Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8: Pingausbrüche (https://www.trojaner-board.de/163744-windows-8-pingausbrueche.html)

RollatorBoy 08.02.2015 14:17
Windows 8: Pingausbrüche
 
Guten Tag,

seit ca. 2 Wochen besteht bei mir dass Problem, dass ich bei League of Legends kurzzeitige Pingausbrüche bekomme. Normalerweise habe ich einen Ping von 36ms. Doch beim spielen von League of Legends schießt dieser immer kurzzeitig bis auf 4000 ms hoch, was das spielen unmöglich macht. Hatte auch schon bei der Telekom angerufen ob sie etwas finden jedoch ohne Erfolg. Jetzt vermute ich dass ich mir einen Virus eingefangen habe. Mittlerweile ist mein Internet generell schon schlecht egal, was ich mache kaum benutze ich dass Internet funktoniert nichts mehr richtig. Dass übertragt sich auch auf andere Geräte wie mein Handy oder die PS4 auch da ist dann alles unspielbar.

Habe eine 16k Leitung und benutze einen WLAN- Verstärker Stick hoffe dass nennt man so.
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:54 on 08/02/2015 (Markus)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Markus (administrator) on MANGE on 08-02-2015 13:56:14
Running from C:\Users\Markus\Downloads
Loaded Profiles: Markus (Available profiles: Markus)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
() D:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() D:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.234\deploy\LoLLauncher.exe
() D:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcher.exe
() D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
() C:\Users\Markus\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794904 2014-04-13] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [iTunesHelper] => D:\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [gmsd_de_52] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3933787145-1726514905-2320524226-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3933787145-1726514905-2320524226-1001\...\MountPoints2: {962103cc-40b2-11e4-8284-c03fd5a70050} - "I:\pushinst.exe"
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe
AppInit_DLLs: C:\PROGRA~3\INTERE~1\INTERE~2.DLL => C:\ProgramData\Interenet Optimizer\InterenetOptimizer_x64.dll [4302848 2014-12-01] ()
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49171;https=127.0.0.1:49171
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3933787145-1726514905-2320524226-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3933787145-1726514905-2320524226-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1420216903&from=tugs&uid=ADATAXSP900_7E2920006094
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3933787145-1726514905-2320524226-1001 -> DefaultScope {2A5CA23F-3E34-4A74-AD75-7D48F648D1E7} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE1140D20140920&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3933787145-1726514905-2320524226-1001 -> {2A5CA23F-3E34-4A74-AD75-7D48F648D1E7} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE1140D20140920&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3933787145-1726514905-2320524226-1001 -> {CE5C1662-BF40-491B-A47B-DEB38EC05874} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0CtDtA0F0DyD0AyBtDtDyDtD0BzzzztCtN0D0Tzu0StCtDyEyDtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0Azyzzzz0D0D0BtGtAtC0FyBtG0AtCyD0BtGtB0D0AzztGtCzzyB0EyDzytAtC0E0CtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AzztDyCtA0F0DtGtB0DyBtBtGyEtBtD0DtGzyyCtCyEtGyC0E0A0Ezz0Bzz0D0D0EtB0A2Q&cr=1107719762&ir=
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\215x0621.default
FF NewTab: hxxp://isearch.omiga-plus.com/newtab/?type=nt&ts=1420216903&from=tugs&uid=ADATAXSP900_7E2920006094
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE1140D20140920&p=
FF DefaultSearchEngine: Sichere Suche
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\215x0621.default\user.js
FF SearchPlugin: C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\215x0621.default\searchplugins\Astromenda.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: HQPro-Video 1.6V02.01 - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\215x0621.default\Extensions\0b105cbff1eb40b89bca7dae371d@7ead239035fb4613ab38ef.com [2015-01-02]
FF Extension: saveernet - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\215x0621.default\Extensions\3wt@46.net [2014-12-31]
FF Extension: Avira Browser Safety - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\215x0621.default\Extensions\abs@avira.com [2015-01-02]
FF Extension: Media+PlayerVidEd2.5 - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\215x0621.default\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [2015-01-02]
FF Extension: ProShopper - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\215x0621.default\Extensions\sGEDyol@2U.edu [2014-12-01]
FF Extension: deal4real - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\215x0621.default\Extensions\wEA@H.org [2014-12-15]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\215x0621.default\extensions\faststartff@gmail.com
FF Extension: No Name - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\215x0621.default\extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [Not Found]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-07]
CHR Extension: (YouTube) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Google-Suche) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Google Tabellen) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Avira Browserschutz) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-07]
CHR Extension: (Google Wallet) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-07]
CHR Extension: (Google Mail) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 fwlanusb4; C:\Windows\system32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                          )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 13:56 - 2015-02-08 13:56 - 00017886 _____ () C:\Users\Markus\Downloads\FRST.txt
2015-02-08 13:56 - 2015-02-08 13:56 - 00000000 ____D () C:\FRST
2015-02-08 13:55 - 2015-02-08 13:55 - 02132992 _____ (Farbar) C:\Users\Markus\Downloads\FRST64.exe
2015-02-08 13:55 - 2015-02-08 13:55 - 01124352 _____ (Farbar) C:\Users\Markus\Downloads\FRST.exe
2015-02-08 13:54 - 2015-02-08 13:54 - 00050477 _____ () C:\Users\Markus\Downloads\Defogger.exe
2015-02-08 13:54 - 2015-02-08 13:54 - 00000474 _____ () C:\Users\Markus\Downloads\defogger_disable.log
2015-02-08 13:54 - 2015-02-08 13:54 - 00000000 _____ () C:\Users\Markus\defogger_reenable
2015-02-07 16:28 - 2015-02-07 16:28 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\MAGIX
2015-02-07 16:28 - 2015-02-07 16:28 - 00000000 ____D () C:\ProgramData\MAGIX
2015-02-07 16:20 - 2015-02-07 16:20 - 00000032 _____ () C:\ProgramData\Temp.log
2015-02-07 16:09 - 2015-02-07 16:09 - 00007607 _____ () C:\Users\Markus\AppData\Local\Resmon.ResmonCfg
2015-02-07 13:10 - 2015-02-07 13:10 - 00002275 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-07 13:10 - 2015-02-07 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-07 13:09 - 2015-02-08 13:14 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 13:09 - 2015-02-08 13:14 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 13:09 - 2015-02-07 13:10 - 00000000 ____D () C:\Users\Markus\AppData\Local\Google
2015-02-07 13:09 - 2015-02-07 13:10 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-07 13:09 - 2015-02-07 13:09 - 00004094 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 13:09 - 2015-02-07 13:09 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-07 13:09 - 2015-02-07 13:09 - 00000000 ____D () C:\Users\Markus\AppData\Local\Deployment
2015-02-07 13:09 - 2015-02-07 13:09 - 00000000 ____D () C:\Users\Markus\AppData\Local\Apps\2.0
2015-02-07 11:54 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150207-115425.backup
2015-02-01 15:01 - 2015-02-02 19:36 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\TS3Client
2015-02-01 15:01 - 2015-02-01 15:01 - 00001226 _____ () C:\Users\Markus\Desktop\TeamSpeak 3 Client.lnk
2015-02-01 15:01 - 2015-02-01 15:01 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-02-01 15:01 - 2015-02-01 15:01 - 00000000 ____D () C:\Users\Markus\AppData\Local\TeamSpeak 3 Client
2015-02-01 14:27 - 2015-02-07 15:33 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Steganos VPN
2015-02-01 14:26 - 2015-02-07 16:09 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Steganos
2015-01-29 18:55 - 2015-01-29 18:55 - 00002715 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-29 18:55 - 2015-01-29 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-29 18:50 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150129-185002.backup
2015-01-29 18:38 - 2015-02-07 13:03 - 00015201 _____ () C:\Windows\wininit.ini
2015-01-28 20:37 - 2015-02-07 18:21 - 00000000 ___HD () C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-01-28 20:37 - 2015-02-07 15:34 - 00000000 ___HD () C:\Users\Markus\AppData\Roaming\38E380EA
2015-01-28 20:37 - 2015-01-28 20:37 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-19 18:10 - 2015-01-19 18:42 - 309950829 _____ () C:\Users\Markus\Downloads\11132014_EU_Setup.exe
2015-01-19 18:00 - 2015-01-19 21:58 - 890453092 _____ () C:\Users\Markus\Downloads\11132014_EU_Setup(1).exe.part
2015-01-19 17:54 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150119-175435.backup
2015-01-17 17:43 - 2015-02-07 13:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-15 18:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 18:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 18:15 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-15 18:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 18:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-15 18:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-15 18:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-15 18:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-15 18:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-15 18:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-15 18:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 18:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-15 18:15 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-15 18:15 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-15 18:15 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-15 18:15 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-15 18:15 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-15 18:14 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-15 18:14 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-15 18:14 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-15 18:14 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-15 18:14 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-15 18:14 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-15 18:14 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-15 18:14 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-15 18:14 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-15 18:14 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-15 18:14 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-15 18:14 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-15 18:14 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-15 18:14 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-09 14:38 - 2015-01-09 14:38 - 00000000 ____D () C:\Users\Markus\AppData\Local\Macromedia
2015-01-09 00:17 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150109-001705.backup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 13:54 - 2014-09-20 11:42 - 00000000 ____D () C:\Users\Markus
2015-02-08 13:53 - 2015-01-02 17:41 - 00001700 _____ () C:\Windows\Tasks\CLATIAS.job
2015-02-08 13:52 - 2014-09-20 11:55 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Skype
2015-02-08 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-08 12:37 - 2014-08-19 11:55 - 01261335 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 12:21 - 2014-09-20 11:48 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DC69232B-42CF-400F-A974-750E8A713E7A}
2015-02-07 18:26 - 2014-04-28 12:38 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-02-07 18:26 - 2014-04-28 12:38 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-02-07 18:26 - 2014-03-18 16:26 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-07 18:21 - 2015-01-02 17:42 - 00003476 _____ () C:\Windows\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-1.job
2015-02-07 18:21 - 2015-01-02 17:41 - 00002460 _____ () C:\Windows\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-5.job
2015-02-07 18:20 - 2015-01-02 17:42 - 00004506 _____ () C:\Windows\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-4.job
2015-02-07 18:20 - 2015-01-02 17:42 - 00002458 _____ () C:\Windows\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-5.job
2015-02-07 18:20 - 2015-01-02 17:42 - 00002122 _____ () C:\Windows\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-2.job
2015-02-07 18:20 - 2015-01-02 17:42 - 00001702 _____ () C:\Windows\Tasks\OADLYJYK.job
2015-02-07 18:20 - 2015-01-02 17:42 - 00001348 _____ () C:\Windows\Tasks\UHX.job
2015-02-07 18:20 - 2015-01-02 17:41 - 00004508 _____ () C:\Windows\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-4.job
2015-02-07 18:20 - 2015-01-02 17:41 - 00004070 _____ () C:\Windows\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-12.job
2015-02-07 18:20 - 2015-01-02 17:41 - 00003144 _____ () C:\Windows\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-1.job
2015-02-07 18:20 - 2015-01-02 17:41 - 00002124 _____ () C:\Windows\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-2.job
2015-02-07 18:20 - 2015-01-02 17:41 - 00001352 _____ () C:\Windows\Tasks\WFLQI.job
2015-02-07 18:19 - 2013-08-22 15:46 - 00103635 _____ () C:\Windows\setupact.log
2015-02-07 18:19 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 17:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-07 16:45 - 2014-09-20 11:47 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3933787145-1726514905-2320524226-1001
2015-02-07 16:29 - 2014-03-18 09:16 - 00203296 _____ () C:\Windows\PFRO.log
2015-02-07 16:26 - 2013-08-22 15:44 - 00346960 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-07 16:25 - 2014-09-27 15:05 - 00000000 ____D () C:\Users\Markus\AppData\Local\Ashampoo
2015-02-07 16:25 - 2014-08-19 12:31 - 00000000 ____D () C:\ProgramData\ashampoo
2015-02-07 16:25 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-07 16:24 - 2014-08-19 12:18 - 00000000 ____D () C:\Program Files\Nitro
2015-02-07 16:23 - 2014-07-11 13:08 - 00000000 ____D () C:\Program Files\CyberLink
2015-02-07 16:22 - 2014-08-19 12:18 - 00000000 ____D () C:\ProgramData\CyberLink
2015-02-07 16:22 - 2014-08-19 12:18 - 00000000 ____D () C:\ProgramData\CLSK
2015-02-07 16:22 - 2014-04-25 08:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-07 16:16 - 2014-09-20 12:40 - 00000000 ____D () C:\Program Files\OBS
2015-02-07 16:16 - 2014-09-20 12:40 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-02-07 16:14 - 2014-04-25 09:12 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-07 16:13 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-07 10:35 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 19:25 - 2014-09-24 18:37 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Nitro PDF
2015-02-02 18:53 - 2014-09-20 15:50 - 00000738 _____ () C:\Users\Markus\Desktop\lol.launcher.admin - Verknüpfung.lnk
2015-02-01 16:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-29 18:55 - 2014-09-20 11:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-29 18:55 - 2014-09-20 11:55 - 00000000 ____D () C:\ProgramData\Skype
2015-01-29 18:38 - 2015-01-08 23:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-29 18:18 - 2014-12-31 11:22 - 00000000 ____D () C:\ProgramData\ssaVernet
2015-01-29 18:18 - 2014-12-15 18:04 - 00000000 ____D () C:\ProgramData\PriceDownloader
2015-01-29 18:18 - 2014-12-01 20:50 - 00000000 ____D () C:\ProgramData\dealster
2015-01-28 20:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-01-15 18:25 - 2014-09-20 17:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 18:24 - 2014-04-24 17:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 00:30 - 2014-11-25 15:05 - 00000000 ____D () C:\Users\Markus\AppData\Local\Adobe

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Markus\AppData\Roaming\CLATIAS
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Markus\AppData\Roaming\OADLYJYK
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Markus\AppData\Roaming\UHX
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Markus\AppData\Roaming\WFLQI
2015-02-07 16:09 - 2015-02-07 16:09 - 0007607 _____ () C:\Users\Markus\AppData\Local\Resmon.ResmonCfg
2014-08-19 12:09 - 2014-08-19 12:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-07 16:20 - 2015-02-07 16:20 - 0000032 _____ () C:\ProgramData\Temp.log
2014-08-19 12:23 - 2014-08-19 12:23 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-08-19 12:20 - 2014-08-19 12:20 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-08-19 12:23 - 2014-08-19 12:23 - 0000032 _____ () C:\ProgramData\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}.log
2014-08-19 12:22 - 2014-08-19 12:22 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-08-19 12:18 - 2014-08-19 12:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2014-08-19 12:22 - 2014-08-19 12:22 - 0000032 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log
2014-08-19 12:19 - 2014-08-19 12:19 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2014-08-19 12:20 - 2014-08-19 12:20 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\Markus\AppData\Local\Temp\AppLauncher.exe
C:\Users\Markus\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-08 12:28

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
Ran by Markus at 2015-02-08 13:56:29
Running from C:\Users\Markus\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Interenet Optimizer (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643}) (Version:  - BullPoint) <==== ATTENTION
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA Graphics Driver 335.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.44 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamSpeak 3 Client (HKU\S-1-5-21-3933787145-1726514905-2320524226-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3933787145-1726514905-2320524226-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\browser.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D7E9327-A5ED-402F-8E39-B86CA8C75A18} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe <==== ATTENTION
Task: {0E7511BA-BCD6-45E2-9FA3-6BF132F4C2E7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {1F1C5716-E9C5-4BF3-8AB0-92CE10A02CF2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {20671F5A-AD76-4F65-9E6B-19EC5A717EDB} - System32\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-12 => C:\Program Files (x86)\HQPro-Video 1.6V02.01\1539e54d-2ebd-4b3c-a20b-8567e80be522-12.exe <==== ATTENTION
Task: {34E301E1-48A7-4EBA-98A0-1542446D3977} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
Task: {4473999F-A61B-4934-A2B7-9D2CC85BC8AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {47187EFD-3A6C-495B-8C88-09EC823204DC} - System32\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-5 => C:\Program Files (x86)\HQPro-Video 1.6V02.01\1539e54d-2ebd-4b3c-a20b-8567e80be522-5.exe <==== ATTENTION
Task: {53CF45E2-C8F6-4504-B262-6F2669AC5846} - System32\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-5_user => C:\Program Files (x86)\Media+PlayerVidEd2.5\0820c020-f579-4a5d-b7e6-d19ea68c265d-5.exe <==== ATTENTION
Task: {5ADF01C5-730E-4E20-A13F-24029D45519C} - System32\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-1 => C:\Program Files (x86)\Media+PlayerVidEd2.5\Media+PlayerVidEd2.5-codedownloader.exe <==== ATTENTION
Task: {612AAB6C-702C-4208-9F36-0EDEC37E8EA7} - System32\Tasks\Digital Sites => C:\Users\Markus\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6511AFCB-0C53-4657-9079-CEA64C78426F} - System32\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-1 => C:\Program Files (x86)\HQPro-Video 1.6V02.01\HQPro-Video 1.6V02.01-codedownloader.exe <==== ATTENTION
Task: {72456BAA-8112-498D-9F93-FA34A5F14291} - System32\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-5_user => C:\Program Files (x86)\HQPro-Video 1.6V02.01\1539e54d-2ebd-4b3c-a20b-8567e80be522-5.exe <==== ATTENTION
Task: {8446C1FE-E676-4762-A651-DCF22E477108} - System32\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-10_user => C:\Program Files (x86)\Media+PlayerVidEd2.5\0820c020-f579-4a5d-b7e6-d19ea68c265d-10.exe <==== ATTENTION
Task: {88CC2F9A-D2C2-412E-82BE-3B85A900711E} - System32\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-4 => C:\Program Files (x86)\Media+PlayerVidEd2.5\0820c020-f579-4a5d-b7e6-d19ea68c265d-4.exe <==== ATTENTION
Task: {892BFEE5-710F-4057-BD82-30AE8C81E483} - System32\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-2 => C:\Program Files (x86)\HQPro-Video 1.6V02.01\1539e54d-2ebd-4b3c-a20b-8567e80be522-2.exe <==== ATTENTION
Task: {9402ABCD-FDB7-4BEC-8C56-20EA309C3961} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {A03F3086-E0EB-4077-ADC6-B89D1CF0318E} - System32\Tasks\OADLYJYK => C:\Users\Markus\AppData\Roaming\OADLYJYK.exe <==== ATTENTION
Task: {A3477279-79C0-4099-87C1-07A2E79F0387} - System32\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-2 => C:\Program Files (x86)\Media+PlayerVidEd2.5\0820c020-f579-4a5d-b7e6-d19ea68c265d-2.exe <==== ATTENTION
Task: {A38EDB23-9A68-4423-B021-E4C32ED61611} - System32\Tasks\CLATIAS => C:\Users\Markus\AppData\Roaming\CLATIAS.exe <==== ATTENTION
Task: {A9AC5491-BA37-422F-982B-F07F7A470C21} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {AEB2AB19-8B18-40B1-A813-D167CE3B529E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {AFD23C2C-CA35-47AB-AF3D-4E7F7BCF6AD0} - System32\Tasks\{A95737A6-DB7D-478E-BCCD-8A98B327DE42} => pcalua.exe -a "C:\Users\Markus\AppData\Roaming\1H1Q1V1N1N1O1R\File Opener Packages\uninstaller.exe" -c /Uninstall /NM="File Opener Packages" /AN="1H1Q1V1N1N1O1R" /MBN="File Opener Packages"
Task: {C4781AA3-0600-4BF1-A205-C3B150CE537F} - System32\Tasks\UHX => C:\Users\Markus\AppData\Roaming\UHX.exe <==== ATTENTION
Task: {CDC73FD9-4FD0-4D64-B73A-152686288C5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {D8CE6984-6F23-4C73-85F2-76419E28B636} - System32\Tasks\temp_1539e54d-2ebd-4b3c-a20b-8567e80be522-12 => C:\Program Files (x86)\HQPro-Video 1.6V02.01\1539e54d-2ebd-4b3c-a20b-8567e80be522-12.exe <==== ATTENTION
Task: {EACCBF02-EC44-4097-A587-1C4BF3BEE18A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-15] (Microsoft Corporation)
Task: {F3F135BC-39BD-4AC3-8E09-F7094F7D9F0B} - System32\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-5 => C:\Program Files (x86)\Media+PlayerVidEd2.5\0820c020-f579-4a5d-b7e6-d19ea68c265d-5.exe <==== ATTENTION
Task: {F8EDCBC3-DFC7-4719-8CAC-407F804DAB42} - System32\Tasks\WFLQI => C:\Users\Markus\AppData\Roaming\WFLQI.exe <==== ATTENTION
Task: {FE07F5F4-F847-47F2-A22C-4EC2D2ACFBBA} - System32\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-4 => C:\Program Files (x86)\HQPro-Video 1.6V02.01\1539e54d-2ebd-4b3c-a20b-8567e80be522-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-1.job => C:\Program Files (x86)\Media+PlayerVidEd2.5\Media+PlayerVidEd2.5-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-10_user.job => C:\Program Files (x86)\Media+PlayerVidEd2.5\0820c020-f579-4a5d-b7e6-d19ea68c265d-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-2.job => C:\Program Files (x86)\Media+PlayerVidEd2.5\0820c020-f579-4a5d-b7e6-d19ea68c265d-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-4.job => C:\Program Files (x86)\Media+PlayerVidEd2.5\0820c020-f579-4a5d-b7e6-d19ea68c265d-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-5.job => C:\Program Files (x86)\Media+PlayerVidEd2.5\0820c020-f579-4a5d-b7e6-d19ea68c265d-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-5_user.job => C:\Program Files (x86)\Media+PlayerVidEd2.5\0820c020-f579-4a5d-b7e6-d19ea68c265d-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-1.job => C:\Program Files (x86)\HQPro-Video 1.6V02.01\HQPro-Video 1.6V02.01-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-12.job => C:\Users\Markus\AppData\Local\Temp\nsoEC6F.tmp\Rhgdw.exe <==== ATTENTION
Task: C:\Windows\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-2.job => C:\Program Files (x86)\HQPro-Video 1.6V02.01\1539e54d-2ebd-4b3c-a20b-8567e80be522-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-4.job => C:\Program Files (x86)\HQPro-Video 1.6V02.01\1539e54d-2ebd-4b3c-a20b-8567e80be522-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-5.job => C:\Program Files (x86)\HQPro-Video 1.6V02.01\1539e54d-2ebd-4b3c-a20b-8567e80be522-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\1539e54d-2ebd-4b3c-a20b-8567e80be522-5_user.job => C:\Program Files (x86)\HQPro-Video 1.6V02.01\1539e54d-2ebd-4b3c-a20b-8567e80be522-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\CLATIAS.job => C:\Users\Markus\AppData\Roaming\CLATIAS.exe <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Markus\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OADLYJYK.job => C:\Users\Markus\AppData\Roaming\OADLYJYK.exe <==== ATTENTION
Task: C:\Windows\Tasks\UHX.job => C:\Users\Markus\AppData\Roaming\UHX.exe <==== ATTENTION
Task: C:\Windows\Tasks\WFLQI.job => C:\Users\Markus\AppData\Roaming\WFLQI.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-08-19 12:07 - 2014-04-13 20:16 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-09 17:58 - 2013-05-09 17:58 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2015-02-02 23:12 - 2013-09-05 22:58 - 01294336 _____ () D:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2015-02-02 23:11 - 2015-02-05 15:50 - 02445816 _____ () D:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.234\deploy\LoLLauncher.exe
2015-02-05 15:50 - 2015-02-05 15:50 - 04234232 _____ () D:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcher.exe
2015-02-02 19:20 - 2013-09-05 23:12 - 00074752 _____ () D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\LolClient.exe
2015-02-08 13:54 - 2015-02-08 13:54 - 00050477 _____ () C:\Users\Markus\Downloads\Defogger.exe
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-08 23:56 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-08 23:56 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-08 23:56 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-08 23:56 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-08 23:56 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-19 11:54 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2013-03-07 12:53 - 2013-03-07 12:53 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2010-01-12 16:55 - 2010-01-12 16:55 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2010-01-12 16:55 - 2010-01-12 16:55 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2010-12-16 12:16 - 2010-12-16 12:16 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2010-01-17 23:34 - 2010-01-17 23:34 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2013-03-07 12:55 - 2013-03-07 12:55 - 00472576 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2013-03-07 12:58 - 2013-03-07 12:58 - 00499488 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2013-03-07 12:54 - 2013-03-07 12:54 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2010-12-17 12:56 - 2010-12-17 12:56 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2015-02-05 15:50 - 2015-02-05 15:50 - 01618424 _____ () D:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\RiotLauncher.dll
2015-02-02 19:21 - 2013-09-05 23:10 - 04774248 _____ () D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2015-02-07 13:10 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-07 13:10 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-07 13:10 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3933787145-1726514905-2320524226-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\OEM\wallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "Avira Systray"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-3933787145-1726514905-2320524226-1001\...\StartupApproved\Run: => "38E380EA"
HKU\S-1-5-21-3933787145-1726514905-2320524226-1001\...\StartupApproved\Run: => "OKAYFREEDOM_Agent"

==================== Accounts: =============================

Administrator (S-1-5-21-3933787145-1726514905-2320524226-500 - Administrator - Disabled)
Gast (S-1-5-21-3933787145-1726514905-2320524226-501 - Limited - Disabled)
Markus (S-1-5-21-3933787145-1726514905-2320524226-1001 - Administrator - Enabled) => C:\Users\Markus

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2015 04:24:04 PM) (Source: nlsX86cc) (EventID: 0) (User: )
Description: Stop request seennlsX86cc error: 0

Error: (02/07/2015 04:21:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PowerDVD12.exe, Version: 12.0.26097.4127, Zeitstempel: 0x53845990
Name des fehlerhaften Moduls: BoomerangLib.dll_unloaded, Version: 3.0.0.3613, Zeitstempel: 0x52aadaf1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014ae18
ID des fehlerhaften Prozesses: 0x8a4
Startzeit der fehlerhaften Anwendung: 0xPowerDVD12.exe0
Pfad der fehlerhaften Anwendung: PowerDVD12.exe1
Pfad des fehlerhaften Moduls: PowerDVD12.exe2
Berichtskennung: PowerDVD12.exe3
Vollständiger Name des fehlerhaften Pakets: PowerDVD12.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PowerDVD12.exe5

Error: (02/07/2015 01:03:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDScan.exe, Version 2.4.40.181 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 276c

Startzeit: 01d042c440b0a8cc

Endzeit: 2

Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Berichts-ID: 55570198-aec1-11e4-82ad-246511cb8ced

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/05/2015 09:23:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5418782

Error: (02/05/2015 09:23:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5418782

Error: (02/05/2015 09:23:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2015 09:23:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5417625

Error: (02/05/2015 09:23:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5417625

Error: (02/05/2015 09:23:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2015 09:23:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5416438


System errors:
=============
Error: (02/08/2015 01:34:19 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (02/08/2015 01:34:12 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (02/08/2015 01:34:10 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (02/08/2015 01:34:10 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (02/08/2015 01:10:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (02/08/2015 01:10:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (02/08/2015 01:10:08 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (02/08/2015 01:09:06 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (02/08/2015 01:07:36 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (02/08/2015 01:07:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (02/07/2015 04:24:04 PM) (Source: nlsX86cc) (EventID: 0) (User: )
Description: Stop request seennlsX86cc error: 0

Error: (02/07/2015 04:21:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PowerDVD12.exe12.0.26097.412753845990BoomerangLib.dll_unloaded3.0.0.361352aadaf1c00000050014ae188a401d042e9ca7f1303C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exeBoomerangLib.dll08f04f11-aedd-11e4-82ae-246511cb8ced

Error: (02/07/2015 01:03:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDScan.exe2.4.40.181276c01d042c440b0a8cc2C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe55570198-aec1-11e4-82ad-246511cb8ced

Error: (02/05/2015 09:23:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5418782

Error: (02/05/2015 09:23:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5418782

Error: (02/05/2015 09:23:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2015 09:23:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5417625

Error: (02/05/2015 09:23:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5417625

Error: (02/05/2015 09:23:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2015 09:23:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5416438


CodeIntegrity Errors:
===================================
  Date: 2015-02-08 12:28:19.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\browser.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-05 16:56:37.309
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\browser.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-04 17:50:43.238
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\browser.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-03 18:03:16.516
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\browser.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-03 02:25:27.685
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\browser.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-02 16:22:02.747
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\browser.dll that did not meet the Windows signing level requirements.

  Date: 2015-02-01 17:28:07.427
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\browser.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-31 11:36:05.424
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\browser.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-31 11:30:19.231
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\browser.dll that did not meet the Windows signing level requirements.

  Date: 2015-01-31 11:19:39.964
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\browser.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 30%
Total physical RAM: 8144.42 MB
Available physical RAM: 5661.64 MB
Total Pagefile: 9424.42 MB
Available Pagefile: 6244.43 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:57.91 GB) (Free:22.46 GB) NTFS
Drive d: (Data) (Fixed) (Total:871.39 GB) (Free:862.79 GB) NTFS
Drive e: (Recover) (Fixed) (Total:60 GB) (Free:41.13 GB) NTFS
Drive h: () (Removable) (Total:14.63 GB) (Free:8.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 14.6 GB) (Disk ID: 0201A921)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)

==================== End Of Log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-08 14:02:30
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002f ADATA_SP900 rev.5.6.0 59,63GB
Running: Gmer-19357 (1).exe; Driver: C:\Users\Markus\AppData\Local\Temp\ugtdypod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\KERNEL32.DLL!GetUserDefaultLocaleName                  00007ffde19e2ca0 5 bytes JMP 00007ffee19b0298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\KERNEL32.DLL!CreateProcessW                            00007ffde19e767c 5 bytes JMP 00007ffee19d0298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\KERNEL32.DLL!GetThreadPreferredUILanguages            00007ffde1a941c0 5 bytes JMP 00007ffee19a0298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\KERNEL32.DLL!GetSystemDefaultLocaleName                00007ffde1a94290 5 bytes JMP 00007ffee19c0298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                          00007ffde0dbcbe0 5 bytes JMP 00007ffee0d30298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\OLEAUT32.dll!SysAllocString                            00007ffde3441650 5 bytes JMP 00007ffde36c0298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\USER32.dll!SetFocus                                    00007ffde1d01170 5 bytes JMP 00007ffde1ee0298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\USER32.dll!DialogBoxParamW                            00007ffde1d30ac0 5 bytes JMP 00007ffde1f00298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\USER32.dll!DialogBoxParamA                            00007ffde1d5fcf8 5 bytes JMP 00007ffde1ef0298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\WINMM.dll!PlaySoundW                                  00007ffdde1d1900 5 bytes JMP 00007ffede1c0298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\WINMM.dll!waveOutOpen                                  00007ffdde1d4de0 5 bytes JMP 00007ffdde200298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\WINMM.dll!PlaySoundA                                  00007ffdde1e0b64 5 bytes JMP 00007ffdde1f0298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\ADVAPI32.dll!RegOpenKeyExW                            00007ffde1741250 5 bytes JMP 00007ffee1730298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\ADVAPI32.dll!RegCloseKey                              00007ffde1741260 5 bytes JMP 00007ffee1700298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\ADVAPI32.dll!RegQueryValueExW                          00007ffde1741270 5 bytes JMP 00007ffee1710298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\ADVAPI32.dll!RegGetValueW                              00007ffde1741920 5 bytes JMP 00007ffee1720298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\SHLWAPI.dll!SHRegGetValueW                            00007ffde1e82f90 5 bytes JMP 00007ffde1f30298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW                        00007ffde1e85d00 5 bytes JMP 00007ffde1f20298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA                        00007ffde1ea206c 5 bytes JMP 00007ffde1f10298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\WININET.dll!InternetSetCookieExW                      00007ffdd8c4bf20 5 bytes JMP 00007ffed8bd0298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\urlmon.dll!ObtainUserAgentString                      00007ffdd91a57f0 5 bytes JMP 00007ffdd9290298
.text  C:\Windows\system32\msdtc.exe[7140] C:\Windows\system32\mlang.dll!LcidToRfc1766W                              00007ffdcf443850 5 bytes JMP 00007ffecf430298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\KERNEL32.DLL!GetUserDefaultLocaleName                00007ffde19e2ca0 5 bytes JMP 00007ffee19b0298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\KERNEL32.DLL!CreateProcessW                          00007ffde19e767c 5 bytes JMP 00007ffee19d0298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\KERNEL32.DLL!GetThreadPreferredUILanguages          00007ffde1a941c0 5 bytes JMP 00007ffee19a0298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\KERNEL32.DLL!GetSystemDefaultLocaleName              00007ffde1a94290 5 bytes JMP 00007ffee19c0298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\USER32.dll!SetFocus                                  00007ffde1d01170 5 bytes JMP 00007ffde1ee0298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\USER32.dll!DialogBoxParamW                          00007ffde1d30ac0 5 bytes JMP 00007ffde1f00298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\USER32.dll!DialogBoxParamA                          00007ffde1d5fcf8 5 bytes JMP 00007ffde1ef0298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\SHLWAPI.dll!SHRegGetValueW                          00007ffde1e82f90 5 bytes JMP 00007ffde1f30298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW                      00007ffde1e85d00 5 bytes JMP 00007ffde1f20298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA                      00007ffde1ea206c 5 bytes JMP 00007ffde1f10298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                        00007ffde0dbcbe0 5 bytes JMP 00007ffee0d30298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\ADVAPI32.dll!RegOpenKeyExW                          00007ffde1741250 5 bytes JMP 00007ffee1730298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\ADVAPI32.dll!RegCloseKey                            00007ffde1741260 5 bytes JMP 00007ffee1700298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\ADVAPI32.dll!RegQueryValueExW                        00007ffde1741270 5 bytes JMP 00007ffee1710298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\ADVAPI32.dll!RegGetValueW                            00007ffde1741920 5 bytes JMP 00007ffee1720298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\OLEAUT32.dll!SysAllocString                          00007ffde3441650 5 bytes JMP 00007ffde36c0298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\WININET.dll!InternetSetCookieExW                    00007ffdd8c4bf20 5 bytes JMP 00007ffed8bd0298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\urlmon.dll!ObtainUserAgentString                    00007ffdd91a57f0 5 bytes JMP 00007ffdd9290298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\winmm.dll!PlaySoundW                                00007ffdde1d1900 5 bytes JMP 00007ffede1c0298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\winmm.dll!waveOutOpen                                00007ffdde1d4de0 5 bytes JMP 00007ffdde200298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\winmm.dll!PlaySoundA                                00007ffdde1e0b64 5 bytes JMP 00007ffdde1f0298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\mlang.dll!LcidToRfc1766W                            00007ffdcf443850 5 bytes JMP 00007ffecf430298
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                  00007ffde10e169a 4 bytes [0E, E1, FD, 7F]
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                  00007ffde10e16a2 4 bytes [0E, E1, FD, 7F]
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                      00007ffde10e181a 4 bytes [0E, E1, FD, 7F]
.text  C:\Windows\system32\msiexec.exe[8104] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                      00007ffde10e1832 4 bytes [0E, E1, FD, 7F]
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\KERNEL32.DLL!GetUserDefaultLocaleName      00007ffde19e2ca0 5 bytes JMP 00007ffee19b0298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\KERNEL32.DLL!CreateProcessW                00007ffde19e767c 5 bytes JMP 00007ffee19d0298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\KERNEL32.DLL!GetThreadPreferredUILanguages  00007ffde1a941c0 5 bytes JMP 00007ffee19a0298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\KERNEL32.DLL!GetSystemDefaultLocaleName    00007ffde1a94290 5 bytes JMP 00007ffee19c0298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\ADVAPI32.dll!RegOpenKeyExW                  00007ffde1741250 5 bytes JMP 00007ffee1730298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\ADVAPI32.dll!RegCloseKey                    00007ffde1741260 5 bytes JMP 00007ffee1700298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\ADVAPI32.dll!RegQueryValueExW              00007ffde1741270 5 bytes JMP 00007ffee1710298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\ADVAPI32.dll!RegGetValueW                  00007ffde1741920 5 bytes JMP 00007ffee1720298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\USER32.dll!SetFocus                        00007ffde1d01170 5 bytes JMP 00007ffde1ee0298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\USER32.dll!DialogBoxParamW                  00007ffde1d30ac0 5 bytes JMP 00007ffde1f00298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\USER32.dll!DialogBoxParamA                  00007ffde1d5fcf8 5 bytes JMP 00007ffde1ef0298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\OLEAUT32.dll!SysAllocString                00007ffde3441650 5 bytes JMP 00007ffde36c0298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\SHLWAPI.dll!SHRegGetValueW                  00007ffde1e82f90 5 bytes JMP 00007ffde1f30298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW            00007ffde1e85d00 5 bytes JMP 00007ffde1f20298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA            00007ffde1ea206c 5 bytes JMP 00007ffde1f10298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\WININET.dll!InternetSetCookieExW            00007ffdd8c4bf20 5 bytes JMP 00007ffed8bd0298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\urlmon.dll!ObtainUserAgentString            00007ffdd91a57f0 5 bytes JMP 00007ffdd9290298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                00007ffde0dbcbe0 5 bytes JMP 00007ffee0d30298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\winmm.dll!PlaySoundW                        00007ffdde1d1900 5 bytes JMP 00007ffede1c0298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\winmm.dll!waveOutOpen                      00007ffdde1d4de0 5 bytes JMP 00007ffdde200298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\winmm.dll!PlaySoundA                        00007ffdde1e0b64 5 bytes JMP 00007ffdde1f0298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\mlang.dll!LcidToRfc1766W                    00007ffdcf443850 5 bytes JMP 00007ffecf430298
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506          00007ffde10e169a 4 bytes [0E, E1, FD, 7F]
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514          00007ffde10e16a2 4 bytes [0E, E1, FD, 7F]
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118            00007ffde10e181a 4 bytes [0E, E1, FD, 7F]
.text  C:\Windows\system32\PresentationHost.exe[3060] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142            00007ffde10e1832 4 bytes [0E, E1, FD, 7F]
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\KERNEL32.DLL!GetUserDefaultLocaleName                    00007ffde19e2ca0 5 bytes JMP 00007ffee19b0298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\KERNEL32.DLL!CreateProcessW                              00007ffde19e767c 5 bytes JMP 00007ffee19d0298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\KERNEL32.DLL!GetThreadPreferredUILanguages              00007ffde1a941c0 5 bytes JMP 00007ffee19a0298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\KERNEL32.DLL!GetSystemDefaultLocaleName                  00007ffde1a94290 5 bytes JMP 00007ffee19c0298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\USER32.dll!SetFocus                                      00007ffde1d01170 5 bytes JMP 00007ffde1ee0298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\USER32.dll!DialogBoxParamW                              00007ffde1d30ac0 5 bytes JMP 00007ffde1f00298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\USER32.dll!DialogBoxParamA                              00007ffde1d5fcf8 5 bytes JMP 00007ffde1ef0298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\ADVAPI32.dll!RegOpenKeyExW                              00007ffde1741250 5 bytes JMP 00007ffee1730298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\ADVAPI32.dll!RegCloseKey                                00007ffde1741260 5 bytes JMP 00007ffee1700298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\ADVAPI32.dll!RegQueryValueExW                            00007ffde1741270 5 bytes JMP 00007ffee1710298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\ADVAPI32.dll!RegGetValueW                                00007ffde1741920 5 bytes JMP 00007ffee1720298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                            00007ffde0dbcbe0 5 bytes JMP 00007ffee0d30298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\SHLWAPI.dll!SHRegGetValueW                              00007ffde1e82f90 5 bytes JMP 00007ffde1f30298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesW                          00007ffde1e85d00 5 bytes JMP 00007ffde1f20298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\SHLWAPI.dll!GetAcceptLanguagesA                          00007ffde1ea206c 5 bytes JMP 00007ffde1f10298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\OLEAUT32.dll!SysAllocString                              00007ffde3441650 5 bytes JMP 00007ffde36c0298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\WININET.dll!InternetSetCookieExW                        00007ffdd8c4bf20 5 bytes JMP 00007ffed8bd0298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\urlmon.dll!ObtainUserAgentString                        00007ffdd91a57f0 5 bytes JMP 00007ffdd9290298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\winmm.dll!PlaySoundW                                    00007ffdde1d1900 5 bytes JMP 00007ffede1c0298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\winmm.dll!waveOutOpen                                    00007ffdde1d4de0 5 bytes JMP 00007ffdde200298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\winmm.dll!PlaySoundA                                    00007ffdde1e0b64 5 bytes JMP 00007ffdde1f0298
.text  C:\Windows\system32\cmd.exe[7228] C:\Windows\system32\mlang.dll!LcidToRfc1766W                                00007ffdcf443850 5 bytes JMP 00007ffecf430298

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [600:624]                                                                        fffff96000828b90
Thread  C:\Windows\system32\csrss.exe [600:680]                                                                        fffff96000828b90
Thread  C:\Windows\Explorer.EXE [2972:3036]                                                                            0000000001113790
Thread  C:\Windows\Explorer.EXE [2972:3040]                                                                            0000000001113790
Thread  C:\Windows\Explorer.EXE [2972:3044]                                                                            0000000001113790
Thread  C:\Windows\Explorer.EXE [2972:3048]                                                                            0000000001113790
Thread  C:\Windows\Explorer.EXE [2972:3116]                                                                            0000000001113790
Thread  C:\Windows\Explorer.EXE [2972:3168]                                                                            0000000001113790
Thread  C:\Windows\system32\msdtc.exe [7140:5272]                                                                      000000f51b8e59f0
Thread  C:\Windows\system32\msdtc.exe [7140:8504]                                                                      000000f51b8e59f0
Thread  C:\Windows\system32\msdtc.exe [7140:1160]                                                                      000000f51b8e59f0
Thread  C:\Windows\system32\msdtc.exe [7140:6704]                                                                      00007ffdc62b1ec0
Thread  C:\Windows\system32\msdtc.exe [7140:4756]                                                                      000000f51b70eea0
Thread  C:\Windows\system32\msdtc.exe [7140:6524]                                                                      000000f51b7127f0
Thread  C:\Windows\notepad.exe [7312:8316]                                                                            000000ac22b45bd0
Thread  C:\Windows\notepad.exe [7312:4080]                                                                            000000ac22b45bd0
Thread  C:\Windows\notepad.exe [7312:8960]                                                                            000000ac22b45bd0
Thread  C:\Windows\notepad.exe [7312:9016]                                                                            00007ffdc62b1ec0
Thread  C:\Windows\system32\msiexec.exe [8104:7588]                                                                    00000093dcadd500
Thread  C:\Windows\system32\msiexec.exe [8104:8804]                                                                    00000093dcadd500
Thread  C:\Windows\system32\msiexec.exe [8104:9024]                                                                    00000093dcadd500
Thread  C:\Windows\system32\msiexec.exe [8104:5016]                                                                    00000093dc88ece0
Thread  C:\Windows\system32\msiexec.exe [8104:9104]                                                                    00000093dc892630
Thread  C:\Windows\system32\PresentationHost.exe [3060:5292]                                                          000000cbc80252c0
Thread  C:\Windows\system32\PresentationHost.exe [3060:3616]                                                          000000cbc80252c0
Thread  C:\Windows\system32\PresentationHost.exe [3060:8404]                                                          000000cbc80252c0
Thread  C:\Windows\system32\PresentationHost.exe [3060:3780]                                                          000000cbc7f5ea20
Thread  C:\Windows\system32\PresentationHost.exe [3060:4836]                                                          000000cbc7f62370
Thread  C:\Windows\system32\cmd.exe [7228:5940]                                                                        000000617b8032e0
Thread  C:\Windows\system32\cmd.exe [7228:2548]                                                                        000000617b8032e0
Thread  C:\Windows\system32\cmd.exe [7228:3952]                                                                        000000617b8032e0
Thread  C:\Windows\system32\cmd.exe [7228:8424]                                                                        000000617b4df6a0
Thread  C:\Windows\system32\cmd.exe [7228:7856]                                                                        000000617b4e2ff0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                          unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 08.02.2015 15:54
hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Interenet Optimizer


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19