014-06-06 00:16 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 22:40 - 2014-08-25 21:55 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Local\Battle.net
2015-02-03 22:29 - 2013-11-14 21:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 15:52 - 2013-11-14 22:44 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-02-03 11:15 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-02 20:21 - 2013-11-15 14:37 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Roaming\TS3Client
2015-01-30 11:40 - 2014-12-29 22:11 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Roaming\SimulationCraft
2015-01-24 22:29 - 2013-11-14 21:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 22:29 - 2013-11-14 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 22:29 - 2013-11-14 21:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-19 18:27 - 2014-01-19 21:03 - 00000000 ____D () C:\Windows\Minidump
2015-01-19 18:26 - 2014-01-19 21:03 - 743294109 _____ () C:\Windows\MEMORY.DMP
2015-01-14 12:15 - 2013-11-24 10:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 12:09 - 2013-11-24 10:09 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 09:52 - 2014-11-26 17:09 - 00000000 ____D () C:\Users\YannickReinhard\Documents\Bewerbungen

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 11:10

==================== End Of Log ============================
--- --- ---




-------------------------------

-------------------------------

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by YannickReinhard at 2015-02-03 23:41:53
Running from C:\Users\YannickReinhard\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Allin1Convert Internet Explorer Toolbar (HKLM-x32\...\Allin1Convert_8hbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
AMD Catalyst Install Manager (HKLM\...\{A00CC809-7137-B31B-D13D-401DA7BD962F}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin Connect Wireless USB Adapter (HKLM-x32\...\InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}) (Version: 1.0.0.3 - Belkin)
Belkin Connect Wireless USB Adapter (x32 Version: 1.0.0.3 - Belkin) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Curse Client (HKU\S-1-5-21-325977285-756268544-3411964983-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Free YouTube to MP3 Converter version 3.12.50.1122 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1122 - DVDVideoSoft Ltd.)
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Logitech G11 Keyboard Software 1.03 (HKLM\...\{59427B1F-852F-4AF1-8215-E5B12F966D89}) (Version: 1.3.166.0 - Logitech)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NCH DE Toolbar for IE (HKLM-x32\...\IECT3282494) (Version: 6.16.2.2 - NCH DE)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.3523 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Risen 3 - Titan Lords (HKLM-x32\...\Steam App 249230) (Version:  - Piranha Bytes)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.20.2.12 - Client Connect LTD) <==== ATTENTION
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Simulationcraft(x64) version 6.0.3.20 (HKLM-x32\...\{AC025546-B7C5-45A7-B16A-80AE482CBB01}_is1) (Version: 6.0.3.20 - Simulationcraft)
SRWare Iron Version SRWare Iron 30.0.1650.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 30.0.1650.0 - SRWare)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - FireFly Studios)
Stronghold Crusader 2 (HKLM-x32\...\Steam App 232890) (Version:  - FireFly Studios)
Stronghold HD (HKLM-x32\...\Steam App 40950) (Version:  - FireFly Studios)
TeamSpeak 3 Client (HKU\S-1-5-21-325977285-756268544-3411964983-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Cursed Crusade (HKLM-x32\...\Steam App 106000) (Version:  - Kylotonn Entertainment)
TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VideoPad Videobearbeitungs-Software (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-325977285-756268544-3411964983-1000_Classes\CLSID\{ae793a71-8a15-49b2-a212-25c89feb72ba}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

26-01-2015 21:11:37 Geplanter Prüfpunkt
01-02-2015 19:00:06 Windows-Sicherung
03-02-2015 22:55:31 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-03 23:18 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {229D6F8B-1555-47B6-8C33-99A0D189DA5E} - System32\Tasks\FreeFixer background scan => C:\Program Files\FreeFixer\freefixer.exe [2014-09-16] (Kephyr)
Task: {2DE42C54-E20B-49F3-B5BE-D6FC2E6425BD} - System32\Tasks\{D3207EF2-90BB-4F02-8BA1-A7F5906CE20A} => C:\Users\YannickReinhard\Downloads\midway_riseandfall.exe [2014-02-08] ()
Task: {4FB6F067-431C-438C-BBF8-4D52B96F029D} - System32\Tasks\{36A5AE87-EA05-411E-8597-E95176331FD0} => pcalua.exe -a C:\Users\YannickReinhard\Downloads\Range_MMO7_SD7_0_20_0_64Bit_Drivers.exe -d C:\Users\YannickReinhard\Downloads
Task: {694C9013-CC35-4B6C-9214-DF1B9490909C} - System32\Tasks\{18F2FDEE-A72A-4FB8-A264-313DB8DEF5E1} => pcalua.exe -a C:\Users\YannickReinhard\Downloads\midway_riseandfall.exe -d C:\Users\YannickReinhard\Downloads
Task: {7CCC0E7D-044C-4833-8722-59A4951837E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {93729F85-7B01-425C-8C86-8563C12C6661} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {A86AE4CE-2D0F-4DDA-BBAD-35C58D557386} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-06] (Google Inc.)
Task: {AB4B4BAF-1C4C-43A2-9DDA-F567B6906139} - System32\Tasks\{96156D6C-36D9-413C-9D18-675E46A37772} => pcalua.exe -a C:\Users\YannickReinhard\Downloads\Range_MMO7_SD7_0_20_0_32Bit_Drivers.exe -d C:\Users\YannickReinhard\Downloads
Task: {C143452C-F82C-471A-BC66-E161407CD1C4} - System32\Tasks\{C5B1863E-54D5-473F-8A6D-1C74F9955A0D} => pcalua.exe -a "C:\Users\YannickReinhard\Downloads\midway_riseandfall (1).exe"
Task: {D1E52366-EF71-498B-B2C5-3D4F9B3B6F92} - System32\Tasks\avaxvavya => C:\Users\YannickReinhard\AppData\Local\avaxvavya\avaxvavya.exe [2015-01-28] ()
Task: {D610575F-53D6-4491-A38D-580EAD2E88F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9D70F11-4E91-4D75-AA4F-5CD52B5EFC4D} - System32\Tasks\{3FF9624A-8C76-41B2-93D6-98BFB9D4755D} => C:\Users\YannickReinhard\Downloads\midway_riseandfall.exe [2014-02-08] ()
Task: {EA040439-442B-40C8-81DD-A904131AF985} - System32\Tasks\{B345773F-69CD-4587-9776-499F9B8B01FF} => C:\Users\YannickReinhard\Downloads\midway_riseandfall.exe [2014-02-08] ()
Task: {EEF73241-27C6-40D1-B1B9-5B4B1692C074} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FreeFixer background scan.job => C:\Program Files\FreeFixer\freefixer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-13 23:49 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-14 00:34 - 2013-11-14 00:34 - 00292424 _____ () C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegratorStub64.dll
2013-11-14 00:34 - 2013-11-14 00:34 - 00548936 _____ () C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe
2013-11-14 00:34 - 2013-11-14 00:34 - 00442952 _____ () C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\HPG64.DLL
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-29 13:55 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 13:55 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 13:55 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 13:55 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-10-24 09:45 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 09:48 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 09:48 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 09:48 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-22 09:48 - 2015-01-23 23:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 13:55 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-10-30 11:25 - 2015-01-23 23:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-10-23 12:07 - 2015-01-16 00:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-11-14 00:36 - 2013-10-05 21:22 - 00875008 _____ () C:\Program Files (x86)\SRWare Iron\libglesv2.dll
2013-11-14 00:36 - 2013-10-05 21:25 - 00102912 _____ () C:\Program Files (x86)\SRWare Iron\libegl.dll
2013-11-14 00:36 - 2013-10-05 20:12 - 00861696 _____ () C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-325977285-756268544-3411964983-500 - Administrator - Disabled)
Gast (S-1-5-21-325977285-756268544-3411964983-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-325977285-756268544-3411964983-1003 - Limited - Enabled)
YannickReinhard (S-1-5-21-325977285-756268544-3411964983-1000 - Administrator - Enabled) => C:\Users\YannickReinhard

==================== Faulty Device Manager Devices =============

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 11:30:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 11:21:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 10:59:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2015 05:08:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16193

Error: (02/03/2015 05:08:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16193

Error: (02/03/2015 05:08:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 05:08:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15194

Error: (02/03/2015 05:08:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15194

Error: (02/03/2015 05:08:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/03/2015 05:08:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14196


System errors:
=============
Error: (02/03/2015 11:28:23 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.

Error: (02/03/2015 11:28:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (02/03/2015 11:19:22 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.

Error: (02/03/2015 11:19:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (02/03/2015 11:18:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/03/2015 11:18:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/03/2015 11:17:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/03/2015 11:15:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/03/2015 10:58:15 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183.

Error: (02/03/2015 10:58:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-03 23:17:39.016
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-03 23:17:38.990
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD FX(tm)-6350 Six-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 8148.74 MB
Available physical RAM: 6021.17 MB
Total Pagefile: 16295.66 MB
Available Pagefile: 13926.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:716.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 04E7F4E0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

-------------------------------

-------------------------------

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-03 23:52:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 ST1000LM rev.2AR1 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\YANNIC~1\AppData\Local\Temp\uxxdqpow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                          0000000075921401 2 bytes JMP 7767b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                            0000000075921419 2 bytes JMP 7767b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                          0000000075921431 2 bytes JMP 776f8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                          000000007592144a 2 bytes CALL 776548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                          * 9
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                            00000000759214dd 2 bytes JMP 776f87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                      00000000759214f5 2 bytes JMP 776f8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                            000000007592150d 2 bytes JMP 776f8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                      0000000075921525 2 bytes JMP 776f8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                            000000007592153d 2 bytes JMP 7766fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                0000000075921555 2 bytes JMP 776768ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                          000000007592156d 2 bytes JMP 776f8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                            0000000075921585 2 bytes JMP 776f8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                              000000007592159d 2 bytes JMP 776f865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                            00000000759215b5 2 bytes JMP 7766fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                          00000000759215cd 2 bytes JMP 7767b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                      00000000759216b2 2 bytes JMP 776f8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\Steam.exe[1652] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                      00000000759216bd 2 bytes JMP 776f85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17            0000000075921401 2 bytes JMP 7767b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17              0000000075921419 2 bytes JMP 7767b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17            0000000075921431 2 bytes JMP 776f8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42            000000007592144a 2 bytes CALL 776548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                          * 9
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                00000000759214dd 2 bytes JMP 776f87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17        00000000759214f5 2 bytes JMP 776f8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                000000007592150d 2 bytes JMP 776f8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17        0000000075921525 2 bytes JMP 776f8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17              000000007592153d 2 bytes JMP 7766fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                    0000000075921555 2 bytes JMP 776768ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17            000000007592156d 2 bytes JMP 776f8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17              0000000075921585 2 bytes JMP 776f8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                  000000007592159d 2 bytes JMP 776f865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17              00000000759215b5 2 bytes JMP 7766fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17            00000000759215cd 2 bytes JMP 7767b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20        00000000759216b2 2 bytes JMP 776f8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31        00000000759216bd 2 bytes JMP 776f85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17      0000000075921401 2 bytes JMP 7767b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17        0000000075921419 2 bytes JMP 7767b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17      0000000075921431 2 bytes JMP 776f8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42      000000007592144a 2 bytes CALL 776548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                          * 9
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17        00000000759214dd 2 bytes JMP 776f87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17  00000000759214f5 2 bytes JMP 776f8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17        000000007592150d 2 bytes JMP 776f8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17  0000000075921525 2 bytes JMP 776f8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17        000000007592153d 2 bytes JMP 7766fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17            0000000075921555 2 bytes JMP 776768ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17      000000007592156d 2 bytes JMP 776f8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17        0000000075921585 2 bytes JMP 776f8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17          000000007592159d 2 bytes JMP 776f865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17        00000000759215b5 2 bytes JMP 7766fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17      00000000759215cd 2 bytes JMP 7767b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20  00000000759216b2 2 bytes JMP 776f8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3992] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31  00000000759216bd 2 bytes JMP 776f85f1 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5104:4804]                                                                000007fefb752bf8

---- EOF - GMER 2.1 ----

cosinus 04.02.2015 09:40
Zukünftig bitte beachten:
Zitat:
Running from C:\Users\YannickReinhard\Downloads
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Yannick123 04.02.2015 09:56
Tut mir leid, wie gesagt ich bin absolut nicht fit was das angeht. Ich benutzte mein Pc lediglich dazu um bisschen zu zocken, auf Youtube Videos zu schauen und paar Dokumente zu speichern.
Habe auch keine anderen Logs, ich hoffe das geht trotzdem so wie es jetzt ist, wenn nicht dann geh ich nochmal die Anleitung durch.

cosinus 04.02.2015 10:11
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Yannick123 04.02.2015 10:54
Code:
ComboFix 15-02-02.01 - YannickReinhard 04.02.2015  10:34:53.2.6 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8149.6243 [GMT 1:00]
ausgeführt von:: c:\users\YannickReinhard\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\Main\bin\sptool.dll_1420821091767
c:\program files (x86)\SearchProtect\Main\bin\sptool.dll_1422956938712
c:\program files (x86)\SearchProtect\Main\bin\uninstall.exe
c:\program files (x86)\SearchProtect\Main\rep\cfi.bin
c:\program files (x86)\SearchProtect\Main\rep\edk.bin
c:\program files (x86)\SearchProtect\Main\rep\pni.bin
c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat
c:\program files (x86)\SearchProtect\Main\rep\trn.bin
c:\program files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\RN32.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\VC32.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\VC64.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll
c:\program files (x86)\SearchProtect\UI\bin\cltmngui.exe
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.css
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.html
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.js
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png
c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js
c:\program files (x86)\SearchProtect\UI\dialogs\style.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\windows\wininit.ini
.
---- Vorheriger Suchlauf -------
.
C:\END
C:\install.exe
c:\program files (x86)\SearchProtect\CRASH_REPORT_P4252_T3980_D2015_02_03_T22_57_15.txt
c:\program files (x86)\SearchProtect\CRASH_REPORT_P6872_T5228_D2015_02_03_T12_16_59.txt
c:\users\YannickReinhard\AppData\Local\._LiveCode_
c:\users\YannickReinhard\Documents\~WRL3242.tmp
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_CltMngSvc
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-01-04 bis 2015-02-04  ))))))))))))))))))))))))))))))
.
.
2015-02-04 09:46 . 2015-02-04 09:46        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-02-04 00:18 . 2015-02-04 08:20        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-04 00:17 . 2015-02-04 00:17        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-04 00:17 . 2015-02-04 00:17        --------        d-----w-        c:\programdata\Malwarebytes
2015-02-04 00:17 . 2014-11-21 05:14        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-02-04 00:17 . 2014-11-21 05:14        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-02-04 00:17 . 2014-11-21 05:14        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-02-03 22:40 . 2015-02-03 22:42        --------        d-----w-        C:\FRST
2015-02-03 22:12 . 2015-02-04 02:39        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DEF9AF4-CB59-4418-86A2-88E55BF0C8B3}\offreg.dll
2015-02-03 21:56 . 2014-12-15 03:13        11870360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DEF9AF4-CB59-4418-86A2-88E55BF0C8B3}\mpengine.dll
2015-02-03 21:44 . 2015-02-03 21:47        --------        d-----w-        c:\program files (x86)\VS Revo Group
2015-02-03 15:07 . 2015-02-03 15:07        --------        d-----w-        c:\program files (x86)\Tbccint
2015-02-03 15:07 . 2015-02-03 15:35        --------        d-----w-        c:\users\YannickReinhard\AppData\Local\Conduit
2015-02-03 15:06 . 2015-02-03 15:06        --------        d-----w-        c:\users\YannickReinhard\AppData\Local\IAC
2015-02-03 14:40 . 2015-02-03 21:25        --------        d-----w-        c:\users\YannickReinhard\AppData\Roaming\FreeFixer
2015-02-03 14:40 . 2015-02-03 14:55        --------        d-----w-        c:\users\YannickReinhard\AppData\Local\FreeFixer
2015-02-03 14:40 . 2015-02-03 14:40        --------        d-----w-        c:\program files\FreeFixer
2015-02-03 10:20 . 2015-02-03 10:20        --------        d-----w-        c:\program files (x86)\Battle.net
2015-02-03 09:49 . 2015-02-03 09:49        --------        d-----w-        c:\users\YannickReinhard\AppData\Local\avaxvavya
2015-01-22 22:22 . 2015-01-22 22:22        --------        d-----w-        c:\programdata\BitRaider
2015-01-22 22:22 . 2015-01-22 22:22        --------        d-----w-        c:\users\YannickReinhard\AppData\Local\SWTORPerf
2015-01-22 22:21 . 2015-02-03 10:15        --------        d-----w-        c:\program files (x86)\Common Files\BioWare
2015-01-22 22:21 . 2015-01-22 22:21        --------        d-----w-        c:\program files (x86)\Electronic Arts
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-28 12:20 . 2015-01-28 12:20        253200        ----a-w-        c:\windows\apppatch\AppPatch64\VCLdr64.dll
2015-01-28 12:20 . 2015-01-28 12:20        219408        ----a-w-        c:\windows\apppatch\nbin\VC32Loader.dll
2015-01-24 21:29 . 2013-11-14 20:35        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-24 21:29 . 2013-11-14 20:35        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 11:09 . 2013-11-24 09:09        113365784        ----a-w-        c:\windows\system32\MRT.exe
2014-12-22 23:41 . 2010-11-21 03:27        298120        ------w-        c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-18 08:35        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 08:35        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-10 22:34        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 22:34        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 22:34        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 22:34        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 22:34        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:50 . 2014-12-10 22:34        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:44 . 2014-12-10 22:34        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 22:34        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 22:34        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 22:33        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 22:34        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 22:34        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 22:33        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 22:33        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 22:34        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 22:33        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 22:33        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 22:33        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 22:34        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 22:33        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 22:34        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 22:33        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 22:33        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 22:33        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 22:33        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 22:34        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 22:34        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 22:33        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 22:33        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 22:33        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 22:34        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 22:34        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 22:33        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 22:33        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 22:34        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 22:34        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 22:33        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 22:33        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 22:33        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 22:33        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 22:34        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 22:33        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 22:33        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 22:34        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 22:33        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 22:34        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 22:33        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 22:33        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-18 13:56 . 2014-11-18 13:56        1202848        ----a-w-        c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-10 22:34        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 08:44        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 08:44        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 22:34        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 08:44        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 08:44        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 22:34        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 22:21        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 22:21        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\users\YannickReinhard\AppData\LocalLow\NCH_DE\prxtbNCH2.dll" [2014-09-23 423744]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797}]
2013-11-13 23:34        62864        ----a-w-        c:\program files (x86)\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{b106b661-3e1b-4015-af5c-195e909f35c6}]
2014-09-23 10:37        423744        ----a-w-        c:\users\YannickReinhard\AppData\LocalLow\NCH_DE\prxtbNCH2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-22 14:42        323752        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}]
2013-11-13 23:34        716360        ----a-w-        c:\progra~2\ALLIN1~2\bar\1.bin\8hbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{cd1a63ba-a08c-431b-9a34-f240aadc728d}"= "c:\program files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll" [2013-11-13 716360]
"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\users\YannickReinhard\AppData\LocalLow\NCH_DE\prxtbNCH2.dll" [2014-09-23 423744]
.
[HKEY_CLASSES_ROOT\clsid\{cd1a63ba-a08c-431b-9a34-f240aadc728d}]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-01-23 1942720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Allin1Convert Search Scope Monitor"="c:\progra~2\ALLIN1~2\bar\1.bin\8hsrchmn.exe" [2013-11-13 44784]
"Allin1Convert_8h Browser Plugin Loader"="c:\progra~2\ALLIN1~2\bar\1.bin\8hbrmon.exe" [2013-11-13 30096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
c:\users\YannickReinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2014-10-16 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 SPPD;SPPD;c:\windows\system32\drivers\SPPD.sys;c:\windows\SYSNATIVE\drivers\SPPD.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S2 Allin1Convert_8hService;Allin1ConvertService;c:\progra~2\ALLIN1~2\bar\1.bin\8hbarsvc.exe;c:\progra~2\ALLIN1~2\bar\1.bin\8hbarsvc.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TBSrv;Toolbar Service;c:\program files (x86)\Tbccint\ToolbarService\ToolbarService.exe;c:\program files (x86)\Tbccint\ToolbarService\ToolbarService.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
S3 SaiK1713;SaiK1713;c:\windows\system32\DRIVERS\SaiK1713.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1713.sys [x]
S3 SaiU1713;SaiU1713;c:\windows\system32\DRIVERS\SaiU1713.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1713.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-03 21:27        1086280        ----a-w-        c:\program files (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-14 21:29]
.
2015-02-03 c:\windows\Tasks\FreeFixer background scan.job
- c:\program files\FreeFixer\freefixer.exe [2014-09-16 08:44]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05 23:16]
.
2015-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05 23:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-20 13:53        357376        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"Allin1Convert Home Page Guard 64 bit"="c:\progra~2\ALLIN1~2\bar\1.bin\AppIntegrator64.exe" [2013-11-13 548936]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1783296]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-BackgroundContainerV2 - c:\users\YannickReinhard\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
WebBrowser-{B106B661-3E1B-4015-AF5C-195E909F35C6} - (no file)
HKLM-Run-Launch LCDMon - c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-04  10:48:38
ComboFix-quarantined-files.txt  2015-02-04 09:48
.
Vor Suchlauf: 14 Verzeichnis(se), 751.557.431.296 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 751.174.717.440 Bytes frei
.
- - End Of File - - A1B921B926B042BDF099B940C955FA46
A36C5E4F47E84449FF07ED3517B43A31
so hier die logfiles von Combofix
Nachdem ich mein Pc neugestartet habe kam keine Fehlermeldung bezüglich eines "ungültigem Bildes", weder durch im Hintergrund ablaufende Programme oder durch Programme wie mein Browser den ich manuell geöffnet habe.
wie geht es weiter? Problem behoben ?

cosinus 04.02.2015 12:21
Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Yannick123 04.02.2015 15:57
Code:
# AdwCleaner v4.109 - Bericht erstellt am 04/02/2015 um 15:43:36
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : YannickReinhard - YANNICKREINHARD
# Gestartet von : C:\Users\YannickReinhard\Downloads\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : Allin1Convert_8hService
[#] Dienst Gelöscht : SPPD
Dienst Gelöscht : TBSrv

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Allin1Convert_8h
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Tbccint
Ordner Gelöscht : C:\Program Files (x86)\NCH_DE
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Program Files\FreeFixer
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\Local\Allin1Convert_8h
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\Local\FreeFixer
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\Local\iac
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\LocalLow\Allin1Convert_8h
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\LocalLow\NCH_DE
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\Roaming\FreeFixer
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\YannickReinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
Ordner Gelöscht : C:\Users\YannickReinhard\Documents\Mobogenie
Datei Gelöscht : C:\Users\YannickReinhard\daemonprocess.txt
Datei Gelöscht : C:\Users\YannickReinhard\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : FreeFixer background scan

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.dynamicbarbutton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.dynamicbarbutton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.feedmanager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.feedmanager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.htmlmenu
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.htmlmenu.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.htmlpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.htmlpanel.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.multiplebutton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.multiplebutton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.pseudotransparentplugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.pseudotransparentplugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.radio
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.radio.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.radiosettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.radiosettings.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.scriptbutton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.scriptbutton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.settingsplugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.settingsplugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.skinlauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.skinlauncher.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.SkinLauncherSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.SkinLauncherSettings.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.thirdpartyinstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.thirdpartyinstaller.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ToolbarProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ToolbarProtector.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.urlalertbutton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.urlalertbutton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.xmlsessionplugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\allin1convert_8h.xmlsessionplugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [allin1convert search scope monitor]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@Allin1Convert_8h.com/Plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3282494
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3282494
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Allin1Convert_8h Browser Plugin Loader]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1604FC43-3A1E-4C6B-850D-70C8A858C61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{248B3E95-17A4-482D-A8A8-6B3DF4D05C35}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{250B71CD-97CA-40A5-834F-265719A62CAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27F49273-DE3A-4111-90F9-6C474C37AEFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39D4F1A1-A94D-4B7D-BF1D-7446308800ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{443321F7-E46C-42F8-812B-F35E98CBB44F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5CDE4714-32DC-473C-8194-0645E62C2E96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7CAEFAFC-9A1E-4BCC-94DD-BC7D8D52717A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7EB7381C-FB01-47FC-9C42-ED64122C1B92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{889F49D2-6CEA-40BE-BE5F-7217485F9745}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F83D657-5993-4FFA-9AEE-DA0B20D828A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4C2FB10-84C3-44EB-9F9E-860FA1D9A797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF60F89A-4645-4381-8C7F-B8FEAB385445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C8EF8F70-3807-424A-83F7-DA06FD4DACF9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD1A63BA-A08C-431B-9A34-F240AADC728D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE0F6787-9D1C-42B7-A0B9-EAC630F87902}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E4EF697F-434B-4DC7-A464-4412462206DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF3F28C8-0330-4D18-B901-D24CB83E5AA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF5DB804-585B-472E-B415-BC63F8F01BF6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F2C368C5-9F44-4D43-89F3-A1CC87F1DA96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F99DDD9A-07D0-47AB-86F1-193533DD2C60}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FBCBC43A-DCA9-4192-A4C8-B57FD0F77D4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{53F6A516-3DCC-48F4-835C-6C670CB39CEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5E58CDA9-3B21-4611-A859-26EE28950E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C5561B6-3DD2-46B5-83BE-EAE744366046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{16976E15-10EA-44FD-804A-6ECBC9EBBFC7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2561FD25-FE31-4E56-A120-AF7FEAAE3124}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4BD0FCFF-AD64-4315-9F2C-960EF3C21623}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507C73BB-FC69-425E-8A49-9204F886B328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6EC57031-1740-4151-93C5-C465D6063DD2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{76FC1003-0825-48BD-B59B-3B7A5754972C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9D217B94-6FC9-44FE-94B1-30C711871266}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B48AC2CD-9662-47E0-A3C0-3B01BB3F463E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BE698E51-830B-447A-954D-901D6E05DDE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BFCF748F-A56E-451F-AA45-0D7EB699E416}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D09139AB-0ACB-4F22-B9AE-816E6838A814}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D617CF84-B0BC-441F-9984-B676AFBA1E8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4C2FB10-84C3-44EB-9F9E-860FA1D9A797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBCBC43A-DCA9-4192-A4C8-B57FD0F77D4D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7CAEFAFC-9A1E-4BCC-94DD-BC7D8D52717A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{27F49273-DE3A-4111-90F9-6C474C37AEFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7CAEFAFC-9A1E-4BCC-94DD-BC7D8D52717A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7EB7381C-FB01-47FC-9C42-ED64122C1B92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF60F89A-4645-4381-8C7F-B8FEAB385445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E4EF697F-434B-4DC7-A464-4412462206DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F99DDD9A-07D0-47AB-86F1-193533DD2C60}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{248B3E95-17A4-482D-A8A8-6B3DF4D05C35}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53F6A516-3DCC-48F4-835C-6C670CB39CEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E58CDA9-3B21-4611-A859-26EE28950E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C5561B6-3DD2-46B5-83BE-EAE744366046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88E44198-D164-4EC0-B2C0-F679D866C6DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F671C1B3-9776-426D-A350-55FB2D9B53F7}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CD1A63BA-A08C-431B-9A34-F240AADC728D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{53F6A516-3DCC-48F4-835C-6C670CB39CEA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5E58CDA9-3B21-4611-A859-26EE28950E61}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C5561B6-3DD2-46B5-83BE-EAE744366046}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{114DB5FA-0AFB-BB92-A75B-F44D3CE875CD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{78562654-82B7-482A-85FB-2FFAAC49BF89}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03}
Schlüssel Gelöscht : HKCU\Software\allin1convert_8h
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Conduit_Search_Protect
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Tbccint_HKLM
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\allin1convert_8h
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\NCH_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\allin1convert_8h
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\NCH_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\allin1convert_8hbar uninstall firefox
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\allin1convert_8hbar uninstall internet explorer
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v


-\\ Google Chrome v40.0.2214.94

[C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP2EA375C4-4A2A-41C3-8522-0F347001456D&q={searchTerms}&SSPV=
[C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=AF7953BD-D92E-4D4D-9A3F-40971FF16898&ind=2013111311&n=77fda40f&psa=&st=sb&searchfor={searchTerms}
[C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=ME73D48B0-EF65-4E7D-98CF-43DBB00B02CF&SearchSource=58&CUI=&UM=6&UP=SP2EA375C4-4A2A-41C3-8522-0F347001456D&q={searchTerms}&SSPV=
[C:\Users\YannickReinhard\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}

-\\ Chromium v

[C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP2EA375C4-4A2A-41C3-8522-0F347001456D&q={searchTerms}&SSPV=
[C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=AF7953BD-D92E-4D4D-9A3F-40971FF16898&ind=2013111311&n=77fda40f&psa=&st=sb&searchfor={searchTerms}
[C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=ME73D48B0-EF65-4E7D-98CF-43DBB00B02CF&SearchSource=58&CUI=&UM=6&UP=SP2EA375C4-4A2A-41C3-8522-0F347001456D&q={searchTerms}&SSPV=
[C:\Users\YannickReinhard\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [17906 octets] - [04/02/2015 15:41:58]
AdwCleaner[S0].txt - [18106 octets] - [04/02/2015 15:43:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18167 octets] ##########

--------------------------------------------------------


Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by YannickReinhard on 04.02.2015 at 15:48:50,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\NCH_DETOOLBARHELPER.EXE-3A62166A.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.02.2015 at 15:51:23,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------------------------------------------------



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by YannickReinhard (administrator) on YANNICKREINHARD on 04-02-2015 15:53:27
Running from C:\Users\YannickReinhard\Downloads
Loaded Profiles: YannickReinhard (Available profiles: YannickReinhard)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Allin1Convert Home Page Guard 64 bit] => "C:\PROGRA~2\ALLIN1~2\bar\1.bin\AppIntegrator64.exe"
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-23] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-325977285-756268544-3411964983-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
Startup: C:\Users\YannickReinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-325977285-756268544-3411964983-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-325977285-756268544-3411964983-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-325977285-756268544-3411964983-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\YannickReinhard\AppData\Roaming\Mozilla\Firefox\Profiles\ono270ir.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-325977285-756268544-3411964983-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=ME73D48B0-EF65-4E7D-98CF-43DBB00B02CF&SearchSource=55&CUI=&UM=6&UP=SP2EA375C4-4A2A-41C3-8522-0F347001456D&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=ME73D48B0-EF65-4E7D-98CF-43DBB00B02CF&SearchSource=55&CUI=&UM=6&UP=SP2EA375C4-4A2A-41C3-8522-0F347001456D&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-06]
CHR Extension: (Google Drive) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-06]
CHR Extension: (Google-Suche) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-06]
CHR Extension: (Avira SafeSearch) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-16]
CHR Extension: (Google Wallet) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-06]
CHR Extension: (Google Mail) - C:\Users\YannickReinhard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-01-22] (BitRaider, LLC)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-11-20] ()
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-01-23] (BitRaider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-11-20] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation                          )
R3 SaiK1713; C:\Windows\System32\DRIVERS\SaiK1713.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1713; C:\Windows\System32\DRIVERS\SaiU1713.sys [47168 2012-09-20] (Saitek)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 15:51 - 2015-02-04 15:51 - 00000793 _____ () C:\Users\YannickReinhard\Desktop\JRT.txt
2015-02-04 15:47 - 2015-02-04 15:47 - 01388274 _____ (Thisisu) C:\Users\YannickReinhard\Downloads\JRT.exe
2015-02-04 15:46 - 2015-02-04 15:46 - 00018276 _____ () C:\Users\YannickReinhard\Desktop\AdwCleaner[S0].txt
2015-02-04 15:41 - 2015-02-04 15:43 - 00000000 ____D () C:\AdwCleaner
2015-02-04 15:40 - 2015-02-04 15:41 - 02194432 _____ () C:\Users\YannickReinhard\Downloads\AdwCleaner_4.109.exe
2015-02-04 11:06 - 2015-02-04 11:06 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-04 11:06 - 2015-02-04 11:06 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-04 11:06 - 2015-02-04 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-04 11:06 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-04 11:05 - 2015-02-04 11:06 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\YannickReinhard\Downloads\spybot-2.4 (2).exe
2015-02-04 10:55 - 2015-02-04 10:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\YannickReinhard\Downloads\spybot-2.4 (1).exe
2015-02-04 10:49 - 2015-02-04 10:49 - 00025905 _____ () C:\Users\YannickReinhard\Desktop\Combofix-.txt
2015-02-04 10:48 - 2015-02-04 10:48 - 00025905 _____ () C:\ComboFix.txt
2015-02-04 10:33 - 2015-02-04 10:33 - 00013586 _____ () C:\Users\YannickReinhard\Desktop\combofix - Verknüpfung.lnk
2015-02-04 01:18 - 2015-02-04 09:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 01:17 - 2015-02-04 01:17 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\YannickReinhard\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 01:17 - 2015-02-04 01:17 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 01:17 - 2015-02-04 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 01:17 - 2015-02-04 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-04 01:17 - 2015-02-04 01:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 01:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 01:17 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-04 01:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-04 00:10 - 2015-02-04 00:10 - 00000000 ____D () C:\Users\YannickReinhard\Desktop\Trojaner
2015-02-04 00:08 - 2015-02-04 00:08 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\YannickReinhard\Downloads\spybot-2.4.exe
2015-02-03 23:43 - 2015-02-03 23:43 - 00380416 _____ () C:\Users\YannickReinhard\Downloads\Gmer-19357.exe
2015-02-03 23:41 - 2015-02-04 15:53 - 00013337 _____ () C:\Users\YannickReinhard\Downloads\FRST.txt
2015-02-03 23:41 - 2015-02-03 23:42 - 00024784 _____ () C:\Users\YannickReinhard\Downloads\Addition.txt
2015-02-03 23:40 - 2015-02-04 15:53 - 00000000 ____D () C:\FRST
2015-02-03 23:40 - 2015-02-03 23:40 - 02131456 _____ (Farbar) C:\Users\YannickReinhard\Downloads\FRST64.exe
2015-02-03 23:39 - 2015-02-03 23:39 - 00000000 _____ () C:\Users\YannickReinhard\defogger_reenable
2015-02-03 23:38 - 2015-02-03 23:38 - 00000264 _____ () C:\Users\YannickReinhard\Downloads\defogger_enable.log
2015-02-03 23:37 - 2015-02-03 23:37 - 00050477 _____ () C:\Users\YannickReinhard\Downloads\Defogger (1).exe
2015-02-03 23:37 - 2015-02-03 23:37 - 00000492 _____ () C:\Users\YannickReinhard\Downloads\defogger_disable.log
2015-02-03 22:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-03 22:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-03 22:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-03 22:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-03 22:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-03 22:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-03 22:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-03 22:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-03 22:48 - 2015-02-04 10:48 - 00000000 ____D () C:\Qoobox
2015-02-03 22:48 - 2015-02-04 10:47 - 00000000 ____D () C:\Windows\erdnt
2015-02-03 22:46 - 2015-02-04 10:32 - 05611380 ____R (Swearware) C:\Users\YannickReinhard\Downloads\ComboFix.exe
2015-02-03 22:44 - 2015-02-03 22:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-03 22:43 - 2015-02-03 22:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\YannickReinhard\Downloads\revosetup95.exe
2015-02-03 22:38 - 2015-02-03 22:38 - 00028732 _____ () C:\Users\YannickReinhard\Downloads\Combo.txt
2015-02-03 15:40 - 2015-02-03 15:40 - 00003012 _____ () C:\Windows\System32\Tasks\FreeFixer background scan
2015-02-03 15:39 - 2015-02-03 15:39 - 02666167 _____ (Kephyr) C:\Users\YannickReinhard\Downloads\freefixersetup1.12.exe
2015-02-03 11:52 - 2015-02-03 11:52 - 00001254 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2015-02-03 11:20 - 2015-02-03 11:20 - 00001118 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-02-03 11:20 - 2015-02-03 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-02-03 11:20 - 2015-02-03 11:20 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-03 11:18 - 2015-02-03 11:18 - 02942368 _____ (Blizzard Entertainment) C:\Users\YannickReinhard\Downloads\World-of-Warcraft-Setup-deDE (1).exe
2015-02-03 11:15 - 2015-02-03 11:15 - 00010409 _____ () C:\Users\YannickReinhard\Documents\Uninstall STAR WARS The Old Republic.log
2015-02-03 11:07 - 2015-02-03 11:11 - 00000000 ____D () C:\Users\YannickReinhard\Desktop\Addons
2015-02-03 10:49 - 2015-02-03 10:49 - 00003550 _____ () C:\Windows\System32\Tasks\avaxvavya
2015-02-03 10:49 - 2015-02-03 10:49 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Local\avaxvavya
2015-02-02 11:27 - 2015-02-02 11:27 - 00194217 _____ () C:\Users\YannickReinhard\Downloads\RCLootCouncil-1.7.0.zip
2015-01-22 23:22 - 2015-01-22 23:22 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Local\SWTORPerf
2015-01-22 23:22 - 2015-01-22 23:22 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2015-01-22 23:22 - 2015-01-22 23:22 - 00000000 ____D () C:\ProgramData\BitRaider
2015-01-22 23:21 - 2015-01-22 23:21 - 00017360 _____ () C:\Users\YannickReinhard\Documents\Install STAR WARS The Old Republic.log
2015-01-22 23:21 - 2015-01-22 23:21 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2015-01-22 23:20 - 2015-01-22 23:20 - 29720272 _____ () C:\Users\YannickReinhard\Downloads\SWTOR_setup.exe
2015-01-15 22:30 - 2015-01-15 22:30 - 00013946 _____ () C:\Users\YannickReinhard\Downloads\TargetCharms (2).zip
2015-01-15 22:29 - 2015-01-15 22:29 - 00390145 _____ () C:\Users\YannickReinhard\Downloads\Recount-v6.0.3h_release.zip
2015-01-15 21:58 - 2015-01-15 21:58 - 00689258 _____ () C:\Users\YannickReinhard\Downloads\TidyPlates_6_15_3.zip
2015-01-15 20:45 - 2015-01-15 20:45 - 00577251 _____ () C:\Users\YannickReinhard\Downloads\Skada-1.4-27.zip
2015-01-14 09:59 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:59 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:59 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:59 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:59 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:59 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:59 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:59 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:59 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 09:59 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:59 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:59 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:59 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 15:46 - 2014-10-10 19:54 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Local\Deployment
2015-02-04 15:46 - 2013-11-14 21:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-04 15:45 - 2014-06-06 00:16 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 15:45 - 2013-11-13 23:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-04 15:45 - 2010-11-21 04:47 - 00296570 _____ () C:\Windows\PFRO.log
2015-02-04 15:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 15:45 - 2009-07-14 05:51 - 00231065 _____ () C:\Windows\setupact.log
2015-02-04 15:44 - 2013-11-13 23:27 - 01413028 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 15:43 - 2013-11-13 23:33 - 00000000 ____D () C:\Users\YannickReinhard
2015-02-04 15:43 - 2009-07-14 05:45 - 00035136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 15:43 - 2009-07-14 05:45 - 00035136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 12:19 - 2014-08-25 21:55 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Local\Battle.net
2015-02-04 11:08 - 2013-11-23 11:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-04 11:06 - 2013-11-23 11:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-04 10:51 - 2014-10-10 19:54 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Local\Apps\2.0
2015-02-04 10:47 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-04 03:08 - 2013-11-16 12:02 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-04 03:08 - 2013-11-14 08:22 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-02-04 03:08 - 2013-11-14 08:22 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-02-04 03:08 - 2009-07-14 06:13 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 01:44 - 2013-11-15 14:37 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Roaming\TS3Client
2015-02-04 00:18 - 2013-11-14 22:44 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-02-03 23:18 - 2009-07-14 03:34 - 71565312 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-03 23:18 - 2009-07-14 03:34 - 19922944 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-03 23:18 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-03 23:18 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-03 23:18 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-03 22:53 - 2013-11-14 00:43 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-03 22:50 - 2014-06-06 00:16 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 22:50 - 2014-06-06 00:16 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 22:29 - 2013-11-14 21:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 11:15 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-30 11:40 - 2014-12-29 22:11 - 00000000 ____D () C:\Users\YannickReinhard\AppData\Roaming\SimulationCraft
2015-01-24 22:29 - 2013-11-14 21:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 22:29 - 2013-11-14 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 22:29 - 2013-11-14 21:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-19 18:27 - 2014-01-19 21:03 - 00000000 ____D () C:\Windows\Minidump
2015-01-19 18:26 - 2014-01-19 21:03 - 743294109 _____ () C:\Windows\MEMORY.DMP
2015-01-14 12:15 - 2013-11-24 10:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 12:09 - 2013-11-24 10:09 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 09:52 - 2014-11-26 17:09 - 00000000 ____D () C:\Users\YannickReinhard\Documents\Bewerbungen

Some content of TEMP:
====================
C:\Users\YannickReinhard\AppData\Local\Temp\Quarantine.exe
C:\Users\YannickReinhard\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 11:10

==================== End Of Log ============================
--- --- ---



Der Log vom Addition.txt kam beim Scan nicht. also nur der FRST Log.

cosinus 04.02.2015 15:59
Zitat:
Running from C:\Users\YannickReinhard\Downloads
Dass die Tools auf den Desktop sollen, hab ich schonmal erwähnt.

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Yannick123 04.02.2015 16:16
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by YannickReinhard at 2015-02-04 16:12:14
Running from C:\Users\YannickReinhard\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A00CC809-7137-B31B-D13D-401DA7BD962F}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin Connect Wireless USB Adapter (HKLM-x32\...\InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}) (Version: 1.0.0.3 - Belkin)
Belkin Connect Wireless USB Adapter (x32 Version: 1.0.0.3 - Belkin) Hidden
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Free YouTube to MP3 Converter version 3.12.50.1122 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1122 - DVDVideoSoft Ltd.)
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Logitech G11 Keyboard Software 1.03 (HKLM\...\{59427B1F-852F-4AF1-8215-E5B12F966D89}) (Version: 1.3.166.0 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.3523 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Risen 3 - Titan Lords (HKLM-x32\...\Steam App 249230) (Version:  - Piranha Bytes)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Simulationcraft(x64) version 6.0.3.20 (HKLM-x32\...\{AC025546-B7C5-45A7-B16A-80AE482CBB01}_is1) (Version: 6.0.3.20 - Simulationcraft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SRWare Iron Version SRWare Iron 30.0.1650.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 30.0.1650.0 - SRWare)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - FireFly Studios)
Stronghold Crusader 2 (HKLM-x32\...\Steam App 232890) (Version:  - FireFly Studios)
Stronghold HD (HKLM-x32\...\Steam App 40950) (Version:  - FireFly Studios)
TeamSpeak 3 Client (HKU\S-1-5-21-325977285-756268544-3411964983-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Cursed Crusade (HKLM-x32\...\Steam App 106000) (Version:  - Kylotonn Entertainment)
TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-325977285-756268544-3411964983-1000_Classes\CLSID\{ae793a71-8a15-49b2-a212-25c89feb72ba}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

26-01-2015 21:11:37 Geplanter Prüfpunkt
01-02-2015 19:00:06 Windows-Sicherung
03-02-2015 22:55:31 Windows Update
04-02-2015 03:00:17 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-04 10:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {229D6F8B-1555-47B6-8C33-99A0D189DA5E} - System32\Tasks\FreeFixer background scan => C:\Program Files\FreeFixer\freefixer.exe
Task: {2DE42C54-E20B-49F3-B5BE-D6FC2E6425BD} - System32\Tasks\{D3207EF2-90BB-4F02-8BA1-A7F5906CE20A} => C:\Users\YannickReinhard\Downloads\midway_riseandfall.exe [2014-02-08] ()
Task: {2EED90E5-F640-4A45-8582-136AD6518121} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {315C416F-06ED-4C4F-94C3-40495BBFADB0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {4FB6F067-431C-438C-BBF8-4D52B96F029D} - System32\Tasks\{36A5AE87-EA05-411E-8597-E95176331FD0} => pcalua.exe -a C:\Users\YannickReinhard\Downloads\Range_MMO7_SD7_0_20_0_64Bit_Drivers.exe -d C:\Users\YannickReinhard\Downloads
Task: {694C9013-CC35-4B6C-9214-DF1B9490909C} - System32\Tasks\{18F2FDEE-A72A-4FB8-A264-313DB8DEF5E1} => pcalua.exe -a C:\Users\YannickReinhard\Downloads\midway_riseandfall.exe -d C:\Users\YannickReinhard\Downloads
Task: {73839B50-E0C5-4CDF-8413-1F67A75C8DDC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {7CCC0E7D-044C-4833-8722-59A4951837E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {93729F85-7B01-425C-8C86-8563C12C6661} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {A86AE4CE-2D0F-4DDA-BBAD-35C58D557386} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-06] (Google Inc.)
Task: {AB4B4BAF-1C4C-43A2-9DDA-F567B6906139} - System32\Tasks\{96156D6C-36D9-413C-9D18-675E46A37772} => pcalua.exe -a C:\Users\YannickReinhard\Downloads\Range_MMO7_SD7_0_20_0_32Bit_Drivers.exe -d C:\Users\YannickReinhard\Downloads
Task: {C143452C-F82C-471A-BC66-E161407CD1C4} - System32\Tasks\{C5B1863E-54D5-473F-8A6D-1C74F9955A0D} => pcalua.exe -a "C:\Users\YannickReinhard\Downloads\midway_riseandfall (1).exe"
Task: {D1E52366-EF71-498B-B2C5-3D4F9B3B6F92} - System32\Tasks\avaxvavya => C:\Users\YannickReinhard\AppData\Local\avaxvavya\avaxvavya.exe [2015-01-28] ()
Task: {D610575F-53D6-4491-A38D-580EAD2E88F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9D70F11-4E91-4D75-AA4F-5CD52B5EFC4D} - System32\Tasks\{3FF9624A-8C76-41B2-93D6-98BFB9D4755D} => C:\Users\YannickReinhard\Downloads\midway_riseandfall.exe [2014-02-08] ()
Task: {EA040439-442B-40C8-81DD-A904131AF985} - System32\Tasks\{B345773F-69CD-4587-9776-499F9B8B01FF} => C:\Users\YannickReinhard\Downloads\midway_riseandfall.exe [2014-02-08] ()
Task: {EEF73241-27C6-40D1-B1B9-5B4B1692C074} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-13 23:49 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-04 11:06 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-04 11:06 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-04 11:06 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-04 11:06 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-04 11:06 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-29 13:55 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 13:55 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 13:55 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 13:55 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-10-24 09:45 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 09:48 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 09:48 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 09:48 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-22 09:48 - 2015-01-23 23:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 13:55 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-10-30 11:25 - 2015-01-23 23:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-10-23 12:07 - 2015-01-16 00:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-11-14 00:36 - 2013-10-05 21:22 - 00875008 _____ () C:\Program Files (x86)\SRWare Iron\libglesv2.dll
2013-11-14 00:36 - 2013-10-05 21:25 - 00102912 _____ () C:\Program Files (x86)\SRWare Iron\libegl.dll
2013-11-14 00:36 - 2013-10-05 20:12 - 00861696 _____ () C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll
2015-02-03 11:20 - 2015-02-03 11:20 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libcef.dll
2015-02-03 11:20 - 2015-02-03 11:20 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libGLESv2.dll
2015-02-03 11:20 - 2015-02-03 11:20 - 00907776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\platforms\qwindows.dll
2015-02-03 11:20 - 2015-02-03 11:20 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libEGL.dll
2015-02-03 11:20 - 2015-02-03 11:20 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qgif.dll
2015-02-03 11:20 - 2015-02-03 11:20 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qico.dll
2015-02-03 11:20 - 2015-02-03 11:20 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qjpeg.dll
2015-02-03 11:20 - 2015-02-03 11:20 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qmng.dll
2015-02-03 11:20 - 2015-02-03 11:20 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qsvg.dll
2015-02-03 11:20 - 2015-02-03 11:20 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qtiff.dll
2015-02-03 11:20 - 2015-02-03 11:20 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick.2\qtquick2plugin.dll
2015-02-03 11:20 - 2015-02-03 11:20 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-02-03 11:20 - 2015-02-03 11:20 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQml\Models.2\modelsplugin.dll
2015-01-24 22:29 - 2015-01-24 22:29 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
2015-02-03 22:50 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-03 22:50 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-03 22:50 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-325977285-756268544-3411964983-500 - Administrator - Disabled)
Gast (S-1-5-21-325977285-756268544-3411964983-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-325977285-756268544-3411964983-1003 - Limited - Enabled)
YannickReinhard (S-1-5-21-325977285-756268544-3411964983-1000 - Administrator - Enabled) => C:\Users\YannickReinhard

==================== Faulty Device Manager Devices =============

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-04 10:46:20.261
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-04 10:46:20.236
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-04 10:46:20.212
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-04 10:46:20.187
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-03 23:17:39.016
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-03 23:17:38.990
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD FX(tm)-6350 Six-Core Processor
Percentage of memory in use: 32%
Total physical RAM: 8148.74 MB
Available physical RAM: 5497.68 MB
Total Pagefile: 16295.66 MB
Available Pagefile: 13067.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:698.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 04E7F4E0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Mit dem vom Desktop aus starten hatte ich bisher gar nicht im Griff. alle Dinge die ich bisher gemacht habe, sind nach dem Download automatisch gestartet.

cosinus 04.02.2015 16:21
Du musst die Programme ja auch entsprechend in den richtigen Ordner (dem Desktop!) runterladen oder eben aus dem Standardpfad (Downloads) erst auf den Desktop verschieben - wenn du das nicht machst wunder dich dann bitte nicht, dass dann unserer Anleitungen nicht mehr 100%ig für dich passen

Yannick123 04.02.2015 16:24
okay dann schau ich nochmal.. soll ich dann alles nochmal wiederholen oder kann man so jetzt fortfahren ?

cosinus 04.02.2015 16:37
FRST auf den Desktop verschieben!

Virenscanner jetzt vor dem Fix bitte komplett deaktivieren!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-325977285-756268544-3411964983-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=ME73D48B0-EF65-4E7D-98CF-43DBB00B02CF&SearchSource=55&CUI=&UM=6&UP=SP2EA375C4-4A2A-41C3-8522-0F347001456D&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=ME73D48B0-EF65-4E7D-98CF-43DBB00B02CF&SearchSource=55&CUI=&UM=6&UP=SP2EA375C4-4A2A-41C3-8522-0F347001456D&SSPV="
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
Task: {D1E52366-EF71-498B-B2C5-3D4F9B3B6F92} - System32\Tasks\avaxvavya => C:\Users\YannickReinhard\AppData\Local\avaxvavya\avaxvavya.exe [2015-01-28] ()
C:\Users\YannickReinhard\AppData\Local\avaxvavya
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Yannick123 04.02.2015 16:54
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by YannickReinhard at 2015-02-04 16:48:31 Run:1
Running from C:\Users\YannickReinhard\Desktop
Loaded Profiles: YannickReinhard (Available profiles: YannickReinhard)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-325977285-756268544-3411964983-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=ME73D48B0-EF65-4E7D-98CF-43DBB00B02CF&SearchSource=55&CUI=&UM=6&UP=SP2EA375C4-4A2A-41C3-8522-0F347001456D&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=ME73D48B0-EF65-4E7D-98CF-43DBB00B02CF&SearchSource=55&CUI=&UM=6&UP=SP2EA375C4-4A2A-41C3-8522-0F347001456D&SSPV="
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
Task: {D1E52366-EF71-498B-B2C5-3D4F9B3B6F92} - System32\Tasks\avaxvavya => C:\Users\YannickReinhard\AppData\Local\avaxvavya\avaxvavya.exe [2015-01-28] ()
C:\Users\YannickReinhard\AppData\Local\avaxvavya
EmptyTemp:
Hosts:
       
*****************

"HKU\S-1-5-21-325977285-756268544-3411964983-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{114DB5FA-0AFB-BB92-A75B-F44D3CE875CD}" => Key deleted successfully.
HKCR\CLSID\{114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1E52366-EF71-498B-B2C5-3D4F9B3B6F92}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1E52366-EF71-498B-B2C5-3D4F9B3B6F92}" => Key deleted successfully.
C:\Windows\System32\Tasks\avaxvavya => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvavya" => Key deleted successfully.
C:\Users\YannickReinhard\AppData\Local\avaxvavya => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 562.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:48:51 ====
Ich hoffe ich hab alles richtig gemacht
.:confused:


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:17 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131