Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ads by BetterMarkIt (https://www.trojaner-board.de/161673-ads-by-bettermarkit.html)

Finlay 09.12.2014 19:06
Ads by BetterMarkIt
 
Hallo, habe ein Problem mit einer Art Browser Hijacker.
Egal welchen Browser ich benutze, ob Firefox, Chrome, Opera, IE, ich kriege überall Werbebanner, Werbepop-ups inkl. grüne Links, 3 Extrafenster und 2 Extra-Tabs alle "brought to you by BetterMarkIt oder rightcoupon.
Bin verzweifelt, nichts hilft.
Habe mit Revo-Uninstaller alle unwanted Software geröstet, alle Browser mehrfach resettet oder neu installiert, zwei Malewarebytes-Scans, einen mit AdwCleaner, alle gefundenen Dateien gelöscht, aber die Popups sind immer noch da.

Bin komplett ratlos, danke im vorraus für jede erdenkliche Hilfe.

schrauber 09.12.2014 19:08
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Finlay 09.12.2014 19:32
Liste der Anhänge anzeigen (Anzahl: 1)
Code:
() C:\Program Files\Razer\Diamondback 3G\razerhid.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Belkin\F7D4101\V1\PBN.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
(Razer Inc.) C:\Program Files\Razer\Diamondback 3G\razerofa.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Diamondback] => C:\Program Files\Razer\Diamondback 3G\razerhid.exe [147456 2007-08-01] ()
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2007-02-28] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [5479224 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3618648 2014-11-27] (Electronic Arts)
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {0a432b9c-5628-11e1-8beb-002215f64712} - H:\iStudio.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {45ff7cad-e803-11dd-afeb-8edf4b91f0b7} - G:\INSTALL.EXE
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {58376522-d1a8-11e2-85fc-002215f64712} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\index.html
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {678c0f35-9d3c-11de-946d-002215f64712} - Iexplores.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Produktregistrierung.lnk
ShortcutTarget: Logitech blank Produktregistrierung.lnk -> C:\Program Files\Logitech\G35\eReg.exe (No File)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
ShortcutTarget: Wireless Configuration Utility HW.51.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{F095B610-E74E-49DE-873D-4D5386CEDFC6}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\un5beyj8.default-1418146926088
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2849090330-1973166882-654260307-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-02-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2012-12-10] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2012-12-10] (Cisco Systems, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [28968 2007-08-08] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-30] ()
S3 atxboxfl; C:\Windows\System32\DRIVERS\atxboxfl.sys [25537 2003-12-15] (Compuware Corporation) [File not signed]
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2007-08-20] (EnTech Taiwan)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47616 2008-06-30] (Atheros Communications, Inc.)
S3 LADF_CaptureOnly; C:\Windows\System32\DRIVERS\ladfGSCi386.sys [378568 2011-04-11] (Logitech)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53976 2010-09-29] (Logitech)
S3 LADF_RenderOnly; C:\Windows\System32\DRIVERS\ladfGSRi386.sys [317384 2011-04-11] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [335064 2010-09-29] (Logitech)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-30] ()
S3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [253952 2006-11-02] (Marvell Semiconductor, Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 P17; C:\Windows\System32\drivers\P17.sys [1168896 2009-10-16] (Creative Technology Ltd.)
S3 Razerlow; C:\Windows\System32\Drivers\DB3G.sys [13225 2005-04-24] (Razer (Asia-Pacific) Pte Ltd)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [1170464 2010-03-23] (Realtek Semiconductor Corporation                          )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-01-21] () [File not signed]
S3 W8335XP; C:\Windows\System32\DRIVERS\Mrv8000c.sys [265984 2005-03-25] (Marvell Semiconductor, Inc) [File not signed]
R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [56992 2014-12-05] (Corsica)
U3 aylbu64a; C:\Windows\system32\Drivers\aylbu64a.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 phionvpn; system32\DRIVERS\phionvpn.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 19:23 - 2014-12-09 19:24 - 00014710 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-12-09 19:23 - 2014-12-09 19:23 - 01111040 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-12-09 19:23 - 2014-12-09 19:23 - 00000000 ____D () C:\FRST
2014-12-09 18:28 - 2014-12-09 18:28 - 00000000 ____D () C:\Users\Admin\Documents\Tunngle
2014-12-09 17:36 - 2014-12-09 17:36 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 17:35 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 13:17 - 2014-12-09 13:17 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2014-12-09 01:09 - 2014-12-09 13:16 - 00000000 ____D () C:\Program Files\Opera
2014-12-09 00:52 - 2014-12-09 00:53 - 32532216 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_26.0.1656.32_Setup.exe
2014-12-08 19:42 - 2014-12-08 19:42 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable(1).exe
2014-12-08 19:37 - 2014-12-08 19:37 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable.exe
2014-12-08 17:44 - 2014-12-08 17:44 - 01174352 _____ () C:\Users\Admin\Downloads\HijackThis - CHIP-Installer.exe
2014-12-08 17:44 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-12-08 17:44 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-12-06 02:50 - 2014-12-06 03:18 - 00000000 ____D () C:\AdwCleaner
2014-12-06 02:50 - 2014-12-06 03:17 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-06 02:50 - 2014-12-06 02:50 - 02153472 _____ () C:\Users\Admin\Downloads\adwcleaner_4.104.exe
2014-12-06 02:35 - 2014-12-09 18:29 - 00038988 _____ () C:\Windows\PFRO.log
2014-12-05 22:17 - 2014-12-09 12:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 22:16 - 2014-12-08 19:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-05 22:16 - 2014-12-05 22:16 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-05 22:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 22:14 - 2014-12-05 22:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-05 22:07 - 2014-12-05 22:07 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Admin\Downloads\SpyHunter-Installer(1).exe
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\Program Files\STab
2014-12-05 21:04 - 2014-12-09 18:33 - 00001338 _____ () C:\Windows\Tasks\MYCBDE.job
2014-12-05 21:04 - 2014-12-05 21:04 - 00056992 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys
2014-12-05 21:04 - 2014-12-05 21:04 - 00002393 _____ () C:\Windows\patsearch.bin
2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-05 21:03 - 2014-12-09 18:33 - 00001684 _____ () C:\Windows\Tasks\YUHCVSH.job
2014-12-05 20:59 - 2014-12-05 20:59 - 00508568 _____ () C:\Users\Admin\Downloads\NeoliveApp_setup_2_ff.exe
2014-12-03 00:01 - 2014-12-03 00:01 - 00000552 _____ () C:\Users\Admin\AppData\Local\d3d8caps.dat
2014-12-02 23:46 - 2014-12-02 23:47 - 28281816 _____ () C:\Users\Admin\Downloads\Turok 2 - Seeds of Evil (D).zip
2014-12-02 23:12 - 2014-12-02 23:12 - 11848358 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire (Europe).zip
2014-11-25 23:28 - 2014-11-25 23:28 - 11781055 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire.zip
2014-11-20 02:34 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 00:21 - 2014-11-20 00:21 - 00244120 _____ () C:\Users\Admin\Downloads\Firefox Setup Stub 33.1.1.exe
2014-11-20 00:06 - 2014-11-20 00:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-20 00:04 - 2014-11-20 00:04 - 00638888 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jxpiinstall.exe
2014-11-13 02:17 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 02:17 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 02:17 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 02:17 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 02:17 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 02:17 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 02:16 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 02:16 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 02:16 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 02:15 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 02:15 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 02:15 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 02:15 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 02:15 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 02:11 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 08:24 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 08:24 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 08:24 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 08:24 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 08:24 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 08:24 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 08:24 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 08:24 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 08:24 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 08:24 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 08:24 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 08:24 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 08:24 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 08:24 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 08:24 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 08:24 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 08:24 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 08:24 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 08:24 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 08:24 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 08:24 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 19:22 - 2012-06-13 15:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 19:22 - 2012-06-13 15:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 19:22 - 2011-06-08 19:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 18:51 - 2009-01-04 18:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-09 18:41 - 2012-12-19 23:50 - 00000000 ____D () C:\Program Files\Steam
2014-12-09 18:37 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-09 18:36 - 2011-09-29 17:30 - 00000000 ____D () C:\ProgramData\Origin
2014-12-09 18:34 - 2013-10-25 12:40 - 00000000 ____D () C:\Program Files\Origin
2014-12-09 18:34 - 2009-01-04 18:02 - 00058872 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 18:34 - 2008-01-21 02:35 - 01713986 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 18:30 - 2009-04-07 22:12 - 00000431 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-09 18:30 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 18:30 - 2006-11-02 13:47 - 00256712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 18:30 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 18:30 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 18:28 - 2010-11-03 19:10 - 00000000 _____ () C:\Windows\system32\Access.dat
2014-12-09 18:28 - 2006-11-02 14:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-09 18:25 - 2013-02-18 16:50 - 00000000 ____D () C:\Program Files\OriginLab
2014-12-09 18:22 - 2009-02-18 22:15 - 00000000 ____D () C:\Users\Public\Documents\STALKER-SHOC
2014-12-09 18:09 - 2009-01-28 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Local\Fallout3
2014-12-09 18:07 - 2009-01-24 19:57 - 00000000 ____D () C:\Users\Admin\Documents\My Games
2014-12-09 18:01 - 2010-03-24 21:12 - 00000000 ____D () C:\ProgramData\Solidshield
2014-12-09 12:47 - 2009-01-04 18:02 - 00000949 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-06 02:34 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2014-12-06 02:33 - 2012-02-05 16:47 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-05 22:08 - 2009-01-04 18:01 - 00000000 ____D () C:\Users\Admin
2014-12-05 21:43 - 2013-07-27 02:29 - 00000350 _____ () C:\Users\Admin\Desktop\Neues Textdokument5.txt
2014-12-05 21:43 - 2011-07-13 22:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Media Player Classic
2014-12-05 21:43 - 2011-06-07 20:20 - 00000000 ____D () C:\Windows\Minidump
2014-12-05 21:17 - 2009-01-04 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-12-05 21:07 - 2010-05-31 18:58 - 00000000 ____D () C:\Program Files\Google
2014-11-24 16:56 - 2012-07-27 18:18 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-11-20 00:07 - 2013-11-03 12:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-20 00:06 - 2014-08-23 08:59 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-20 00:06 - 2013-11-03 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-20 00:05 - 2010-02-25 11:14 - 00000000 ____D () C:\Program Files\Java
2014-11-13 09:25 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-11-13 09:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-13 09:06 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-13 02:14 - 2013-07-19 00:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 02:12 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\3A8170E2-4357-C43E-FEE8-0F3D86029E60.dll
C:\Users\Admin\AppData\Local\Temp\3A8170E2-4357-C43E-FEE8-0F3D86029E60.exe
C:\Users\Admin\AppData\Local\Temp\ED6ABE4E-D7DE-3E73-5815-228C3F11B8CF.exe
C:\Users\Admin\AppData\Local\Temp\optprosetup.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-09 18:39

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-12-2014
Ran by Admin at 2014-12-09 19:24:22
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.64 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (Version: 1.00.0000 - Ubisoft) Hidden
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.34 - Atheros Communications Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Creative Audio-Systemsteuerung (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Der Kleine Turnierplaner 6.7.3.1a (HKLM\...\Der_Deploy_0) (Version: 6.7.3.1a - Der Kleine Turnierplaner)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. )
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Eigenschaften von Creative Sound Blaster (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
Far Cry® 3 (HKLM\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
IEEE 802.11g Wireless Cardbus/PCI Adapter (HKLM\...\InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}) (Version: 1.00.0000 - OEM)
IEEE 802.11g Wireless Cardbus/PCI Adapter (Version: 1.00.0000 - OEM) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016F0}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF Image Extraction Wizard 1.2 (HKLM\...\PDF Image Extraction Wizard 1.2_is1) (Version:  - RL Vision)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Play Wireless USB Adapter (HKLM\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin)
Play Wireless USB Adapter (Version: 1.0.0.03 - Belkin) Hidden
Razer Diamondback 3G (HKLM\...\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}) (Version: 5.01 - Razer USA Ltd.)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Rockstar Games Social Club (HKLM\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Sound Blaster Audigy (HKLM\...\{C5828861-B97B-4037-995C-C65E9CC13A3B}) (Version: 1.0 - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
USB GAME PAD (HKLM\...\USB GAME PAD) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Warcraft III (HKLM\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Warcraft III) (Version:  - )
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path

==================== Restore Points  =========================

05-12-2014 20:58:46 Revo Uninstaller's restore point - Xvid 1.2.2 final uninstall
06-12-2014 01:46:45 Revo Uninstaller's restore point - Windows Media Player Firefox Plugin
08-12-2014 19:15:13 Geplanter Prüfpunkt
09-12-2014 11:44:53 Revo Uninstaller's restore point - Cliqz
09-12-2014 11:47:03 Revo Uninstaller's restore point - Opera Stable 26.0.1656.32
09-12-2014 13:43:26 Windows Update
09-12-2014 16:26:44 Revo Uninstaller's restore point - Mozilla Firefox 34.0.5 (x86 de)
09-12-2014 16:31:08 Revo Uninstaller's restore point - Explorer Suite III
09-12-2014 16:31:58 Revo Uninstaller's restore point - Windows Media Player Firefox Plugin
09-12-2014 16:55:00 Revo Uninstaller's restore point - SopCast 3.4.0
09-12-2014 16:56:09 Revo Uninstaller's restore point - Crysis(R)
09-12-2014 17:01:01 Revo Uninstaller's restore point - Crysis® 2
09-12-2014 17:01:11 Removed Crysis® 2
09-12-2014 17:07:05 Revo Uninstaller's restore point - Fallout 3
09-12-2014 17:07:45 Removed Fallout 3
09-12-2014 17:10:01 Revo Uninstaller's restore point - Fallout New Vegas
09-12-2014 17:11:22 Revo Uninstaller's restore point - Far Cry 2
09-12-2014 17:12:23 Revo Uninstaller's restore point - Magic Set Editor 2 - 0.3.8 beta
09-12-2014 17:13:57 Entfernt Far Cry 2
09-12-2014 17:15:46 Revo Uninstaller's restore point - SPORE™
09-12-2014 17:16:13 Entfernt SPORE™
09-12-2014 17:20:31 Revo Uninstaller's restore point - Premiumplay Codec-C
09-12-2014 17:22:30 Revo Uninstaller's restore point - S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
09-12-2014 17:23:58 Revo Uninstaller's restore point - Origin90
09-12-2014 17:27:52 Revo Uninstaller's restore point - Tunngle beta
09-12-2014 17:48:24 Revo Uninstaller's restore point - Portal 2
09-12-2014 17:49:43 Revo Uninstaller's restore point - Combined Community Codec Pack 2011-06-26
09-12-2014 17:50:49 Revo Uninstaller's restore point - Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2012-12-20 12:10 - 00000801 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
132.187.1.5        vpngw.uni-wuerzburg.de


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0332D3C1-DF6D-4EE1-8F8A-5840D23D6FCB} - \43520108 No Task File <==== ATTENTION
Task: {04402289-C22F-4263-A862-CBEE61C2F67E} - \715a1e10 No Task File <==== ATTENTION
Task: {142E59D2-982D-42ED-A12A-5C44F0F1FA98} - System32\Tasks\MYCBDE => C:\Users\Admin\AppData\Roaming\MYCBDE.exe <==== ATTENTION
Task: {15AC5EC8-0EEF-4B28-B813-54C5DDBBB3AE} - \6c423567-a24d-446b-bae8-e6206777b66a-11 No Task File <==== ATTENTION
Task: {2500A1BB-3C3D-4DD8-B556-CE12E6CF2FC1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Admin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {27B70163-956E-4C28-8AA6-730071D340AD} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-2 No Task File <==== ATTENTION
Task: {40B87F90-3538-4A71-BC14-59376A7A90A6} - \89c71c68 No Task File <==== ATTENTION
Task: {47D6B61B-0545-46A6-A101-DC276C20F791} - System32\Tasks\YUHCVSH => C:\Users\Admin\AppData\Roaming\YUHCVSH.exe <==== ATTENTION
Task: {495F4BCF-B653-4185-B295-84D30E258939} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-11 No Task File <==== ATTENTION
Task: {51F4C2FB-6377-48BF-9E58-1A1B1E9F43B3} - \6c423567-a24d-446b-bae8-e6206777b66a-4 No Task File <==== ATTENTION
Task: {548A203E-4591-4BC4-9409-B7CE95683ADD} - \35a3f634 No Task File <==== ATTENTION
Task: {6DD52B62-EAD0-4D72-A080-08A53787DCF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {7EDDABF4-CFA1-43DB-8965-BA858AF67208} - \d46c188 No Task File <==== ATTENTION
Task: {803D09BF-5D5F-44FF-AE82-E813380836E8} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-4 No Task File <==== ATTENTION
Task: {8DD095ED-D883-4F54-8CD8-D4B9B0F8DAAE} - \6c423567-a24d-446b-bae8-e6206777b66a-2 No Task File <==== ATTENTION
Task: {8E69FF61-9EE2-4BF4-AD27-6C905EACFD91} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {92466507-5F8D-4638-BA90-1CBE750DE35E} - \6c423567-a24d-446b-bae8-e6206777b66a-1 No Task File <==== ATTENTION
Task: {945E8773-666E-4BB1-B663-544350D73767} - System32\Tasks\Run_Bobby_Browser => C:\Users\Admin\AppData\Local\BoBrowser\Application\bobrowser.exe
Task: {A2244095-07AF-4CFD-B1BB-4AF91B1F4E80} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-5_user No Task File <==== ATTENTION
Task: {B8F6DDDF-E04E-4331-ACCE-4CDB5687CA6C} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-3 No Task File <==== ATTENTION
Task: {BF680C3E-C575-431C-BEB3-C2A04572A885} - \cf1fda54 No Task File <==== ATTENTION
Task: {CB3CD0A8-9018-4216-BFFA-7CB6E0FFEF38} - \a236e608 No Task File <==== ATTENTION
Task: {CC22D0A7-76A5-4418-9536-B01BA1395F2E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {E1CEE527-15C7-4CB0-A60B-166BAFE519BE} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-5 No Task File <==== ATTENTION
Task: {E2F22492-6D15-4343-9284-50680C3AD4C5} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-1 No Task File <==== ATTENTION
Task: {EB163A95-3306-4CDF-8BA8-B8392B95324B} - \6c423567-a24d-446b-bae8-e6206777b66a-5_user No Task File <==== ATTENTION
Task: {EC1640A5-19DE-4C81-9A80-C15A9EE0B712} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {FC024F21-C619-432B-9621-573957290A60} - \6c423567-a24d-446b-bae8-e6206777b66a-5 No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\MYCBDE.job => C:\Users\Admin\AppData\Roaming\MYCBDE.exe <==== ATTENTION
Task: C:\Windows\Tasks\YUHCVSH.job => C:\Users\Admin\AppData\Roaming\YUHCVSH.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2009-12-28 17:25 - 2009-12-28 17:25 - 00036864 ____N () C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
2010-04-13 01:13 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2012-09-28 02:10 - 2012-09-28 02:10 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2009-01-15 20:37 - 2007-08-01 14:07 - 00147456 _____ () C:\Program Files\Razer\Diamondback 3G\razerhid.exe
2009-05-29 17:34 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2009-05-29 17:34 - 2009-07-10 09:07 - 00166912 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2009-11-25 18:45 - 2009-11-25 18:45 - 00110592 ____N () C:\Program Files\Belkin\F7D4101\V1\PBN.exe
2009-09-15 19:17 - 2009-09-15 19:17 - 00200704 ____N () C:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
2005-04-12 10:03 - 2005-04-12 10:03 - 00458752 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
2005-04-12 10:44 - 2005-04-12 10:44 - 00049152 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanDll.dll
2014-12-09 17:36 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-26 19:22 - 2014-11-26 19:22 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: FilterHost => C:\Users\Admin\AppData\Roaming\mmserver\FilterHost.exe
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry

========================= Accounts: ==========================

Admin (S-1-5-21-2849090330-1973166882-654260307-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2849090330-1973166882-654260307-500 - Administrator - Disabled)
Gast (S-1-5-21-2849090330-1973166882-654260307-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2014 06:50:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {233eefd9-605f-434d-b2f0-c015bdd621a1}

Error: (12/09/2014 06:49:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {233eefd9-605f-434d-b2f0-c015bdd621a1}

Error: (12/09/2014 06:48:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {233eefd9-605f-434d-b2f0-c015bdd621a1}

Error: (12/09/2014 06:31:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 06:27:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:23:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:22:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:20:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 34.0.5.5443, Zeitstempel 0x5475dd5d, fehlerhaftes Modul mozalloc.dll, Version 34.0.5.5443, Zeitstempel 0x5475d664, Ausnahmecode 0x80000003, Fehleroffset 0x00001425,
Prozess-ID 0x5b4, Anwendungsstartzeit plugin-container.exe0.

Error: (12/09/2014 06:20:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:16:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}


System errors:
=============
Error: (12/09/2014 06:31:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/09/2014 00:01:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/08/2014 07:36:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Gemeinsame Nutzung der Internetverbindung%%2150760466

Error: (12/08/2014 07:35:37 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error: (12/08/2014 05:55:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/08/2014 05:31:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/06/2014 03:21:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/06/2014 03:21:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (12/06/2014 02:57:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/06/2014 02:54:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Installer11200001Neustart des Diensts


Microsoft Office Sessions:
=========================
Error: (12/09/2014 06:50:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {233eefd9-605f-434d-b2f0-c015bdd621a1}

Error: (12/09/2014 06:49:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {233eefd9-605f-434d-b2f0-c015bdd621a1}

Error: (12/09/2014 06:48:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {233eefd9-605f-434d-b2f0-c015bdd621a1}

Error: (12/09/2014 06:31:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 06:27:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:23:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:22:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:20:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d66480000003000014255b401d013d452e77f75

Error: (12/09/2014 06:20:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}

Error: (12/09/2014 06:16:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {e5bd05a6-8816-46cd-9ce7-ea62f830cb06}


CodeIntegrity Errors:
===================================
  Date: 2014-12-09 19:24:19.836
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 19:24:19.658
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 19:24:19.478
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 19:24:19.301
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 19:24:19.031
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 19:24:18.853
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 19:24:18.670
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 19:24:18.482
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 12:49:42.347
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-09 12:49:42.165
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 56%
Total physical RAM: 3326.12 MB
Available physical RAM: 1449.25 MB
Total Pagefile: 6877.21 MB
Available Pagefile: 4973.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:54.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Lokaler Datenträger) (Fixed) (Total:315.76 GB) (Free:280.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1214D70B)
Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=315.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 10.12.2014 15:11
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Task: {0332D3C1-DF6D-4EE1-8F8A-5840D23D6FCB} - \43520108 No Task File <==== ATTENTION
Task: {04402289-C22F-4263-A862-CBEE61C2F67E} - \715a1e10 No Task File <==== ATTENTION
Task: {142E59D2-982D-42ED-A12A-5C44F0F1FA98} - System32\Tasks\MYCBDE => C:\Users\Admin\AppData\Roaming\MYCBDE.exe <==== ATTENTION
Task: {15AC5EC8-0EEF-4B28-B813-54C5DDBBB3AE} - \6c423567-a24d-446b-bae8-e6206777b66a-11 No Task File <==== ATTENTION
Task: {27B70163-956E-4C28-8AA6-730071D340AD} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-2 No Task File <==== ATTENTION
Task: {40B87F90-3538-4A71-BC14-59376A7A90A6} - \89c71c68 No Task File <==== ATTENTION
Task: {47D6B61B-0545-46A6-A101-DC276C20F791} - System32\Tasks\YUHCVSH => C:\Users\Admin\AppData\Roaming\YUHCVSH.exe <==== ATTENTION
Task: {495F4BCF-B653-4185-B295-84D30E258939} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-11 No Task File <==== ATTENTION
Task: {51F4C2FB-6377-48BF-9E58-1A1B1E9F43B3} - \6c423567-a24d-446b-bae8-e6206777b66a-4 No Task File <==== ATTENTION
Task: {548A203E-4591-4BC4-9409-B7CE95683ADD} - \35a3f634 No Task File <==== ATTENTION
Task: {7EDDABF4-CFA1-43DB-8965-BA858AF67208} - \d46c188 No Task File <==== ATTENTION
Task: {803D09BF-5D5F-44FF-AE82-E813380836E8} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-4 No Task File <==== ATTENTION
Task: {8DD095ED-D883-4F54-8CD8-D4B9B0F8DAAE} - \6c423567-a24d-446b-bae8-e6206777b66a-2 No Task File <==== ATTENTION
Task: {8E69FF61-9EE2-4BF4-AD27-6C905EACFD91} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {92466507-5F8D-4638-BA90-1CBE750DE35E} - \6c423567-a24d-446b-bae8-e6206777b66a-1 No Task File <==== ATTENTION
Task: {A2244095-07AF-4CFD-B1BB-4AF91B1F4E80} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-5_user No Task File <==== ATTENTION
Task: {B8F6DDDF-E04E-4331-ACCE-4CDB5687CA6C} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-3 No Task File <==== ATTENTION
Task: {BF680C3E-C575-431C-BEB3-C2A04572A885} - \cf1fda54 No Task File <==== ATTENTION
Task: {CB3CD0A8-9018-4216-BFFA-7CB6E0FFEF38} - \a236e608 No Task File <==== ATTENTION
Task: {CC22D0A7-76A5-4418-9536-B01BA1395F2E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {E1CEE527-15C7-4CB0-A60B-166BAFE519BE} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-5 No Task File <==== ATTENTION
Task: {E2F22492-6D15-4343-9284-50680C3AD4C5} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-1 No Task File <==== ATTENTION
Task: {EB163A95-3306-4CDF-8BA8-B8392B95324B} - \6c423567-a24d-446b-bae8-e6206777b66a-5_user No Task File <==== ATTENTION
Task: {FC024F21-C619-432B-9621-573957290A60} - \6c423567-a24d-446b-bae8-e6206777b66a-5 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\MYCBDE.job => C:\Users\Admin\AppData\Roaming\MYCBDE.exe <==== ATTENTION
Task: C:\Windows\Tasks\YUHCVSH.job => C:\Users\Admin\AppData\Roaming\YUHCVSH.exe <==== ATTENTION
C:\Users\Admin\AppData\Roaming\MYCBDE.exe
C:\Users\Admin\AppData\Roaming\YUHCVSH.exe
Tcpip\..\Interfaces\{F095B610-E74E-49DE-873D-4D5386CEDFC6}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 phionvpn; system32\DRIVERS\phionvpn.sys [X]
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Finlay 11.12.2014 12:22
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-12-2014
Ran by Admin at 2014-12-10 18:56:16 Run:1
Running from c:\Users\Admin\Downloads
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {0332D3C1-DF6D-4EE1-8F8A-5840D23D6FCB} - \43520108 No Task File <==== ATTENTION
Task: {04402289-C22F-4263-A862-CBEE61C2F67E} - \715a1e10 No Task File <==== ATTENTION
Task: {142E59D2-982D-42ED-A12A-5C44F0F1FA98} - System32\Tasks\MYCBDE => C:\Users\Admin\AppData\Roaming\MYCBDE.exe <==== ATTENTION
Task: {15AC5EC8-0EEF-4B28-B813-54C5DDBBB3AE} - \6c423567-a24d-446b-bae8-e6206777b66a-11 No Task File <==== ATTENTION
Task: {27B70163-956E-4C28-8AA6-730071D340AD} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-2 No Task File <==== ATTENTION
Task: {40B87F90-3538-4A71-BC14-59376A7A90A6} - \89c71c68 No Task File <==== ATTENTION
Task: {47D6B61B-0545-46A6-A101-DC276C20F791} - System32\Tasks\YUHCVSH => C:\Users\Admin\AppData\Roaming\YUHCVSH.exe <==== ATTENTION
Task: {495F4BCF-B653-4185-B295-84D30E258939} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-11 No Task File <==== ATTENTION
Task: {51F4C2FB-6377-48BF-9E58-1A1B1E9F43B3} - \6c423567-a24d-446b-bae8-e6206777b66a-4 No Task File <==== ATTENTION
Task: {548A203E-4591-4BC4-9409-B7CE95683ADD} - \35a3f634 No Task File <==== ATTENTION
Task: {7EDDABF4-CFA1-43DB-8965-BA858AF67208} - \d46c188 No Task File <==== ATTENTION
Task: {803D09BF-5D5F-44FF-AE82-E813380836E8} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-4 No Task File <==== ATTENTION
Task: {8DD095ED-D883-4F54-8CD8-D4B9B0F8DAAE} - \6c423567-a24d-446b-bae8-e6206777b66a-2 No Task File <==== ATTENTION
Task: {8E69FF61-9EE2-4BF4-AD27-6C905EACFD91} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {92466507-5F8D-4638-BA90-1CBE750DE35E} - \6c423567-a24d-446b-bae8-e6206777b66a-1 No Task File <==== ATTENTION
Task: {A2244095-07AF-4CFD-B1BB-4AF91B1F4E80} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-5_user No Task File <==== ATTENTION
Task: {B8F6DDDF-E04E-4331-ACCE-4CDB5687CA6C} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-3 No Task File <==== ATTENTION
Task: {BF680C3E-C575-431C-BEB3-C2A04572A885} - \cf1fda54 No Task File <==== ATTENTION
Task: {CB3CD0A8-9018-4216-BFFA-7CB6E0FFEF38} - \a236e608 No Task File <==== ATTENTION
Task: {CC22D0A7-76A5-4418-9536-B01BA1395F2E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {E1CEE527-15C7-4CB0-A60B-166BAFE519BE} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-5 No Task File <==== ATTENTION
Task: {E2F22492-6D15-4343-9284-50680C3AD4C5} - \e41dc5ec-a011-405b-b39b-a07d7fabbd09-1 No Task File <==== ATTENTION
Task: {EB163A95-3306-4CDF-8BA8-B8392B95324B} - \6c423567-a24d-446b-bae8-e6206777b66a-5_user No Task File <==== ATTENTION
Task: {FC024F21-C619-432B-9621-573957290A60} - \6c423567-a24d-446b-bae8-e6206777b66a-5 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\MYCBDE.job => C:\Users\Admin\AppData\Roaming\MYCBDE.exe <==== ATTENTION
Task: C:\Windows\Tasks\YUHCVSH.job => C:\Users\Admin\AppData\Roaming\YUHCVSH.exe <==== ATTENTION
C:\Users\Admin\AppData\Roaming\MYCBDE.exe
C:\Users\Admin\AppData\Roaming\YUHCVSH.exe
Tcpip\..\Interfaces\{F095B610-E74E-49DE-873D-4D5386CEDFC6}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 phionvpn; system32\DRIVERS\phionvpn.sys [X]
Emptytemp:
       
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0332D3C1-DF6D-4EE1-8F8A-5840D23D6FCB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0332D3C1-DF6D-4EE1-8F8A-5840D23D6FCB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\43520108" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04402289-C22F-4263-A862-CBEE61C2F67E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04402289-C22F-4263-A862-CBEE61C2F67E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\715a1e10" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{142E59D2-982D-42ED-A12A-5C44F0F1FA98}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{142E59D2-982D-42ED-A12A-5C44F0F1FA98}" => Key deleted successfully.
C:\Windows\System32\Tasks\MYCBDE => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MYCBDE" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{15AC5EC8-0EEF-4B28-B813-54C5DDBBB3AE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15AC5EC8-0EEF-4B28-B813-54C5DDBBB3AE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6c423567-a24d-446b-bae8-e6206777b66a-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27B70163-956E-4C28-8AA6-730071D340AD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27B70163-956E-4C28-8AA6-730071D340AD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e41dc5ec-a011-405b-b39b-a07d7fabbd09-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40B87F90-3538-4A71-BC14-59376A7A90A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40B87F90-3538-4A71-BC14-59376A7A90A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\89c71c68" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{47D6B61B-0545-46A6-A101-DC276C20F791}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47D6B61B-0545-46A6-A101-DC276C20F791}" => Key deleted successfully.
C:\Windows\System32\Tasks\YUHCVSH => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YUHCVSH" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{495F4BCF-B653-4185-B295-84D30E258939}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{495F4BCF-B653-4185-B295-84D30E258939}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e41dc5ec-a011-405b-b39b-a07d7fabbd09-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{51F4C2FB-6377-48BF-9E58-1A1B1E9F43B3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51F4C2FB-6377-48BF-9E58-1A1B1E9F43B3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6c423567-a24d-446b-bae8-e6206777b66a-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{548A203E-4591-4BC4-9409-B7CE95683ADD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{548A203E-4591-4BC4-9409-B7CE95683ADD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\35a3f634" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EDDABF4-CFA1-43DB-8965-BA858AF67208}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EDDABF4-CFA1-43DB-8965-BA858AF67208}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d46c188" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{803D09BF-5D5F-44FF-AE82-E813380836E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{803D09BF-5D5F-44FF-AE82-E813380836E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e41dc5ec-a011-405b-b39b-a07d7fabbd09-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DD095ED-D883-4F54-8CD8-D4B9B0F8DAAE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DD095ED-D883-4F54-8CD8-D4B9B0F8DAAE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6c423567-a24d-446b-bae8-e6206777b66a-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E69FF61-9EE2-4BF4-AD27-6C905EACFD91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E69FF61-9EE2-4BF4-AD27-6C905EACFD91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92466507-5F8D-4638-BA90-1CBE750DE35E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92466507-5F8D-4638-BA90-1CBE750DE35E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6c423567-a24d-446b-bae8-e6206777b66a-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A2244095-07AF-4CFD-B1BB-4AF91B1F4E80}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2244095-07AF-4CFD-B1BB-4AF91B1F4E80}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e41dc5ec-a011-405b-b39b-a07d7fabbd09-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8F6DDDF-E04E-4331-ACCE-4CDB5687CA6C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8F6DDDF-E04E-4331-ACCE-4CDB5687CA6C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e41dc5ec-a011-405b-b39b-a07d7fabbd09-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF680C3E-C575-431C-BEB3-C2A04572A885}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF680C3E-C575-431C-BEB3-C2A04572A885}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cf1fda54" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB3CD0A8-9018-4216-BFFA-7CB6E0FFEF38}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB3CD0A8-9018-4216-BFFA-7CB6E0FFEF38}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a236e608" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC22D0A7-76A5-4418-9536-B01BA1395F2E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC22D0A7-76A5-4418-9536-B01BA1395F2E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1CEE527-15C7-4CB0-A60B-166BAFE519BE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1CEE527-15C7-4CB0-A60B-166BAFE519BE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e41dc5ec-a011-405b-b39b-a07d7fabbd09-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2F22492-6D15-4343-9284-50680C3AD4C5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2F22492-6D15-4343-9284-50680C3AD4C5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e41dc5ec-a011-405b-b39b-a07d7fabbd09-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB163A95-3306-4CDF-8BA8-B8392B95324B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB163A95-3306-4CDF-8BA8-B8392B95324B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6c423567-a24d-446b-bae8-e6206777b66a-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC024F21-C619-432B-9621-573957290A60}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC024F21-C619-432B-9621-573957290A60}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6c423567-a24d-446b-bae8-e6206777b66a-5" => Key deleted successfully.
C:\Windows\Tasks\MYCBDE.job => Moved successfully.
C:\Windows\Tasks\YUHCVSH.job => Moved successfully.
"C:\Users\Admin\AppData\Roaming\MYCBDE.exe" => File/Directory not found.
"C:\Users\Admin\AppData\Roaming\YUHCVSH.exe" => File/Directory not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F095B610-E74E-49DE-873D-4D5386CEDFC6}\\NameServer => value deleted successfully.
nvlddmkm => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
phionvpn => Service deleted successfully.
EmptyTemp: => Removed 581.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Ads tauchen noch auf leider.

Ach, eventuell ist es hilfreich euch zu sagen, dass gewisse Seiten von den Ads verschont bleiben, u.a google, wikipedia, youtube und facebook.
Vielleicht hilft euch das ja zu erkennen, womit ich es zu tun habe.

schrauber 12.12.2014 09:39
Öffne bitte FRST, setz nen Haken bei Addition und scanne, poste beide Logfiles. In welchen Browsern kommen die Ads?

Finlay 16.12.2014 15:31
In allen eigentlich, IE, Firefox, Opera. Chrome noch nicht ausprobiert, aber ich vermute es mal. Was mir auch noch auffällt, ist dass jedes Testeingabefeld im Browser mit starker Verzögerung auf jeglichen Input reagiert.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2014
Ran by Admin (administrator) on ADMIN-PC on 16-12-2014 15:20:45
Running from c:\Users\Admin\Downloads
Loaded Profile: Admin (Available profiles: Admin)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files\Razer\Diamondback 3G\razerhid.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Razer Inc.) C:\Program Files\Razer\Diamondback 3G\razerofa.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Belkin\F7D4101\V1\PBN.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Diamondback] => C:\Program Files\Razer\Diamondback 3G\razerhid.exe [147456 2007-08-01] ()
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2007-02-28] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [5479224 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3618648 2014-11-27] (Electronic Arts)
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {0a432b9c-5628-11e1-8beb-002215f64712} - H:\iStudio.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {45ff7cad-e803-11dd-afeb-8edf4b91f0b7} - G:\INSTALL.EXE
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {58376522-d1a8-11e2-85fc-002215f64712} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\index.html
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {678c0f35-9d3c-11de-946d-002215f64712} - Iexplores.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Produktregistrierung.lnk
ShortcutTarget: Logitech blank Produktregistrierung.lnk -> C:\Program Files\Logitech\G35\eReg.exe (No File)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
ShortcutTarget: Wireless Configuration Utility HW.51.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ulsh45d3.default-1418245811959
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2849090330-1973166882-654260307-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-02-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2012-12-10] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2012-12-10] (Cisco Systems, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [28968 2007-08-08] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-30] ()
S3 atxboxfl; C:\Windows\System32\DRIVERS\atxboxfl.sys [25537 2003-12-15] (Compuware Corporation) [File not signed]
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2007-08-20] (EnTech Taiwan)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47616 2008-06-30] (Atheros Communications, Inc.)
S3 LADF_CaptureOnly; C:\Windows\System32\DRIVERS\ladfGSCi386.sys [378568 2011-04-11] (Logitech)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53976 2010-09-29] (Logitech)
S3 LADF_RenderOnly; C:\Windows\System32\DRIVERS\ladfGSRi386.sys [317384 2011-04-11] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [335064 2010-09-29] (Logitech)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-30] ()
S3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [253952 2006-11-02] (Marvell Semiconductor, Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 P17; C:\Windows\System32\drivers\P17.sys [1168896 2009-10-16] (Creative Technology Ltd.)
S3 Razerlow; C:\Windows\System32\Drivers\DB3G.sys [13225 2005-04-24] (Razer (Asia-Pacific) Pte Ltd)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [1170464 2010-03-23] (Realtek Semiconductor Corporation                          )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-01-21] () [File not signed]
S3 W8335XP; C:\Windows\System32\DRIVERS\Mrv8000c.sys [265984 2005-03-25] (Marvell Semiconductor, Inc) [File not signed]
R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [56992 2014-12-05] (Corsica)
U3 au0t2mg7; C:\Windows\system32\Drivers\au0t2mg7.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 15:07 - 2014-12-16 15:07 - 340246887 _____ () C:\Windows\MEMORY.DMP
2014-12-16 15:07 - 2014-12-16 15:07 - 00144432 _____ () C:\Windows\Minidump\Mini121614-01.dmp
2014-12-10 09:57 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:57 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:54 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 09:35 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 09:35 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 09:35 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 09:35 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 09:35 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 09:35 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 09:35 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 09:35 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 09:35 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 22:30 - 2014-12-09 22:30 - 00000000 ____D () C:\Windows\ERUNT
2014-12-09 22:28 - 2014-12-09 22:29 - 01707646 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-12-09 19:24 - 2014-12-09 19:25 - 00033180 _____ () C:\Users\Admin\Downloads\Addition.txt
2014-12-09 19:23 - 2014-12-16 15:24 - 00014291 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-12-09 19:23 - 2014-12-16 15:20 - 00000000 ____D () C:\FRST
2014-12-09 19:23 - 2014-12-09 19:23 - 01111040 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-12-09 18:28 - 2014-12-09 18:28 - 00000000 ____D () C:\Users\Admin\Documents\Tunngle
2014-12-09 17:36 - 2014-12-09 17:36 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 17:35 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 13:17 - 2014-12-09 13:17 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2014-12-09 01:09 - 2014-12-09 13:16 - 00000000 ____D () C:\Program Files\Opera
2014-12-09 00:52 - 2014-12-09 00:53 - 32532216 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_26.0.1656.32_Setup.exe
2014-12-08 19:42 - 2014-12-08 19:42 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable(1).exe
2014-12-08 19:37 - 2014-12-08 19:37 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable.exe
2014-12-08 17:44 - 2014-12-08 17:44 - 01174352 _____ () C:\Users\Admin\Downloads\HijackThis - CHIP-Installer.exe
2014-12-08 17:44 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-12-08 17:44 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-12-06 02:50 - 2014-12-06 03:18 - 00000000 ____D () C:\AdwCleaner
2014-12-06 02:50 - 2014-12-06 03:17 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-06 02:50 - 2014-12-06 02:50 - 02153472 _____ () C:\Users\Admin\Downloads\adwcleaner_4.104.exe
2014-12-06 02:35 - 2014-12-09 18:29 - 00038988 _____ () C:\Windows\PFRO.log
2014-12-05 22:17 - 2014-12-09 12:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 22:16 - 2014-12-08 19:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-05 22:16 - 2014-12-05 22:16 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-05 22:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 22:14 - 2014-12-05 22:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-05 22:07 - 2014-12-05 22:07 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Admin\Downloads\SpyHunter-Installer(1).exe
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\Program Files\STab
2014-12-05 21:04 - 2014-12-05 21:04 - 00056992 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys
2014-12-05 21:04 - 2014-12-05 21:04 - 00002393 _____ () C:\Windows\patsearch.bin
2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-05 20:59 - 2014-12-05 20:59 - 00508568 _____ () C:\Users\Admin\Downloads\NeoliveApp_setup_2_ff.exe
2014-12-03 00:01 - 2014-12-03 00:01 - 00000552 _____ () C:\Users\Admin\AppData\Local\d3d8caps.dat
2014-12-02 23:46 - 2014-12-02 23:47 - 28281816 _____ () C:\Users\Admin\Downloads\Turok 2 - Seeds of Evil (D).zip
2014-12-02 23:12 - 2014-12-02 23:12 - 11848358 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire (Europe).zip
2014-11-25 23:28 - 2014-11-25 23:28 - 11781055 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire.zip
2014-11-20 02:34 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 00:21 - 2014-11-20 00:21 - 00244120 _____ () C:\Users\Admin\Downloads\Firefox Setup Stub 33.1.1.exe
2014-11-20 00:06 - 2014-11-20 00:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-20 00:04 - 2014-11-20 00:04 - 00638888 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jxpiinstall.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 15:23 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 15:22 - 2012-06-13 15:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-16 15:22 - 2008-01-21 02:35 - 01865161 _____ () C:\Windows\WindowsUpdate.log
2014-12-16 15:19 - 2012-12-19 23:50 - 00000000 ____D () C:\Program Files\Steam
2014-12-16 15:19 - 2011-09-29 17:30 - 00000000 ____D () C:\ProgramData\Origin
2014-12-16 15:17 - 2013-10-25 12:40 - 00000000 ____D () C:\Program Files\Origin
2014-12-16 15:17 - 2009-04-07 22:12 - 00000431 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-16 15:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 15:16 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-16 15:16 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-16 15:07 - 2011-06-07 20:20 - 00000000 ____D () C:\Windows\Minidump
2014-12-16 15:07 - 2006-11-02 14:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-10 22:32 - 2009-01-04 18:01 - 00000000 ____D () C:\Users\Admin
2014-12-10 18:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 18:15 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-10 09:57 - 2013-07-19 00:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 09:55 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 20:22 - 2012-06-13 15:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 20:22 - 2011-06-08 19:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 18:51 - 2009-01-04 18:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-09 18:34 - 2009-01-04 18:02 - 00058872 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 18:30 - 2006-11-02 13:47 - 00256712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 18:28 - 2010-11-03 19:10 - 00000000 _____ () C:\Windows\system32\Access.dat
2014-12-09 18:25 - 2013-02-18 16:50 - 00000000 ____D () C:\Program Files\OriginLab
2014-12-09 18:22 - 2009-02-18 22:15 - 00000000 ____D () C:\Users\Public\Documents\STALKER-SHOC
2014-12-09 18:09 - 2009-01-28 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Local\Fallout3
2014-12-09 18:07 - 2009-01-24 19:57 - 00000000 ____D () C:\Users\Admin\Documents\My Games
2014-12-09 18:01 - 2010-03-24 21:12 - 00000000 ____D () C:\ProgramData\Solidshield
2014-12-09 12:47 - 2009-01-04 18:02 - 00000949 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-06 02:34 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2014-12-06 02:33 - 2012-02-05 16:47 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-05 21:43 - 2013-07-27 02:29 - 00000350 _____ () C:\Users\Admin\Desktop\Welli Futter.txt
2014-12-05 21:43 - 2011-07-13 22:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Media Player Classic
2014-12-05 21:17 - 2009-01-04 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-12-05 21:07 - 2010-05-31 18:58 - 00000000 ____D () C:\Program Files\Google
2014-11-24 16:56 - 2012-07-27 18:18 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-11-20 00:07 - 2013-11-03 12:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-20 00:06 - 2014-08-23 08:59 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-20 00:06 - 2013-11-03 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-20 00:05 - 2010-02-25 11:14 - 00000000 ____D () C:\Program Files\Java

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-16 15:23

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-12-2014
Ran by Admin at 2014-12-16 15:25:05
Running from c:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.64 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (Version: 1.00.0000 - Ubisoft) Hidden
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.34 - Atheros Communications Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Creative Audio-Systemsteuerung (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Der Kleine Turnierplaner 6.7.3.1a (HKLM\...\Der_Deploy_0) (Version: 6.7.3.1a - Der Kleine Turnierplaner)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. )
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Eigenschaften von Creative Sound Blaster (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
Far Cry® 3 (HKLM\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
IEEE 802.11g Wireless Cardbus/PCI Adapter (HKLM\...\InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}) (Version: 1.00.0000 - OEM)
IEEE 802.11g Wireless Cardbus/PCI Adapter (Version: 1.00.0000 - OEM) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016F0}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF Image Extraction Wizard 1.2 (HKLM\...\PDF Image Extraction Wizard 1.2_is1) (Version:  - RL Vision)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Play Wireless USB Adapter (HKLM\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin)
Play Wireless USB Adapter (Version: 1.0.0.03 - Belkin) Hidden
Razer Diamondback 3G (HKLM\...\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}) (Version: 5.01 - Razer USA Ltd.)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Rockstar Games Social Club (HKLM\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Sound Blaster Audigy (HKLM\...\{C5828861-B97B-4037-995C-C65E9CC13A3B}) (Version: 1.0 - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
USB GAME PAD (HKLM\...\USB GAME PAD) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Warcraft III (HKLM\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Warcraft III) (Version:  - )
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path

==================== Restore Points  =========================

06-12-2014 01:46:45 Revo Uninstaller's restore point - Windows Media Player Firefox Plugin
08-12-2014 19:15:13 Geplanter Prüfpunkt
09-12-2014 11:44:53 Revo Uninstaller's restore point - Cliqz
09-12-2014 11:47:03 Revo Uninstaller's restore point - Opera Stable 26.0.1656.32
09-12-2014 13:43:26 Windows Update
09-12-2014 16:26:44 Revo Uninstaller's restore point - Mozilla Firefox 34.0.5 (x86 de)
09-12-2014 16:31:08 Revo Uninstaller's restore point - Explorer Suite III
09-12-2014 16:31:58 Revo Uninstaller's restore point - Windows Media Player Firefox Plugin
09-12-2014 16:55:00 Revo Uninstaller's restore point - SopCast 3.4.0
09-12-2014 16:56:09 Revo Uninstaller's restore point - Crysis(R)
09-12-2014 17:01:01 Revo Uninstaller's restore point - Crysis® 2
09-12-2014 17:01:11 Removed Crysis® 2
09-12-2014 17:07:05 Revo Uninstaller's restore point - Fallout 3
09-12-2014 17:07:45 Removed Fallout 3
09-12-2014 17:10:01 Revo Uninstaller's restore point - Fallout New Vegas
09-12-2014 17:11:22 Revo Uninstaller's restore point - Far Cry 2
09-12-2014 17:12:23 Revo Uninstaller's restore point - Magic Set Editor 2 - 0.3.8 beta
09-12-2014 17:13:57 Entfernt Far Cry 2
09-12-2014 17:15:46 Revo Uninstaller's restore point - SPORE™
09-12-2014 17:16:13 Entfernt SPORE™
09-12-2014 17:20:31 Revo Uninstaller's restore point - Premiumplay Codec-C
09-12-2014 17:22:30 Revo Uninstaller's restore point - S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
09-12-2014 17:23:58 Revo Uninstaller's restore point - Origin90
09-12-2014 17:27:52 Revo Uninstaller's restore point - Tunngle beta
09-12-2014 17:48:24 Revo Uninstaller's restore point - Portal 2
09-12-2014 17:49:43 Revo Uninstaller's restore point - Combined Community Codec Pack 2011-06-26
09-12-2014 17:50:49 Revo Uninstaller's restore point - Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
10-12-2014 08:53:55 Windows Update
11-12-2014 13:09:13 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2012-12-20 12:10 - 00000801 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
132.187.1.5        vpngw.uni-wuerzburg.de


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {6DD52B62-EAD0-4D72-A080-08A53787DCF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {945E8773-666E-4BB1-B663-544350D73767} - System32\Tasks\Run_Bobby_Browser => C:\Users\Admin\AppData\Local\BoBrowser\Application\bobrowser.exe
Task: {EC1640A5-19DE-4C81-9A80-C15A9EE0B712} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {ED14B6EE-D593-4A67-96C4-83033B584D2B} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Admin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-09-28 02:10 - 2012-09-28 02:10 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2009-01-15 20:37 - 2007-08-01 14:07 - 00147456 _____ () C:\Program Files\Razer\Diamondback 3G\razerhid.exe
2009-05-29 17:34 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2009-05-29 17:34 - 2009-07-10 09:07 - 00166912 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2009-12-28 17:25 - 2009-12-28 17:25 - 00036864 ____N () C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
2009-11-25 18:45 - 2009-11-25 18:45 - 00110592 ____N () C:\Program Files\Belkin\F7D4101\V1\PBN.exe
2009-09-15 19:17 - 2009-09-15 19:17 - 00200704 ____N () C:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
2005-04-12 10:03 - 2005-04-12 10:03 - 00458752 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
2005-04-12 10:44 - 2005-04-12 10:44 - 00049152 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanDll.dll
2014-12-09 17:36 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-12-09 20:22 - 2014-12-09 20:22 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: FilterHost => C:\Users\Admin\AppData\Roaming\mmserver\FilterHost.exe
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry

========================= Accounts: ==========================

Admin (S-1-5-21-2849090330-1973166882-654260307-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2849090330-1973166882-654260307-500 - Administrator - Disabled)
Gast (S-1-5-21-2849090330-1973166882-654260307-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/16/2014 03:18:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 03:09:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 03:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2014 10:37:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2014 10:17:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2014 10:14:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16599, Zeitstempel 0x5473964b, fehlerhaftes Modul atiumdag.dll, Version 9.14.10.926, Zeitstempel 0x5064fef0, Ausnahmecode 0xc0000005, Fehleroffset 0x001517e2,
Prozess-ID 0xe04, Anwendungsstartzeit iexplore.exe0.

Error: (12/10/2014 10:14:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16599, Zeitstempel 0x5473964b, fehlerhaftes Modul atiumdag.dll, Version 9.14.10.926, Zeitstempel 0x5064fef0, Ausnahmecode 0xc0000005, Fehleroffset 0x001517e2,
Prozess-ID 0x1644, Anwendungsstartzeit iexplore.exe0.

Error: (12/10/2014 10:14:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16599, Zeitstempel 0x5473964b, fehlerhaftes Modul atiumdag.dll, Version 9.14.10.926, Zeitstempel 0x5064fef0, Ausnahmecode 0xc0000005, Fehleroffset 0x001517e2,
Prozess-ID 0xe40, Anwendungsstartzeit iexplore.exe0.

Error: (12/10/2014 10:14:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16599, Zeitstempel 0x5473964b, fehlerhaftes Modul atiumdag.dll, Version 9.14.10.926, Zeitstempel 0x5064fef0, Ausnahmecode 0xc0000005, Fehleroffset 0x001517e2,
Prozess-ID 0x1724, Anwendungsstartzeit iexplore.exe0.

Error: (12/10/2014 10:13:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16599, Zeitstempel 0x5473964b, fehlerhaftes Modul atiumdag.dll, Version 9.14.10.926, Zeitstempel 0x5064fef0, Ausnahmecode 0xc0000005, Fehleroffset 0x001517e2,
Prozess-ID 0x15c8, Anwendungsstartzeit iexplore.exe0.


System errors:
=============
Error: (12/16/2014 03:18:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/16/2014 03:18:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (12/16/2014 03:16:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 16.12.2014 um 15:11:46 unerwartet heruntergefahren.

Error: (12/16/2014 03:09:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/16/2014 03:07:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 16.12.2014 um 15:05:32 unerwartet heruntergefahren.

Error: (12/16/2014 03:01:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/11/2014 10:37:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/11/2014 10:36:13 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (12/10/2014 10:17:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/10/2014 10:17:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent


Microsoft Office Sessions:
=========================
Error: (12/16/2014 03:18:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 03:09:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 03:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2014 10:37:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2014 10:17:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2014 10:14:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165995473964batiumdag.dll9.14.10.9265064fef0c0000005001517e2e0401d014be597d149e

Error: (12/10/2014 10:14:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165995473964batiumdag.dll9.14.10.9265064fef0c0000005001517e2164401d014be504f70ce

Error: (12/10/2014 10:14:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165995473964batiumdag.dll9.14.10.9265064fef0c0000005001517e2e4001d014be504f70ce

Error: (12/10/2014 10:14:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165995473964batiumdag.dll9.14.10.9265064fef0c0000005001517e2172401d014be0b199b2e

Error: (12/10/2014 10:13:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165995473964batiumdag.dll9.14.10.9265064fef0c0000005001517e215c801d014be2833214e


CodeIntegrity Errors:
===================================
  Date: 2014-12-16 15:24:55.095
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:54.791
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:54.470
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:54.194
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:53.704
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:53.464
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:53.168
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:52.825
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:09:10.832
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:09:10.645
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 67%
Total physical RAM: 3326.12 MB
Available physical RAM: 1077.13 MB
Total Pagefile: 6873.21 MB
Available Pagefile: 4007.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:55.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Lokaler Datenträger) (Fixed) (Total:315.76 GB) (Free:280.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1214D70B)
Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=315.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 16.12.2014 21:46
Kannste mir mal nen Screenshot davon machen? Andere Rechner in deinem Netz haben keine Probleme?

Finlay 16.12.2014 23:14
Habe hier mal den kompletten Wahnsinn versammelt inklusive Extra-Tabs, Pop-Ups und Sound Ads. Nein andere Rechner haben keine Probleme, zumindest nicht dass ich wüsste.

http://i.imgur.com/JE3bHIH.png
http://i.imgur.com/gfi7wfI.png

schrauber 17.12.2014 20:20
Das sind Firefox Screens. Besteht das Problem weiterhin in ALLEN Browsern?

Ich sehe einen UNI-VPN. Bist Du immer nur dort online?

Finlay 17.12.2014 21:23
Nein, den UNI-VPN benutze ich nur um wissenschaftliche Veröffentlichungen herunterladen zu können, ansonsten nie.

Ja, es sind weiterhin alle Browser betroffen, zumindest die vier der "großen" Browser die ich getestet habe, IE, Forefox, Chrome und Opera.
Surfen ist zur Qual geworden und ich traue mich nicht mehr irgendwas in die Richtung Online-Banking oder Online-Shopping an meinem Rechner zu machen, aus Angst dass Kontodaten gestohlen werden. Habe sämtliche Weihnachtseinkäufe an Rechnern von Freunden erledigen müssen. Bin völlig verzweifelt. :heulen:

schrauber 18.12.2014 20:33
Zitat:
Nein andere Rechner haben keine Probleme, zumindest nicht dass ich wüsste.
Trotzdem will ich jetzt den Router ausschliessen:

Router komplett auf Werkseinstellungen zurücksetzen, Verbindungsdaten neu eingeben. Dann sämtliche BRowser einmal komplett zurücksetzen.

Finlay 19.12.2014 15:53
Erledigt. Fritz.Box zurückgesetzt, Verbindungsdaten neu eingegeben, Browser zurückgesetzt.

Ads sind noch da, in allen Browsern.

schrauber 20.12.2014 15:36
Bitte zwei frische FRST Logs von dem Rechner.

Finlay 20.12.2014 16:13
Ist es normal das FRST zwischendurch immer wieder mal "abstürzt"?
Bekomme während dem Scan mehrmals "(Keine Rückmeldung)" in der Fensterleiste angezeigt.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2014
Ran by Admin (administrator) on ADMIN-PC on 20-12-2014 16:09:05
Running from c:\Users\Admin\Downloads
Loaded Profile: Admin (Available profiles: Admin)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Belkin\F7D4101\V1\PBN.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2007-02-28] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {0a432b9c-5628-11e1-8beb-002215f64712} - H:\iStudio.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {45ff7cad-e803-11dd-afeb-8edf4b91f0b7} - G:\INSTALL.EXE
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {58376522-d1a8-11e2-85fc-002215f64712} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\index.html
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {678c0f35-9d3c-11de-946d-002215f64712} - Iexplores.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
ShortcutTarget: Wireless Configuration Utility HW.51.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7etp4u8.default-1418998594878
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2849090330-1973166882-654260307-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-02-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2012-12-10] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2012-12-10] (Cisco Systems, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [28968 2007-08-08] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-30] ()
S3 atxboxfl; C:\Windows\System32\DRIVERS\atxboxfl.sys [25537 2003-12-15] (Compuware Corporation) [File not signed]
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2007-08-20] (EnTech Taiwan)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47616 2008-06-30] (Atheros Communications, Inc.)
S3 LADF_CaptureOnly; C:\Windows\System32\DRIVERS\ladfGSCi386.sys [378568 2011-04-11] (Logitech)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53976 2010-09-29] (Logitech)
S3 LADF_RenderOnly; C:\Windows\System32\DRIVERS\ladfGSRi386.sys [317384 2011-04-11] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [335064 2010-09-29] (Logitech)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-30] ()
S3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [253952 2006-11-02] (Marvell Semiconductor, Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 P17; C:\Windows\System32\drivers\P17.sys [1168896 2009-10-16] (Creative Technology Ltd.)
S3 Razerlow; C:\Windows\System32\Drivers\DB3G.sys [13225 2005-04-24] (Razer (Asia-Pacific) Pte Ltd)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [1170464 2010-03-23] (Realtek Semiconductor Corporation                          )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-01-21] () [File not signed]
S3 W8335XP; C:\Windows\System32\DRIVERS\Mrv8000c.sys [265984 2005-03-25] (Marvell Semiconductor, Inc) [File not signed]
R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [56992 2014-12-05] (Corsica)
U3 agjup13w; C:\Windows\system32\Drivers\agjup13w.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 16:08 - 2014-12-20 16:08 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2014-12-18 11:43 - 2014-12-18 11:43 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VSRevoGroup
2014-12-17 21:13 - 2014-12-17 21:13 - 00880784 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup.exe
2014-12-16 15:07 - 2014-12-16 15:07 - 340246887 _____ () C:\Windows\MEMORY.DMP
2014-12-16 15:07 - 2014-12-16 15:07 - 00144432 _____ () C:\Windows\Minidump\Mini121614-01.dmp
2014-12-10 09:57 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:57 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:54 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 09:35 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 09:35 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 09:35 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 09:35 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 09:35 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 09:35 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 09:35 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 09:35 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 09:35 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 22:30 - 2014-12-09 22:30 - 00000000 ____D () C:\Windows\ERUNT
2014-12-09 22:28 - 2014-12-09 22:29 - 01707646 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-12-09 19:24 - 2014-12-16 15:27 - 00027771 _____ () C:\Users\Admin\Downloads\Addition.txt
2014-12-09 19:23 - 2014-12-20 16:09 - 00011723 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-12-09 19:23 - 2014-12-20 16:09 - 00000000 ____D () C:\FRST
2014-12-09 19:23 - 2014-12-20 16:08 - 01114112 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2014-12-09 18:28 - 2014-12-09 18:28 - 00000000 ____D () C:\Users\Admin\Documents\Tunngle
2014-12-09 17:36 - 2014-12-09 17:36 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 17:35 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 13:17 - 2014-12-09 13:17 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2014-12-09 01:09 - 2014-12-09 13:16 - 00000000 ____D () C:\Program Files\Opera
2014-12-09 00:52 - 2014-12-09 00:53 - 32532216 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_26.0.1656.32_Setup.exe
2014-12-08 19:42 - 2014-12-08 19:42 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable(1).exe
2014-12-08 19:37 - 2014-12-08 19:37 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable.exe
2014-12-08 17:44 - 2014-12-08 17:44 - 01174352 _____ () C:\Users\Admin\Downloads\HijackThis - CHIP-Installer.exe
2014-12-08 17:44 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-12-08 17:44 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-12-06 02:50 - 2014-12-06 03:18 - 00000000 ____D () C:\AdwCleaner
2014-12-06 02:50 - 2014-12-06 03:17 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-06 02:50 - 2014-12-06 02:50 - 02153472 _____ () C:\Users\Admin\Downloads\adwcleaner_4.104.exe
2014-12-06 02:35 - 2014-12-18 10:56 - 00039300 _____ () C:\Windows\PFRO.log
2014-12-05 22:17 - 2014-12-09 12:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 22:16 - 2014-12-08 19:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-05 22:16 - 2014-12-05 22:16 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-05 22:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 22:14 - 2014-12-05 22:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-05 22:07 - 2014-12-05 22:07 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Admin\Downloads\SpyHunter-Installer(1).exe
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\Program Files\STab
2014-12-05 21:04 - 2014-12-05 21:04 - 00056992 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys
2014-12-05 21:04 - 2014-12-05 21:04 - 00002393 _____ () C:\Windows\patsearch.bin
2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-05 20:59 - 2014-12-05 20:59 - 00508568 _____ () C:\Users\Admin\Downloads\NeoliveApp_setup_2_ff.exe
2014-12-03 00:01 - 2014-12-03 00:01 - 00000552 _____ () C:\Users\Admin\AppData\Local\d3d8caps.dat
2014-12-02 23:46 - 2014-12-02 23:47 - 28281816 _____ () C:\Users\Admin\Downloads\Turok 2 - Seeds of Evil (D).zip
2014-12-02 23:12 - 2014-12-02 23:12 - 11848358 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire (Europe).zip
2014-11-25 23:28 - 2014-11-25 23:28 - 11781055 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire.zip
2014-11-20 02:34 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 00:21 - 2014-11-20 00:21 - 00244120 _____ () C:\Users\Admin\Downloads\Firefox Setup Stub 33.1.1.exe
2014-11-20 00:06 - 2014-11-20 00:06 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-20 00:04 - 2014-11-20 00:04 - 00638888 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jxpiinstall.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 15:22 - 2012-06-13 15:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-20 14:22 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 14:22 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 10:27 - 2008-01-21 02:35 - 01967631 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 10:22 - 2009-04-07 22:12 - 00000431 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-20 10:22 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 02:38 - 2006-11-02 14:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-19 19:40 - 2012-12-19 23:50 - 00000000 ____D () C:\Program Files\Steam
2014-12-19 15:00 - 2010-05-31 18:58 - 00000000 ____D () C:\Program Files\Google
2014-12-19 14:59 - 2010-05-31 18:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-12-19 01:50 - 2012-11-21 18:30 - 00000000 ____D () C:\Users\Admin\Downloads\Neuer Ordner
2014-12-18 11:18 - 2013-10-25 12:40 - 00000000 ____D () C:\Program Files\Origin
2014-12-17 19:39 - 2011-09-29 17:30 - 00000000 ____D () C:\ProgramData\Origin
2014-12-16 15:23 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 15:07 - 2011-06-07 20:20 - 00000000 ____D () C:\Windows\Minidump
2014-12-10 22:32 - 2009-01-04 18:01 - 00000000 ____D () C:\Users\Admin
2014-12-10 18:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 18:15 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-10 09:57 - 2013-07-19 00:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 09:55 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 20:22 - 2012-06-13 15:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 20:22 - 2011-06-08 19:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 18:51 - 2009-01-04 18:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-09 18:34 - 2009-01-04 18:02 - 00058872 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 18:30 - 2006-11-02 13:47 - 00256712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 18:28 - 2010-11-03 19:10 - 00000000 _____ () C:\Windows\system32\Access.dat
2014-12-09 18:25 - 2013-02-18 16:50 - 00000000 ____D () C:\Program Files\OriginLab
2014-12-09 18:22 - 2009-02-18 22:15 - 00000000 ____D () C:\Users\Public\Documents\STALKER-SHOC
2014-12-09 18:09 - 2009-01-28 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Local\Fallout3
2014-12-09 18:07 - 2009-01-24 19:57 - 00000000 ____D () C:\Users\Admin\Documents\My Games
2014-12-09 18:01 - 2010-03-24 21:12 - 00000000 ____D () C:\ProgramData\Solidshield
2014-12-09 12:47 - 2009-01-04 18:02 - 00000949 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-06 02:34 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2014-12-06 02:33 - 2012-02-05 16:47 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-05 21:43 - 2013-07-27 02:29 - 00000350 _____ () C:\Users\Admin\Desktop\Welli Futter.txt
2014-12-05 21:43 - 2011-07-13 22:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Media Player Classic
2014-12-05 21:17 - 2009-01-04 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-11-24 16:56 - 2012-07-27 18:18 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-11-24 14:04 - 2009-10-02 16:45 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-20 00:07 - 2013-11-03 12:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-20 00:06 - 2014-08-23 08:59 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-20 00:06 - 2013-11-03 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-20 00:05 - 2010-02-25 11:14 - 00000000 ____D () C:\Program Files\Java

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-20 10:37

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-12-2014
Ran by Admin at 2014-12-20 16:10:05
Running from c:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.64 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (Version: 1.00.0000 - Ubisoft) Hidden
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.34 - Atheros Communications Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Creative Audio-Systemsteuerung (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Der Kleine Turnierplaner 6.7.3.1a (HKLM\...\Der_Deploy_0) (Version: 6.7.3.1a - Der Kleine Turnierplaner)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. )
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Eigenschaften von Creative Sound Blaster (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
Far Cry® 3 (HKLM\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
IEEE 802.11g Wireless Cardbus/PCI Adapter (HKLM\...\InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}) (Version: 1.00.0000 - OEM)
IEEE 802.11g Wireless Cardbus/PCI Adapter (Version: 1.00.0000 - OEM) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016F0}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF Image Extraction Wizard 1.2 (HKLM\...\PDF Image Extraction Wizard 1.2_is1) (Version:  - RL Vision)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Play Wireless USB Adapter (HKLM\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin)
Play Wireless USB Adapter (Version: 1.0.0.03 - Belkin) Hidden
Razer Diamondback 3G (HKLM\...\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}) (Version: 5.01 - Razer USA Ltd.)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Rockstar Games Social Club (HKLM\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Sound Blaster Audigy (HKLM\...\{C5828861-B97B-4037-995C-C65E9CC13A3B}) (Version: 1.0 - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
USB GAME PAD (HKLM\...\USB GAME PAD) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Warcraft III (HKLM\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Warcraft III) (Version:  - )
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path

==================== Restore Points  =========================

09-12-2014 17:55:00 Revo Uninstaller's restore point - SopCast 3.4.0
09-12-2014 17:56:09 Revo Uninstaller's restore point - Crysis(R)
09-12-2014 18:01:01 Revo Uninstaller's restore point - Crysis® 2
09-12-2014 18:01:11 Removed Crysis® 2
09-12-2014 18:07:05 Revo Uninstaller's restore point - Fallout 3
09-12-2014 18:07:45 Removed Fallout 3
09-12-2014 18:10:01 Revo Uninstaller's restore point - Fallout New Vegas
09-12-2014 18:11:22 Revo Uninstaller's restore point - Far Cry 2
09-12-2014 18:12:23 Revo Uninstaller's restore point - Magic Set Editor 2 - 0.3.8 beta
09-12-2014 18:13:57 Entfernt Far Cry 2
09-12-2014 18:15:46 Revo Uninstaller's restore point - SPORE™
09-12-2014 18:16:13 Entfernt SPORE™
09-12-2014 18:20:31 Revo Uninstaller's restore point - Premiumplay Codec-C
09-12-2014 18:22:30 Revo Uninstaller's restore point - S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
09-12-2014 18:23:58 Revo Uninstaller's restore point - Origin90
09-12-2014 18:27:52 Revo Uninstaller's restore point - Tunngle beta
09-12-2014 18:48:24 Revo Uninstaller's restore point - Portal 2
09-12-2014 18:49:43 Revo Uninstaller's restore point - Combined Community Codec Pack 2011-06-26
09-12-2014 18:50:49 Revo Uninstaller's restore point - Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
10-12-2014 09:53:55 Windows Update
11-12-2014 14:09:13 Geplanter Prüfpunkt
16-12-2014 15:27:20 Windows Update
17-12-2014 15:26:19 Geplanter Prüfpunkt
19-12-2014 14:59:08 Revo Uninstaller's restore point - Google Chrome
20-12-2014 12:34:44 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2012-12-20 12:10 - 00000801 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
132.187.1.5        vpngw.uni-wuerzburg.de


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1F0BD6DB-B3F0-4D85-8BAA-759AAD65D1AB} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Admin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {6DD52B62-EAD0-4D72-A080-08A53787DCF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {945E8773-666E-4BB1-B663-544350D73767} - System32\Tasks\Run_Bobby_Browser => C:\Users\Admin\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {EC1640A5-19DE-4C81-9A80-C15A9EE0B712} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2009-12-28 17:25 - 2009-12-28 17:25 - 00036864 ____N () C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
2012-09-28 02:10 - 2012-09-28 02:10 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2009-05-29 17:34 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2009-05-29 17:34 - 2009-07-10 09:07 - 00166912 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2009-11-25 18:45 - 2009-11-25 18:45 - 00110592 ____N () C:\Program Files\Belkin\F7D4101\V1\PBN.exe
2009-09-15 19:17 - 2009-09-15 19:17 - 00200704 ____N () C:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
2005-04-12 10:03 - 2005-04-12 10:03 - 00458752 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
2005-04-12 10:44 - 2005-04-12 10:44 - 00049152 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanDll.dll
2014-12-09 17:36 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-12-09 20:22 - 2014-12-09 20:22 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: FilterHost => C:\Users\Admin\AppData\Roaming\mmserver\FilterHost.exe
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry

========================= Accounts: ==========================

Admin (S-1-5-21-2849090330-1973166882-654260307-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2849090330-1973166882-654260307-500 - Administrator - Disabled)
Gast (S-1-5-21-2849090330-1973166882-654260307-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/20/2014 10:23:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2014 03:13:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16599 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1074
Anfangszeit: 01d01b947a478713
Zeitpunkt der Beendigung: 0

Error: (12/19/2014 02:59:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {c4ec5f44-2586-418e-8e38-b1735b8adf4c}

Error: (12/19/2014 10:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:24 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (12/18/2014 10:58:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:38:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:35:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000374, Fehleroffset 0x000b06fc,
Prozess-ID 0x440, Anwendungsstartzeit svchost.exe0.

Error: (12/17/2014 10:41:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/20/2014 10:23:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/19/2014 03:08:32 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (12/19/2014 10:45:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/18/2014 09:13:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/18/2014 10:58:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/17/2014 07:38:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/17/2014 07:38:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (12/17/2014 10:41:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/17/2014 10:40:18 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (12/16/2014 03:18:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt


Microsoft Office Sessions:
=========================
Error: (12/20/2014 10:23:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2014 03:13:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16599107401d01b947a4787130

Error: (12/19/2014 02:59:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {c4ec5f44-2586-418e-8e38-b1735b8adf4c}

Error: (12/19/2014 10:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:24 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (12/18/2014 10:58:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:38:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:35:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.0.6001.1800047918b89ntdll.dll6.0.6002.1888151da3e27c0000374000b06fc44001d019dd635bc61e

Error: (12/17/2014 10:41:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-12-20 16:10:02.735
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:02.547
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:02.360
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:02.173
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:01.892
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:01.705
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:01.518
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:01.346
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:55.095
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-16 15:24:54.791
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 36%
Total physical RAM: 3326.12 MB
Available physical RAM: 2112.33 MB
Total Pagefile: 6877.21 MB
Available Pagefile: 5847.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:53.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Lokaler Datenträger) (Fixed) (Total:315.76 GB) (Free:280.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1214D70B)
Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=315.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 21.12.2014 09:43
keine Rückmeldung hat nix mit Abstürzen zu tun :)


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Task: {945E8773-666E-4BB1-B663-544350D73767} - System32\Tasks\Run_Bobby_Browser => C:\Users\Admin\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
C:\Users\Admin\AppData\Local\BoBrowser
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Finlay 21.12.2014 14:58
Bekam während dem Fix eine Error Meldung.
Darin war auf das Verzeichnis in dem FRST installiert war verwiesen, mit folgendem Wortlaut.

"AutoIt Error

Line 9686
Error: Error in expression"

Ads sind auch noch da leider. Ich kenne mich mit der Informatik hinter den Code-Zeilen null aus, deshalb wollte ich mal fragen, ob du weisst womit ich es hier zu tun habe. Es scheint ja irgendein extrem hartnäckiges und tiefsitzendes Script zu sein, wenn nichts hilft und die Standard Malware- und Viren-Scanner nicht mal etwas finden. Spiele so langsam mit dem Gedanken, zu formatieren.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-12-2014 01
Ran by Admin at 2014-12-21 14:49:01 Run:2
Running from c:\Users\Admin\Downloads
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {945E8773-666E-4BB1-B663-544350D73767} - System32\Tasks\Run_Bobby_Browser => C:\Users\Admin\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
C:\Users\Admin\AppData\Local\BoBrowser
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
Emptytemp:
       
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{945E8773-666E-4BB1-B663-544350D73767}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{945E8773-666E-4BB1-B663-544350D73767}" => Key deleted successfully.
C:\Windows\System32\Tasks\Run_Bobby_Browser => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser" => Key deleted successfully.
"C:\Users\Admin\AppData\Local\BoBrowser" => File/Directory not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found.
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => value deleted successfully.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Key not found.
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} => value deleted successfully.
"HKCR\CLSID\{F2CF5485-4E02-4F68-819C-B92DE9277049}" => Key Deleted successfully.
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => value deleted successfully.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Key not found.
"HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer" => Key deleted successfully.
C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll => Moved successfully.
EmptyTemp: => Removed 422.8 MB temporary data.

schrauber 22.12.2014 13:25
Das ist einfach nur Adware. Die aber irgendwie tiefer als normal sitzt.
Öffne bitte FRST, setz nen Haken bei Addition und scanne, poste bitte nochmal beide Logfiles.

Finlay 22.12.2014 15:44

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01
Ran by Admin (administrator) on ADMIN-PC on 22-12-2014 15:42:37
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
() C:\Program Files\Belkin\F7D4101\V1\PBN.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2007-02-28] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {0a432b9c-5628-11e1-8beb-002215f64712} - H:\iStudio.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {45ff7cad-e803-11dd-afeb-8edf4b91f0b7} - G:\INSTALL.EXE
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {58376522-d1a8-11e2-85fc-002215f64712} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\index.html
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {678c0f35-9d3c-11de-946d-002215f64712} - Iexplores.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
ShortcutTarget: Wireless Configuration Utility HW.51.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\miz0y22q.default-1419169810988
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2849090330-1973166882-654260307-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-02-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2012-12-10] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2012-12-10] (Cisco Systems, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [28968 2007-08-08] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-30] ()
S3 atxboxfl; C:\Windows\System32\DRIVERS\atxboxfl.sys [25537 2003-12-15] (Compuware Corporation) [File not signed]
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2007-08-20] (EnTech Taiwan)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47616 2008-06-30] (Atheros Communications, Inc.)
S3 LADF_CaptureOnly; C:\Windows\System32\DRIVERS\ladfGSCi386.sys [378568 2011-04-11] (Logitech)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53976 2010-09-29] (Logitech)
S3 LADF_RenderOnly; C:\Windows\System32\DRIVERS\ladfGSRi386.sys [317384 2011-04-11] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [335064 2010-09-29] (Logitech)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-30] ()
S3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [253952 2006-11-02] (Marvell Semiconductor, Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 P17; C:\Windows\System32\drivers\P17.sys [1168896 2009-10-16] (Creative Technology Ltd.)
S3 Razerlow; C:\Windows\System32\Drivers\DB3G.sys [13225 2005-04-24] (Razer (Asia-Pacific) Pte Ltd)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [1170464 2010-03-23] (Realtek Semiconductor Corporation                          )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-01-21] () [File not signed]
S3 W8335XP; C:\Windows\System32\DRIVERS\Mrv8000c.sys [265984 2005-03-25] (Marvell Semiconductor, Inc) [File not signed]
R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [56992 2014-12-05] (Corsica)
U3 a3l07x83; C:\Windows\system32\Drivers\a3l07x83.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 15:42 - 2014-12-22 15:42 - 00010849 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-12-22 15:42 - 2014-12-22 15:42 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2014-12-20 16:08 - 2014-12-21 14:48 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2014-12-18 11:43 - 2014-12-18 11:43 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VSRevoGroup
2014-12-17 21:13 - 2014-12-17 21:13 - 00880784 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup.exe
2014-12-16 15:07 - 2014-12-16 15:07 - 340246887 _____ () C:\Windows\MEMORY.DMP
2014-12-16 15:07 - 2014-12-16 15:07 - 00144432 _____ () C:\Windows\Minidump\Mini121614-01.dmp
2014-12-10 09:57 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:57 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:54 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 09:35 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 09:35 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 09:35 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 09:35 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 09:35 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 09:35 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 09:35 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 09:35 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 09:35 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 22:30 - 2014-12-09 22:30 - 00000000 ____D () C:\Windows\ERUNT
2014-12-09 22:28 - 2014-12-09 22:29 - 01707646 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-12-09 19:24 - 2014-12-20 16:10 - 00027450 _____ () C:\Users\Admin\Downloads\Addition.txt
2014-12-09 19:23 - 2014-12-22 15:42 - 01114112 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-12-09 19:23 - 2014-12-22 15:42 - 00000000 ____D () C:\FRST
2014-12-09 19:23 - 2014-12-20 16:10 - 00025346 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-12-09 18:28 - 2014-12-09 18:28 - 00000000 ____D () C:\Users\Admin\Documents\Tunngle
2014-12-09 17:36 - 2014-12-09 17:36 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 17:35 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 13:17 - 2014-12-09 13:17 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2014-12-09 01:09 - 2014-12-09 13:16 - 00000000 ____D () C:\Program Files\Opera
2014-12-09 00:52 - 2014-12-09 00:53 - 32532216 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_26.0.1656.32_Setup.exe
2014-12-08 19:42 - 2014-12-08 19:42 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable(1).exe
2014-12-08 19:37 - 2014-12-08 19:37 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable.exe
2014-12-08 17:44 - 2014-12-08 17:44 - 01174352 _____ () C:\Users\Admin\Downloads\HijackThis - CHIP-Installer.exe
2014-12-08 17:44 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-12-08 17:44 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-12-06 02:50 - 2014-12-06 03:18 - 00000000 ____D () C:\AdwCleaner
2014-12-06 02:50 - 2014-12-06 03:17 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-06 02:50 - 2014-12-06 02:50 - 02153472 _____ () C:\Users\Admin\Downloads\adwcleaner_4.104.exe
2014-12-06 02:35 - 2014-12-18 10:56 - 00039300 _____ () C:\Windows\PFRO.log
2014-12-05 22:17 - 2014-12-09 12:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 22:16 - 2014-12-08 19:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-05 22:16 - 2014-12-05 22:16 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-05 22:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 22:14 - 2014-12-05 22:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-05 22:07 - 2014-12-05 22:07 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Admin\Downloads\SpyHunter-Installer(1).exe
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\Program Files\STab
2014-12-05 21:04 - 2014-12-05 21:04 - 00056992 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys
2014-12-05 21:04 - 2014-12-05 21:04 - 00002393 _____ () C:\Windows\patsearch.bin
2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-05 20:59 - 2014-12-05 20:59 - 00508568 _____ () C:\Users\Admin\Downloads\NeoliveApp_setup_2_ff.exe
2014-12-03 00:01 - 2014-12-03 00:01 - 00000552 _____ () C:\Users\Admin\AppData\Local\d3d8caps.dat
2014-12-02 23:46 - 2014-12-02 23:47 - 28281816 _____ () C:\Users\Admin\Downloads\Turok 2 - Seeds of Evil (D).zip
2014-12-02 23:12 - 2014-12-02 23:12 - 11848358 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire (Europe).zip
2014-11-25 23:28 - 2014-11-25 23:28 - 11781055 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 15:22 - 2012-06-13 15:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 14:27 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 14:27 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 09:27 - 2008-01-21 02:35 - 01994122 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 12:28 - 2009-04-07 22:12 - 00000431 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-21 12:27 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-21 02:30 - 2006-11-02 14:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-19 19:40 - 2012-12-19 23:50 - 00000000 ____D () C:\Program Files\Steam
2014-12-19 15:00 - 2010-05-31 18:58 - 00000000 ____D () C:\Program Files\Google
2014-12-19 14:59 - 2010-05-31 18:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-12-19 01:50 - 2012-11-21 18:30 - 00000000 ____D () C:\Users\Admin\Downloads\Neuer Ordner
2014-12-18 11:18 - 2013-10-25 12:40 - 00000000 ____D () C:\Program Files\Origin
2014-12-17 19:39 - 2011-09-29 17:30 - 00000000 ____D () C:\ProgramData\Origin
2014-12-16 15:23 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 15:07 - 2011-06-07 20:20 - 00000000 ____D () C:\Windows\Minidump
2014-12-10 22:32 - 2009-01-04 18:01 - 00000000 ____D () C:\Users\Admin
2014-12-10 18:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 18:15 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-10 09:57 - 2013-07-19 00:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 09:55 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 20:22 - 2012-06-13 15:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 20:22 - 2011-06-08 19:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 18:51 - 2009-01-04 18:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-09 18:34 - 2009-01-04 18:02 - 00058872 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 18:30 - 2006-11-02 13:47 - 00256712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 18:28 - 2010-11-03 19:10 - 00000000 _____ () C:\Windows\system32\Access.dat
2014-12-09 18:25 - 2013-02-18 16:50 - 00000000 ____D () C:\Program Files\OriginLab
2014-12-09 18:22 - 2009-02-18 22:15 - 00000000 ____D () C:\Users\Public\Documents\STALKER-SHOC
2014-12-09 18:09 - 2009-01-28 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Local\Fallout3
2014-12-09 18:07 - 2009-01-24 19:57 - 00000000 ____D () C:\Users\Admin\Documents\My Games
2014-12-09 18:01 - 2010-03-24 21:12 - 00000000 ____D () C:\ProgramData\Solidshield
2014-12-09 12:47 - 2009-01-04 18:02 - 00000949 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-06 02:34 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2014-12-06 02:33 - 2012-02-05 16:47 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-05 21:43 - 2013-07-27 02:29 - 00000350 _____ () C:\Users\Admin\Desktop\Welli Futter.txt
2014-12-05 21:43 - 2011-07-13 22:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Media Player Classic
2014-12-05 21:17 - 2009-01-04 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-11-24 16:56 - 2012-07-27 18:18 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-11-24 14:04 - 2009-10-02 16:45 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-22 12:47

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2014 01
Ran by Admin at 2014-12-22 15:43:05
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.64 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (Version: 1.00.0000 - Ubisoft) Hidden
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.34 - Atheros Communications Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Creative Audio-Systemsteuerung (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Der Kleine Turnierplaner 6.7.3.1a (HKLM\...\Der_Deploy_0) (Version: 6.7.3.1a - Der Kleine Turnierplaner)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. )
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Eigenschaften von Creative Sound Blaster (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
Far Cry® 3 (HKLM\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
IEEE 802.11g Wireless Cardbus/PCI Adapter (HKLM\...\InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}) (Version: 1.00.0000 - OEM)
IEEE 802.11g Wireless Cardbus/PCI Adapter (Version: 1.00.0000 - OEM) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016F0}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF Image Extraction Wizard 1.2 (HKLM\...\PDF Image Extraction Wizard 1.2_is1) (Version:  - RL Vision)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Play Wireless USB Adapter (HKLM\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin)
Play Wireless USB Adapter (Version: 1.0.0.03 - Belkin) Hidden
Razer Diamondback 3G (HKLM\...\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}) (Version: 5.01 - Razer USA Ltd.)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Rockstar Games Social Club (HKLM\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Sound Blaster Audigy (HKLM\...\{C5828861-B97B-4037-995C-C65E9CC13A3B}) (Version: 1.0 - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
USB GAME PAD (HKLM\...\USB GAME PAD) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Warcraft III (HKLM\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Warcraft III) (Version:  - )
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path

==================== Restore Points  =========================

09-12-2014 18:20:31 Revo Uninstaller's restore point - Premiumplay Codec-C
09-12-2014 18:22:30 Revo Uninstaller's restore point - S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
09-12-2014 18:23:58 Revo Uninstaller's restore point - Origin90
09-12-2014 18:27:52 Revo Uninstaller's restore point - Tunngle beta
09-12-2014 18:48:24 Revo Uninstaller's restore point - Portal 2
09-12-2014 18:49:43 Revo Uninstaller's restore point - Combined Community Codec Pack 2011-06-26
09-12-2014 18:50:49 Revo Uninstaller's restore point - Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
10-12-2014 09:53:55 Windows Update
11-12-2014 14:09:13 Geplanter Prüfpunkt
16-12-2014 15:27:20 Windows Update
17-12-2014 15:26:19 Geplanter Prüfpunkt
19-12-2014 14:59:08 Revo Uninstaller's restore point - Google Chrome
20-12-2014 12:34:44 Geplanter Prüfpunkt
21-12-2014 00:50:58 Geplanter Prüfpunkt
21-12-2014 13:32:38 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2012-12-20 12:10 - 00000801 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
132.187.1.5        vpngw.uni-wuerzburg.de


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {6DD52B62-EAD0-4D72-A080-08A53787DCF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {DA1F86A5-5EB7-4F7E-A896-199CA2C8FB47} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Admin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {EC1640A5-19DE-4C81-9A80-C15A9EE0B712} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2009-12-28 17:25 - 2009-12-28 17:25 - 00036864 ____N () C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
2012-09-28 02:10 - 2012-09-28 02:10 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2010-04-13 01:13 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2009-05-29 17:34 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2009-05-29 17:34 - 2009-07-10 09:07 - 00166912 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2009-11-25 18:45 - 2009-11-25 18:45 - 00110592 ____N () C:\Program Files\Belkin\F7D4101\V1\PBN.exe
2009-09-15 19:17 - 2009-09-15 19:17 - 00200704 ____N () C:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
2005-04-12 10:03 - 2005-04-12 10:03 - 00458752 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
2005-04-12 10:44 - 2005-04-12 10:44 - 00049152 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanDll.dll
2014-12-09 17:36 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: FilterHost => C:\Users\Admin\AppData\Roaming\mmserver\FilterHost.exe
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry

========================= Accounts: ==========================

Admin (S-1-5-21-2849090330-1973166882-654260307-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2849090330-1973166882-654260307-500 - Administrator - Disabled)
Gast (S-1-5-21-2849090330-1973166882-654260307-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2014 00:29:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 10:23:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2014 03:13:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16599 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1074
Anfangszeit: 01d01b947a478713
Zeitpunkt der Beendigung: 0

Error: (12/19/2014 02:59:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {c4ec5f44-2586-418e-8e38-b1735b8adf4c}

Error: (12/19/2014 10:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:24 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (12/18/2014 10:58:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:38:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:35:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000374, Fehleroffset 0x000b06fc,
Prozess-ID 0x440, Anwendungsstartzeit svchost.exe0.


System errors:
=============
Error: (12/21/2014 00:29:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/20/2014 10:23:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/19/2014 03:08:32 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (12/19/2014 10:45:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/18/2014 09:13:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/18/2014 10:58:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/17/2014 07:38:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/17/2014 07:38:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (12/17/2014 10:41:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/17/2014 10:40:18 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.


Microsoft Office Sessions:
=========================
Error: (12/21/2014 00:29:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 10:23:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2014 03:13:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16599107401d01b947a4787130

Error: (12/19/2014 02:59:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {c4ec5f44-2586-418e-8e38-b1735b8adf4c}

Error: (12/19/2014 10:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:24 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (12/18/2014 10:58:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:38:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:35:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.0.6001.1800047918b89ntdll.dll6.0.6002.1888151da3e27c0000374000b06fc44001d019dd635bc61e


CodeIntegrity Errors:
===================================
  Date: 2014-12-22 15:43:02.709
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:02.537
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:02.338
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:02.166
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:01.735
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:01.561
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:01.388
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:01.179
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:02.735
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:02.547
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 54%
Total physical RAM: 3326.12 MB
Available physical RAM: 1518.31 MB
Total Pagefile: 6871.21 MB
Available Pagefile: 4528.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:53.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Lokaler Datenträger) (Fixed) (Total:315.76 GB) (Free:280.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1214D70B)
Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=315.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 23.12.2014 12:05
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {678c0f35-9d3c-11de-946d-002215f64712} - Iexplores.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {0a432b9c-5628-11e1-8beb-002215f64712} - H:\iStudio.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {45ff7cad-e803-11dd-afeb-8edf4b91f0b7} - G:\INSTALL.EXE
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {58376522-d1a8-11e2-85fc-002215f64712} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\index.html
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\Program Files\STab
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
Hosts:
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Finlay 04.01.2015 13:06
So, zurück aus dem Urlaub, weiter mit den Ads befassen. Sind nach dem Fix leider immer noch da.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-01-2015 03
Ran by Admin at 2015-01-04 12:57:10 Run:4
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {678c0f35-9d3c-11de-946d-002215f64712} - Iexplores.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {0a432b9c-5628-11e1-8beb-002215f64712} - H:\iStudio.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {45ff7cad-e803-11dd-afeb-8edf4b91f0b7} - G:\INSTALL.EXE
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {58376522-d1a8-11e2-85fc-002215f64712} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\index.html
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\Program Files\STab
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
Hosts:
Emptytemp:
       
*****************

"HKU\S-1-5-21-2849090330-1973166882-654260307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{678c0f35-9d3c-11de-946d-002215f64712}" => Key deleted successfully.
HKCR\CLSID\{678c0f35-9d3c-11de-946d-002215f64712} => Key not found.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a432b9c-5628-11e1-8beb-002215f64712}" => Key deleted successfully.
HKCR\CLSID\{0a432b9c-5628-11e1-8beb-002215f64712} => Key not found.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45ff7cad-e803-11dd-afeb-8edf4b91f0b7}" => Key deleted successfully.
HKCR\CLSID\{45ff7cad-e803-11dd-afeb-8edf4b91f0b7} => Key not found.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58376522-d1a8-11e2-85fc-002215f64712}" => Key deleted successfully.
HKCR\CLSID\{58376522-d1a8-11e2-85fc-002215f64712} => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
C:\ProgramData\IHProtectUpDate => Moved successfully.
C:\Program Files\STab => Moved successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 358.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:57:22 ====

schrauber 04.01.2015 15:01
Nochmal zwei frische Logs mit FRST bitte. In welchem Browser kommen die nochmal? Hast DU auch andere Browser getestet?

Scan mit SystemLook

Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :regfind
    BetterMarkIt
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Finlay 04.01.2015 20:48
Die Ads kommen in allen Browsern vor, die ich benutze und teste. Namentlich Opera, Chrome, IE und Firefox.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-01-2015 03
Ran by Admin (administrator) on ADMIN-PC on 04-01-2015 20:43:27
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files\Belkin\F7D4101\V1\PBN.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2007-02-28] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
ShortcutTarget: Wireless Configuration Utility HW.51.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\miz0y22q.default-1419169810988
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2849090330-1973166882-654260307-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-02-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2012-12-10] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2012-12-10] (Cisco Systems, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [28968 2007-08-08] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-30] ()
S3 atxboxfl; C:\Windows\System32\DRIVERS\atxboxfl.sys [25537 2003-12-15] (Compuware Corporation) [File not signed]
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2007-08-20] (EnTech Taiwan)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47616 2008-06-30] (Atheros Communications, Inc.)
S3 LADF_CaptureOnly; C:\Windows\System32\DRIVERS\ladfGSCi386.sys [378568 2011-04-11] (Logitech)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53976 2010-09-29] (Logitech)
S3 LADF_RenderOnly; C:\Windows\System32\DRIVERS\ladfGSRi386.sys [317384 2011-04-11] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [335064 2010-09-29] (Logitech)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-30] ()
S3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [253952 2006-11-02] (Marvell Semiconductor, Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 P17; C:\Windows\System32\drivers\P17.sys [1168896 2009-10-16] (Creative Technology Ltd.)
S3 Razerlow; C:\Windows\System32\Drivers\DB3G.sys [13225 2005-04-24] (Razer (Asia-Pacific) Pte Ltd)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [1170464 2010-03-23] (Realtek Semiconductor Corporation                          )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-01-21] () [File not signed]
S3 W8335XP; C:\Windows\System32\DRIVERS\Mrv8000c.sys [265984 2005-03-25] (Marvell Semiconductor, Inc) [File not signed]
R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [56992 2014-12-05] (Corsica)
U3 amj1q44n; C:\Windows\system32\Drivers\amj1q44n.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 20:43 - 2015-01-04 20:43 - 00011503 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-04 20:42 - 2015-01-04 20:42 - 00028298 _____ () C:\Users\Admin\Downloads\SystemLook.txt
2015-01-04 20:41 - 2015-01-04 20:41 - 00139264 _____ () C:\Users\Admin\Downloads\SystemLook.exe
2015-01-04 12:48 - 2015-01-04 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-01-04 12:48 - 2015-01-04 12:48 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-12-22 22:32 - 2015-01-04 12:48 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-20 16:08 - 2014-12-21 14:48 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2014-12-18 11:43 - 2014-12-18 11:43 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VSRevoGroup
2014-12-17 21:13 - 2014-12-17 21:13 - 00880784 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup.exe
2014-12-16 15:07 - 2014-12-16 15:07 - 340246887 _____ () C:\Windows\MEMORY.DMP
2014-12-16 15:07 - 2014-12-16 15:07 - 00144432 _____ () C:\Windows\Minidump\Mini121614-01.dmp
2014-12-10 09:57 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:57 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:54 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 09:35 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 09:35 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 09:35 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 09:35 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 09:35 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 09:35 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 09:35 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 09:35 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 09:35 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 22:30 - 2014-12-09 22:30 - 00000000 ____D () C:\Windows\ERUNT
2014-12-09 22:28 - 2014-12-09 22:29 - 01707646 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-12-09 19:24 - 2014-12-20 16:10 - 00027450 _____ () C:\Users\Admin\Downloads\Addition.txt
2014-12-09 19:23 - 2015-01-04 20:43 - 00000000 ____D () C:\FRST
2014-12-09 19:23 - 2015-01-04 12:57 - 01115136 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-12-09 19:23 - 2014-12-20 16:10 - 00025346 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-12-09 18:28 - 2014-12-09 18:28 - 00000000 ____D () C:\Users\Admin\Documents\Tunngle
2014-12-09 17:36 - 2014-12-09 17:36 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 17:35 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 13:17 - 2014-12-09 13:17 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2014-12-09 01:09 - 2014-12-09 13:16 - 00000000 ____D () C:\Program Files\Opera
2014-12-09 00:52 - 2014-12-09 00:53 - 32532216 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_26.0.1656.32_Setup.exe
2014-12-08 19:42 - 2014-12-08 19:42 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable(1).exe
2014-12-08 19:37 - 2014-12-08 19:37 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable.exe
2014-12-08 17:44 - 2014-12-08 17:44 - 01174352 _____ () C:\Users\Admin\Downloads\HijackThis - CHIP-Installer.exe
2014-12-08 17:44 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-12-08 17:44 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-12-06 02:50 - 2014-12-06 03:18 - 00000000 ____D () C:\AdwCleaner
2014-12-06 02:50 - 2014-12-06 03:17 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-06 02:50 - 2014-12-06 02:50 - 02153472 _____ () C:\Users\Admin\Downloads\adwcleaner_4.104.exe
2014-12-06 02:35 - 2014-12-22 20:25 - 00041446 _____ () C:\Windows\PFRO.log
2014-12-05 22:17 - 2014-12-09 12:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 22:16 - 2014-12-08 19:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-05 22:16 - 2014-12-05 22:16 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-05 22:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 22:14 - 2014-12-05 22:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-05 22:07 - 2014-12-05 22:07 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Admin\Downloads\SpyHunter-Installer(1).exe
2014-12-05 21:04 - 2014-12-05 21:04 - 00056992 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys
2014-12-05 21:04 - 2014-12-05 21:04 - 00002393 _____ () C:\Windows\patsearch.bin
2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-05 20:59 - 2014-12-05 20:59 - 00508568 _____ () C:\Users\Admin\Downloads\NeoliveApp_setup_2_ff.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 20:29 - 2008-01-21 02:35 - 02058541 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 20:26 - 2009-04-07 22:12 - 00000431 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-04 20:26 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 20:26 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 20:26 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 20:24 - 2006-11-02 14:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-04 20:22 - 2012-06-13 15:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 22:32 - 2012-06-13 15:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-22 22:32 - 2011-06-08 19:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-22 22:31 - 2009-06-29 14:28 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-12-19 19:40 - 2012-12-19 23:50 - 00000000 ____D () C:\Program Files\Steam
2014-12-19 15:00 - 2010-05-31 18:58 - 00000000 ____D () C:\Program Files\Google
2014-12-19 14:59 - 2010-05-31 18:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-12-19 01:50 - 2012-11-21 18:30 - 00000000 ____D () C:\Users\Admin\Downloads\Neuer Ordner
2014-12-18 11:18 - 2013-10-25 12:40 - 00000000 ____D () C:\Program Files\Origin
2014-12-17 19:39 - 2011-09-29 17:30 - 00000000 ____D () C:\ProgramData\Origin
2014-12-16 15:23 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 15:07 - 2011-06-07 20:20 - 00000000 ____D () C:\Windows\Minidump
2014-12-10 22:32 - 2009-01-04 18:01 - 00000000 ____D () C:\Users\Admin
2014-12-10 18:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 18:15 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-10 09:57 - 2013-07-19 00:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 09:55 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 18:51 - 2009-01-04 18:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-09 18:34 - 2009-01-04 18:02 - 00058872 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 18:30 - 2006-11-02 13:47 - 00256712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 18:28 - 2010-11-03 19:10 - 00000000 _____ () C:\Windows\system32\Access.dat
2014-12-09 18:25 - 2013-02-18 16:50 - 00000000 ____D () C:\Program Files\OriginLab
2014-12-09 18:22 - 2009-02-18 22:15 - 00000000 ____D () C:\Users\Public\Documents\STALKER-SHOC
2014-12-09 18:09 - 2009-01-28 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Local\Fallout3
2014-12-09 18:07 - 2009-01-24 19:57 - 00000000 ____D () C:\Users\Admin\Documents\My Games
2014-12-09 18:01 - 2010-03-24 21:12 - 00000000 ____D () C:\ProgramData\Solidshield
2014-12-09 12:47 - 2009-01-04 18:02 - 00000949 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-06 02:34 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2014-12-06 02:33 - 2012-02-05 16:47 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-05 21:43 - 2013-07-27 02:29 - 00000350 _____ () C:\Users\Admin\Desktop\Welli Futter.txt
2014-12-05 21:43 - 2011-07-13 22:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Media Player Classic
2014-12-05 21:17 - 2009-01-04 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 20:32

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-01-2015 03
Ran by Admin at 2015-01-04 20:44:21
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.64 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (Version: 1.00.0000 - Ubisoft) Hidden
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.34 - Atheros Communications Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Creative Audio-Systemsteuerung (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Der Kleine Turnierplaner 6.7.3.1a (HKLM\...\Der_Deploy_0) (Version: 6.7.3.1a - Der Kleine Turnierplaner)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. )
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Eigenschaften von Creative Sound Blaster (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
Far Cry® 3 (HKLM\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
IEEE 802.11g Wireless Cardbus/PCI Adapter (HKLM\...\InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}) (Version: 1.00.0000 - OEM)
IEEE 802.11g Wireless Cardbus/PCI Adapter (Version: 1.00.0000 - OEM) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016F0}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF Image Extraction Wizard 1.2 (HKLM\...\PDF Image Extraction Wizard 1.2_is1) (Version:  - RL Vision)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Play Wireless USB Adapter (HKLM\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin)
Play Wireless USB Adapter (Version: 1.0.0.03 - Belkin) Hidden
Razer Diamondback 3G (HKLM\...\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}) (Version: 5.01 - Razer USA Ltd.)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Rockstar Games Social Club (HKLM\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Sound Blaster Audigy (HKLM\...\{C5828861-B97B-4037-995C-C65E9CC13A3B}) (Version: 1.0 - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
USB GAME PAD (HKLM\...\USB GAME PAD) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Warcraft III (HKLM\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Warcraft III) (Version:  - )
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path

==================== Restore Points  =========================

19-12-2014 14:59:08 Revo Uninstaller's restore point - Google Chrome
20-12-2014 12:34:44 Geplanter Prüfpunkt
21-12-2014 00:50:58 Geplanter Prüfpunkt
21-12-2014 13:32:38 Geplanter Prüfpunkt
23-12-2014 09:47:32 Windows Update
04-01-2015 12:44:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2015-01-04 12:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {33F6D23F-C849-4766-82FE-8E0F7C926357} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Admin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {6DD52B62-EAD0-4D72-A080-08A53787DCF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-22] (Adobe Systems Incorporated)
Task: {EC1640A5-19DE-4C81-9A80-C15A9EE0B712} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2009-12-28 17:25 - 2009-12-28 17:25 - 00036864 ____N () C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
2012-09-28 02:10 - 2012-09-28 02:10 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2009-05-29 17:34 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2009-05-29 17:34 - 2009-07-10 09:07 - 00166912 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2009-11-25 18:45 - 2009-11-25 18:45 - 00110592 ____N () C:\Program Files\Belkin\F7D4101\V1\PBN.exe
2009-09-15 19:17 - 2009-09-15 19:17 - 00200704 ____N () C:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
2005-04-12 10:03 - 2005-04-12 10:03 - 00458752 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
2005-04-12 10:44 - 2005-04-12 10:44 - 00049152 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanDll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: FilterHost => C:\Users\Admin\AppData\Roaming\mmserver\FilterHost.exe
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry

========================= Accounts: ==========================

Admin (S-1-5-21-2849090330-1973166882-654260307-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2849090330-1973166882-654260307-500 - Administrator - Disabled)
Gast (S-1-5-21-2849090330-1973166882-654260307-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2015 08:27:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 01:00:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 00:40:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 09:43:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 08:27:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2014 00:29:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 10:23:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2014 03:13:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16599 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1074
Anfangszeit: 01d01b947a478713
Zeitpunkt der Beendigung: 0

Error: (12/19/2014 02:59:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {c4ec5f44-2586-418e-8e38-b1735b8adf4c}

Error: (12/19/2014 10:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/04/2015 08:27:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (01/04/2015 08:26:31 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (01/04/2015 01:00:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (01/04/2015 01:00:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (01/04/2015 00:40:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/23/2014 09:43:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/23/2014 09:42:53 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (12/22/2014 08:27:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/22/2014 08:25:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 22.12.2014 um 20:19:56 unerwartet heruntergefahren.

Error: (12/21/2014 00:29:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt


Microsoft Office Sessions:
=========================
Error: (01/04/2015 08:27:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 01:00:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 00:40:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 09:43:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 08:27:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2014 00:29:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 10:23:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2014 03:13:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16599107401d01b947a4787130

Error: (12/19/2014 02:59:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {c4ec5f44-2586-418e-8e38-b1735b8adf4c}

Error: (12/19/2014 10:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-01-04 20:44:18.905
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:44:18.718
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:44:18.531
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:44:18.359
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:44:18.078
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:44:17.891
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:44:17.704
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:44:17.470
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:02.709
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:02.537
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 30%
Total physical RAM: 3326.12 MB
Available physical RAM: 2309.76 MB
Total Pagefile: 6873.21 MB
Available Pagefile: 5922.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:55.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Lokaler Datenträger) (Fixed) (Total:315.76 GB) (Free:280.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1214D70B)
Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=315.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 20:47 on 04/01/2015 by Admin
Administrator - Elevation successful

========== regfind ==========

Searching for "BetterMarkIt"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File4"="C:\Users\Admin\Desktop\Adsbybettermarkit2.jpeg"
[HKEY_USERS\S-1-5-21-2849090330-1973166882-654260307-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File4"="C:\Users\Admin\Desktop\Adsbybettermarkit2.jpeg"

Searching for "        "
[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 7\Scsi Bus 0\Target Id 0\Logical Unit Id 0]
"Identifier"="HQRE    5U709YF        1.03"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\ASPEncoder]
"Description"="
        <h3>Das Kernstück Ihres HD-Videoerlebnisses</h3>
        <p>Der Codec, der die Videowelt revolutioniert hat, wurde weiter optimiert. Wir bezeichnen diese Version als „Pro“, da sie zudem fantastische fortschrittliche Encoding-Einstellungen bietet, mit denen Sie mit Drittanbietersoftware hochwertige DivX-Video generieren können, die auf jedem beliebigen DivX Certified®-Gerät wiedergegeben werden können.</p>
        <h3>Gute Gründe für den DivX Codec</h3>
        <ul>
            <li>Erstellen Sie mit Drittanbietersoftware oder mit dem DivX Converter hochwertige, stark komprimierte DivX-Videos.</li>
            <li>Wir garantieren, dass Ihre Videos abgesehen von Deinem PC auch auf DivX Certified-DVD-Playern, Mobiltelefonen, Spielekonsolen uvm. abgespielt werden können.</li>
            <li>Optimieren Sie Ihre Videos mit den fortschrittlichen Encoding-Einstellungen, um hochwertigere Dateien zu erhalten.</li>
        </ul>"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter]
"Description"="
          <p>Der DivX Plus Converter nimmt gängige Videoformate und erstellt auf einfache Weise DivX- oder DivX Plus-Dateien für Ihre DivX Certified®-Geräte.</p>
          <ul>
              <li>Konvertieren Sie die Formate per Drag-&-Drop in .divx (DivX-Video) und .mkv (DivX Plus-Video)</li>
              <li>Erstellen Sie fortschrittliche DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf</li>
              <li>Steuern Sie Ihre Dateien mit den fortschrittlichen Encoding-Optionen</li>
              <li>Vereinen Sie mehrere Videos zu einer .divx- oder .mkv-Datei</li>
              <li>Konvertieren Sie Video-Batches - selbst mit Videos unterschiedlicher Formate - in einer einzigen Sitzung</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Player]
"Description"="
          <p>Der DivX Plus Player ist für das beste Wiedergabeerlebnis auf Deinem PC optimiert.</p>
          <ul>
              <li>Sehen Sie sich ruckelfreie High-Definition-Videos auf Deinem PC an (bis zu 1080 p)</li>
              <li>Einfacher Transfer von Videos an DivX-Geräte</li>
              <li>Erleben Sie die DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\BundleGroups\divx.com]
"BundleGroupDescription"="
        <p>Die DivX Plus-Software enthält alles, was Du für ein kinoähnliches Erlebnis auf Deinem Computer, in Deinem Wohnzimmer und unterwegs benötigst. Für ein optimales Erlebnis mit DivX-Videos <b>empfehlen wir die Komplettinstallation aller Komponenten</b>.</p>
        <h3>Mit DivX Plus-Software kannst Du:</h3>
        <ul>
          <li>Ruckelfreie HD-Videos auf Deinem Computer ansehen</li>
          <li>Videos mühelos an DivX Certified®-Geräte übertragen</li>
          <li>Die fortschrittlichen DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen, genießen</li>
          <li>DivX-Videos auf Deiner Website oder in Deinen Blog integrieren</li>
          <li>Dateien platzsparend in ein DivX-Video umwandeln oder auf DivX-Geräten wiedergeben</li>
        </ul>
        "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\FiltersAndCodecs]
"Description"="
          <p>Mit dem DivX Plus Codec Pack können Sie sich DivX-Videos in Deiner bevorzugten Drittanbieteranwendung ansehen.</p>
          <ul>
              <li>Geben Sie die Formate .divx, .avi und .mkv (DivX- und DivX Plus-Video) auf gängigen Media-Playern (wie beispielsweise dem Windows Media Player, QuickTime, Media Player Classic) wieder</li>
              <li>Erstellen Sie mit Drittanbietersoftware (beispielsweise Virtual Dub) .avi-Dateien (DivX-Video) </li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\Player]
"Description"="
          <p>Der DivX Plus Player ist für das beste Wiedergabeerlebnis auf Deinem PC optimiert.</p>
          <ul>
              <li>Sehen Sie sich ruckelfreie High-Definition-Videos auf Deinem PC an (bis zu 1080 p)</li>
              <li>Einfacher Transfer von Videos an DivX-Geräte</li>
              <li>Erleben Sie die DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer]
"Description"="
          <p>Der DivX Plus Web Player ist die ideale Lösung zur Wiedergabe von Videos in Deinem Browser</p>
          <ul>
              <li>Geben Sie DivX- oder DivX Plus HD (.mkv)-Videos - mit bis zu 1080 p HD - in Deinem Browser wieder</li>
              <li>Fügen Sie DivX-Videos</u> auf einfache Weise Deiner Website oder Deinem Blog hinzu</li>
              <li>Sehen Sie sich hochwertige Videos von tausenden von Websites direkt in Deinem Browser an</li>
              <li>Laden Sie Videos herunter, um sie sich später anzusehen</li>
              <li>Genießen Sie mehrere Tonspuren und Untertitel</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{64F5AD1E-45AF-4631-80FA-057138BFA713}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
                <Descriptor descriptorID="{0CFCF432-3544-4f78-9426-07A36843E6BA}"/>
                <Descriptor descriptorID="{7D8397ED-DED4-46f1-BF9E-C41B8D4E4E3E}"/>
                <Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
                <Descriptor descriptorID="{67987CC4-6B79-4c6b-B3F0-3B6D8677BBEC}"/>
                <Descriptor descriptorID="{D49A8F0C-B183-4a34-8D86-33F2DC0E2D6C}"/>
            </Rating>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{044D131F-D763-4975-9BB4-8C24CC331063}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
                <Descriptor descriptorID
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{771E6CB7-E2D4-4D73-A43F-B68515668A2A}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
                <Descriptor descriptorID="{0CFCF432-3544-4f78-9426-07A36843E6BA}"/>
                <Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
                <Descriptor descriptorID="{7231EA3A-1ACC-4bcd-9C3A-A60EA6888B6D}"/>
                <Descriptor descriptorID="{D49A8F0C-B183-4a34-8D86-33F2DC0E2D6C}"/>
                <Descriptor descriptorID="{B0DEC59B-3AC4-475e-90F7-242C2A60CA71}"/>
                <Descriptor descriptorID="{762EFF14-8713-4649-884E-2E295E2651B3}"/>
            </Rating>
            <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{75AEE0A2-8640-4a20-8DE5-EC93D8DAB219}"/>
            <Rating ratingSystemID="{7F
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{A11ECBE4-B238-4B74-B2B2-FE5B1B5244C2}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{068D40C4-7809-4c67-8FEA-DA457CF990B4}"/>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{F7066480-67CC-4697-9B47-7E534B74089D}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{9AE7AC26-0F9A-4f59-A167-00E4F6C96E26}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{97D9239C-2BA
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D568A473-87E6-40F5-B26E-19399DB3D3D4}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{97D9239C-2BA3-4e1d-A710-B626DC4602A6}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
            <Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{9AE7AC26-0F9A-4f59-A167-00E4F6C96E26}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{F7066480-67CC-4697-9B47-7E534B74089D}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </R
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{E430A83A-7934-4253-8057-C4DDBB7106C9}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{97D9239C-2BA3-4e1d-A710-B626DC4602A6}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{7F2A4D3A-23A8-4123-90E7-D986BF1D9718}" ratingID="{97D9239C-2BA3-4e1d-A710-B626DC4602A6}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{F7066480-67CC-4697-9B47-7E534B74089D}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{9AE7AC26-0F9A-4f59-A167-00E4F6C96E
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"="DMC-TZ5        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0011]
"FriendlyName"="MINI            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-TZ5&REV_0100#0000000000000000006F0218210681#]
"FriendlyName"="DMC-TZ5        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TEAC&PROD_MINI&REV_1.00#10082600001327&0#]
"FriendlyName"="MINI            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"="DMC-TZ5        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0011]
"FriendlyName"="MINI            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-TZ5&REV_0100#0000000000000000006F0218210681#]
"FriendlyName"="DMC-TZ5        "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TEAC&PROD_MINI&REV_1.00#10082600001327&0#]
"FriendlyName"="MINI            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"="DMC-TZ5        "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0011]
"FriendlyName"="MINI            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-TZ5&REV_0100#0000000000000000006F0218210681#]
"FriendlyName"="DMC-TZ5        "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TEAC&PROD_MINI&REV_1.00#10082600001327&0#]
"FriendlyName"="MINI            "

-= EOF =-

schrauber 05.01.2015 12:56
Benutzt Du einen WLAN Adapter von Belkin?

Finlay 05.01.2015 14:13
Nein, ich benutze ein Netzwerkkabel direkt an den Router.
Habe davor aber mal einen benutzt, war aber mit der Signalstabilität unzufrieden und hab ein Kabel gelegt.

schrauber 05.01.2015 16:48
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
ShortcutTarget: Wireless Configuration Utility HW.51.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
FF Plugin HKU\S-1-5-21-2849090330-1973166882-654260307-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
R2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]
C:\Program Files\Belkin
cmd: ipconfig /flushdns
Hosts:
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Finlay 05.01.2015 18:10
Leider keine Besserung in Sicht.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-01-2015 03
Ran by Admin at 2015-01-05 17:55:14 Run:5
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
ShortcutTarget: Wireless Configuration Utility HW.51.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
FF Plugin HKU\S-1-5-21-2849090330-1973166882-654260307-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
R2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]
C:\Program Files\Belkin
cmd: ipconfig /flushdns
Hosts:
Emptytemp:
       
*****************

"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}" => Key deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk => Moved successfully.
C:\Program Files\Belkin\F7D4101\V1\PBN.exe => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk => Moved successfully.
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe => Moved successfully.
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
"HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => Key deleted successfully.
WLANBelkinService => Service stopped successfully.
WLANBelkinService => Service deleted successfully.
C:\Program Files\Belkin => Moved successfully.

=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 401.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:55:23 ====
Was hältst du eigentlich davon einmal mit Combofix zu scannen?
Bin bei Weitem kein Experte auf dem Gebiet, sondern habe nur gelesen, dass es nur in Ausnahmefällen benutzt werden sollte, da es sehr tiefgreifend scannt und löscht.
Da ich aber so langsam die Hoffnung verliere und ohnehin formatieren werde, sollte sich das Problem nicht lösen lassen, wollte ich fragen, ob das sinnvoll wäre.

schrauber 05.01.2015 19:59
Können wir machen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Finlay 05.01.2015 21:05
Code:
ComboFix 15-01-05.01 - Admin 05.01.2015  20:53:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3326.2014 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-12-05 bis 2015-01-05  ))))))))))))))))))))))))))))))
.
.
2015-01-05 19:58 . 2015-01-05 19:58        --------        d-----w-        c:\users\Admin\AppData\Local\temp
2015-01-05 19:58 . 2015-01-05 19:58        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-01-04 11:48 . 2015-01-05 17:40        --------        d-----w-        c:\program files\McAfee Security Scan
2015-01-04 11:44 . 2014-12-02 11:01        9054624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{472EE68E-F1FE-46A7-8370-F5BE9F7F8D38}\mpengine.dll
2014-12-22 21:32 . 2015-01-05 17:40        --------        d-----w-        c:\programdata\McAfee Security Scan
2014-12-18 10:43 . 2014-12-18 10:43        --------        d-----w-        c:\users\Admin\AppData\Roaming\VSRevoGroup
2014-12-10 08:57 . 2014-11-04 00:19        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-12-10 08:57 . 2014-11-07 01:33        974848        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-12-10 08:54 . 2014-12-03 02:06        278528        ----a-w-        c:\windows\system32\schannel.dll
2014-12-09 21:30 . 2014-12-09 21:30        --------        d-----w-        c:\windows\ERUNT
2014-12-09 18:23 . 2015-01-05 16:55        --------        d-----w-        C:\FRST
2014-12-09 16:36 . 2014-12-09 16:36        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2014-12-09 00:10 . 2014-12-09 00:10        --------        d-----w-        c:\users\Admin\AppData\Local\Opera Software
2014-12-09 00:10 . 2014-12-09 00:10        --------        d-----w-        c:\users\Admin\AppData\Roaming\Opera Software
2014-12-09 00:09 . 2014-12-09 12:16        --------        d-----w-        c:\program files\Opera
2014-12-08 16:44 . 2011-05-13 10:16        493056        ----a-w-        c:\windows\system32\dhRichClient3.dll
2014-12-08 16:44 . 2011-03-25 18:42        338432        ----a-w-        c:\windows\system32\sqlite36_engine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-22 21:32 . 2012-06-13 14:41        701616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-12-22 21:32 . 2011-06-08 18:49        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 11:43 . 2014-12-05 21:17        114904        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-05 20:04 . 2014-12-05 20:04        56992        ----a-w-        c:\windows\system32\drivers\webinstrNewH.sys
2014-11-24 13:04 . 2009-10-02 15:45        229000        ------w-        c:\windows\system32\MpSigStub.exe
2014-11-21 05:14 . 2014-12-05 21:16        51928        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-12-05 21:16        75480        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-12-05 21:16        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-11-19 23:06 . 2014-08-23 07:59        96680        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2014-10-24 01:04 . 2014-11-13 01:16        67072        ----a-w-        c:\windows\system32\packager.dll
2014-10-24 01:03 . 2014-11-20 01:34        499200        ----a-w-        c:\windows\system32\kerberos.dll
2014-10-18 01:08 . 2014-11-13 01:15        564224        ----a-w-        c:\windows\system32\oleaut32.dll
2014-10-12 23:34 . 2014-11-13 01:11        2054656        ----a-w-        c:\windows\system32\win32k.sys
2014-10-10 01:01 . 2014-11-13 01:17        449536        ----a-w-        c:\windows\system32\termsrv.dll
2014-10-10 01:00 . 2014-11-13 01:17        146432        ----a-w-        c:\windows\system32\msaudite.dll
2014-10-10 01:00 . 2014-11-13 01:17        1259008        ----a-w-        c:\windows\system32\lsasrv.dll
2014-10-09 23:22 . 2014-11-13 01:17        619520        ----a-w-        c:\windows\system32\adtschema.dll
2012-05-31 18:31 . 2012-05-31 18:31        22307328        ----a-w-        c:\program files\Play Wireless USB Adapter.msi
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilterHost]
2010-01-18 14:35        827392        ----a-w-        c:\users\Admin\AppData\Roaming\mmserver\FilterHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17RunE]
2008-03-28 06:57        14848        ----a-w-        c:\windows\System32\P17RunE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [2012-12-10 39888]
R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [2012-12-10 58320]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 21:32]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = www.google.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\miz0y22q.default-1419169810988\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-01-05 20:58
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2849090330-1973166882-654260307-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:4a,26,ea,2f,ae,34,82,1f,31,09,ad,1c,73,1b,ce,68,47,8d,31,de,e3,33,07,
  78,ba,05,5a,31,0c,ab,87,e9,e4,78,3a,3b,1d,aa,3c,eb,21,6a,e8,fe,8c,c7,19,e5,\
"??"=hex:98,61,e8,de,ca,53,c0,8f,53,21,55,12,3e,40,96,af
.
[HKEY_USERS\S-1-5-21-2849090330-1973166882-654260307-1000\Software\SecuROM\License information*]
"datasecu"=hex:d8,b9,ce,7f,30,34,be,10,91,f6,6a,d2,d7,a4,2c,bb,2d,17,42,20,b2,
  c4,9d,25,ab,b6,6b,49,e3,2f,0b,5d,a1,5d,96,b7,5c,d4,47,27,74,ef,2b,79,bd,96,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Zeit der Fertigstellung: 2015-01-05  20:59:04
ComboFix-quarantined-files.txt  2015-01-05 19:59
ComboFix2.txt  2015-01-05 19:24
.
Vor Suchlauf: 13 Verzeichnis(se), 60.406.521.856 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 60.378.161.152 Bytes frei
.
- - End Of File - - F7C93E4B97882070A4D7051AF4F8B77D
5C616939100B85E558DA92B899A0FC36

schrauber 06.01.2015 11:12
Hab ich erwartet, nämlich nix :)


Du hast den Router wirklich komplett resettet? Und unmittelbar danach alle Browser komplett zurückgesetzt??

Das ist schon fast unmöglich. Wenn alle Browser betroffen sind muss man was sehen in den Logs, oder es ist der Router.

Finlay 06.01.2015 13:19
Ja, habe damals die FritzBox auf Werkseinstellungen zurückgesetzt und alle Zugangsdaten neu eingegeben. Unmittelbar danach habe ich die Browser zurückgesetzt, sogar noch bevor ich mich neu in den Router eingewählt hatte.

Könnte es an der Verbindungsart zum Router liegen? Meine beiden Mitbewohnerinnen hängen über W-LAN an dem Ding und haben keine Probleme. Ich könnte meinen alten Belkin-Stick rauskramen und überprüfen ob das der Fall ist. In dem Fall wäre ein Formatieren ja auch sinnlos.

Wie ich glaube ich schonmal erwähnt habe, tauchen die Ads nicht auf allen Seiten auf. facebook, wikipedia und youtube beispielsweise bleiben komplett verschont.
Lässt sich daraus irgendwas schliessen womit ich es zu tun habe?

schrauber 06.01.2015 15:47
Ja, geh mal über den Stick online (auch wenn das echt kurios wäre). Ach testbar wäre, wenn möglich, mal mit LAN an den Router zu gehen.

Und setz bitte mal Google DNS als DNS am Rechner und teste nochmal.

Finlay 06.01.2015 16:29
Ich bin ja durchgehend per LAN am Router. Bin der einzige in der WG der das ist, meine Mitbewohnerinnen sind per W-LAN dran. Habe die LAN Verbindung jetzt mal deaktiviert und bin über meinen alten Belkin W-LAN Stick ran und habe die Browser resettet. Ads waren danach immer noch da.

Wie setze ich Google DNS am Rechner, bin nicht wirklich bewandert leider?

schrauber 06.01.2015 16:58
Google DNS setzen:
Google DNS-Server: Internet beschleunigen und Ping verbessern - NETZWELT

Dann Windows Taste + R drücken, schreibe

ipconfig /flushdns

und drücke Enter. Jetzt nochmal die Browser testen. Die Mitbewohner haben keinen Stress mit den Ads? Schon mal wirklich getestet?

Finlay 06.01.2015 18:41
Habs getan, Ads sind noch da.

Hab den DNS Server an der FritzBox verändert. Tu ich das zusätzlich in den Windows Netzwerk Einstellungen sind sie auch noch da, aber ich kann nicht auf die FritzBox zugreifen.

Gerade bei meiner Mitbewohnerin getestet. Seiten die bei mir Ads überschwemmt werden, sind werbefrei bei ihnen in Chrome, Firefox und IE.

Habe jetzt auch mal einen Screenshot vom Schnellverlauf gemacht. Unter anderem tauchen da die automatisch angesteuerten Adressen der PopUps auf.
Unter anderem targetingadvisor, click.blueseek und clickhoofind. Kann damit nichts anfangen, aber vielleicht hilft es dir.


http://i.imgur.com/BqdOGGZ.jpg

schrauber 06.01.2015 19:49
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Finlay 06.01.2015 20:18
Code:
OTL logfile created on: 06.01.2015 20:09:34 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 54,66% Memory free
6,72 Gb Paging File | 5,01 Gb Available in Paging File | 74,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,00 Gb Total Space | 55,87 Gb Free Space | 37,25% Space Free | Partition Type: NTFS
Drive D: | 315,76 Gb Total Space | 280,05 Gb Free Space | 88,69% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\APOMngr.DLL ()
MOD - C:\Windows\System32\CmdRtr.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Admin\AppData\Local\Temp\catchme.sys File not found
DRV - (aaridp2o) --  File not found
DRV - (webinstrNewH) -- C:\Windows\System32\drivers\webinstrNewH.sys (Corsica)
DRV - (acsmux) -- C:\Windows\System32\drivers\acsmux.sys (Cisco Systems, Inc.)
DRV - (acsint) -- C:\Windows\System32\drivers\acsint.sys (Cisco Systems, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices)
DRV - (LADF_RenderOnly) -- C:\Windows\System32\drivers\ladfGSRi386.sys (Logitech)
DRV - (LADF_CaptureOnly) -- C:\Windows\System32\drivers\ladfGSCi386.sys (Logitech)
DRV - (LADF_SBVM) -- C:\Windows\System32\drivers\ladfSBVMi386.sys (Logitech)
DRV - (LADF_DHP2) -- C:\Windows\System32\drivers\ladfDHP2i386.sys (Logitech)
DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek Semiconductor Corporation                          )
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (BCMH43XX) -- C:\Windows\System32\drivers\bcmwlhigh6.sys (Broadcom Corporation)
DRV - (P17) -- C:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys ()
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (MRV6X32P) -- C:\Windows\System32\drivers\MRVW13B.sys (Marvell Semiconductor, Inc)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (Razerlow) -- C:\Windows\System32\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (W8335XP) -- C:\Windows\System32\drivers\Mrv8000c.sys (Marvell Semiconductor, Inc)
DRV - (atxboxfl) -- C:\Windows\System32\drivers\atxboxfl.sys (Compuware Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
 
[2013.10.21 18:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2015.01.06 16:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\frar7uot.default-1420557857815\extensions
[2014.12.09 17:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2014.12.09 17:36:02 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2015.01.05 20:22:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 11.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 11.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A911EDC-E141-4878-ACA2-03C0960EDA0E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D0C0572-CDD1-424D-85E1-AA507802458C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FFBF3D9-506A-4524-A263-A0CEFFDD51AB}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0B724AE-D3DB-4BAB-A134-83D327316FCF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\Downloads\ANNO5_THEME\uplay_wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\Downloads\ANNO5_THEME\uplay_wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015.01.06 20:07:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2015.01.05 20:59:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015.01.05 20:59:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
[2015.01.05 20:58:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015.01.05 20:53:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2015.01.05 20:16:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015.01.05 20:16:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015.01.05 20:16:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015.01.05 20:15:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015.01.05 20:15:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015.01.04 12:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014.12.22 22:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014.12.18 11:43:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\VSRevoGroup
[2014.12.10 09:57:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014.12.10 09:35:21 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.12.10 09:35:21 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.12.10 09:35:21 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.12.10 09:35:21 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014.12.10 09:35:21 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014.12.10 09:35:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.12.10 09:35:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014.12.10 09:35:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.12.10 09:35:19 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014.12.10 09:35:19 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.12.10 09:35:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.12.10 09:35:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.12.10 09:35:18 | 001,810,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.12.09 22:30:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.12.09 19:23:48 | 000,000,000 | ---D | C] -- C:\FRST
[2014.12.09 19:23:35 | 001,115,136 | ---- | C] (Farbar) -- C:\Users\Admin\Desktop\FRST.exe
[2014.12.09 18:28:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Tunngle
[2014.12.09 17:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014.12.09 17:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.12.09 01:10:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Opera Software
[2014.12.09 01:10:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Opera Software
[2014.12.09 01:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2014.12.08 17:44:42 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015.01.06 20:08:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2015.01.06 19:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.01.06 18:35:42 | 000,269,617 | ---- | M] () -- C:\Users\Admin\Desktop\Verlauf.jpg
[2015.01.06 18:29:44 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015.01.06 18:29:44 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015.01.06 16:18:52 | 000,674,024 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2015.01.06 16:18:52 | 000,634,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.01.06 16:18:52 | 000,146,036 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2015.01.06 16:18:52 | 000,119,840 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015.01.06 12:30:06 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2015.01.06 12:29:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.01.06 12:29:43 | 3488,669,696 | -HS- | M] () -- C:\hiberfil.sys
[2015.01.05 20:22:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015.01.04 12:57:02 | 001,115,136 | ---- | M] (Farbar) -- C:\Users\Admin\Desktop\FRST.exe
[2014.12.22 22:32:19 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.12.22 22:32:19 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.12.16 15:07:42 | 340,246,887 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.12.09 18:30:15 | 000,256,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.12.09 18:28:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2014.12.09 17:36:10 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.12.09 12:43:00 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015.01.06 18:35:41 | 000,269,617 | ---- | C] () -- C:\Users\Admin\Desktop\Verlauf.jpg
[2015.01.05 20:16:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015.01.05 20:16:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015.01.05 20:16:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015.01.05 20:16:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015.01.05 20:16:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014.12.16 15:07:42 | 340,246,887 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.12.09 17:36:10 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014.12.09 17:36:10 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.12.08 17:44:42 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2014.12.05 21:04:53 | 000,002,393 | ---- | C] () -- C:\Windows\patsearch.bin
[2014.12.03 00:01:39 | 000,000,552 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d8caps.dat
[2014.09.01 09:18:44 | 000,002,086 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\MYCBDE
[2014.09.01 09:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\YUHCVSH
[2013.05.14 11:24:31 | 000,000,218 | ---- | C] () -- C:\Users\Admin\AppData\Local\recently-used.xbel
[2012.05.31 19:31:42 | 022,307,328 | ---- | C] () -- C:\Program Files\Play Wireless USB Adapter.msi
[2012.05.31 19:31:42 | 000,029,184 | ---- | C] () -- C:\Program Files\1031.MST
[2012.05.31 19:31:42 | 000,024,692 | ---- | C] () -- C:\Program Files\0x0407.ini
[2009.09.09 13:48:54 | 000,168,960 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.24 19:54:39 | 000,022,328 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PnkBstrK.sys
[2009.01.04 18:01:54 | 000,002,708 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 14:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AD022376

< End of report >
Code:
OTL Extras logfile created on: 06.01.2015 20:09:34 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 54,66% Memory free
6,72 Gb Paging File | 5,01 Gb Available in Paging File | 74,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,00 Gb Total Space | 55,87 Gb Free Space | 37,25% Space Free | Partition Type: NTFS
Drive D: | 315,76 Gb Total Space | 280,05 Gb Free Space | 88,69% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D1724DB-C790-43DF-B84F-95385BD21FB2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1DEFD9E2-04F8-40CD-A5E1-861883FFDF44}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1ECE18B0-1415-4501-B179-758342226260}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F207C39-9FB9-4C4F-897D-7FA2B25DCD33}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4098A501-3FDA-42E9-A359-556123E16501}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{47978D39-6BC7-4B8A-8D5A-52D8949AD595}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4CBE5B32-79D0-4950-A083-D167FCFDE003}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50736E45-AB99-4219-8B8C-C4B3A9E17087}" = rport=137 | protocol=17 | dir=out | app=system |
"{596908C3-3A2B-4C00-8D64-651ABEF9C9DA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{59E61392-1484-4CBD-BB70-03700B343418}" = rport=139 | protocol=6 | dir=out | app=system |
"{5DBE5955-7EF3-4091-99F9-6E3DCE3789F3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{73472542-B843-4705-9A7A-A8B00061F6B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75B7C64D-360A-4FDC-B6FB-63AE6D877139}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7F8CA566-65EF-4BAE-A617-497D97B7A65A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{80CD9F8E-CD35-49D7-A9AA-223CBFBD4455}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{80E80BE9-5866-449B-8150-22CAF44A09D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8928379D-E65A-457F-9F15-26664B2E582B}" = lport=138 | protocol=17 | dir=in | app=system |
"{8BF33719-CD9C-49CF-A751-A7780D081A9D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D3020B3-4830-400E-8DB4-69020779369D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F125284-834E-4382-A2E1-7216E77BA6B5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A22AFC58-D5F0-4127-B012-76FFC820452E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AC699E4A-A408-4310-9557-774543889DFB}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B52748DF-EC0F-4309-917B-596BF84BDCB8}" = lport=139 | protocol=6 | dir=in | app=system |
"{BC9C5049-EE7F-4E43-9B52-CC5837CAC19D}" = lport=445 | protocol=6 | dir=in | app=system |
"{BFAE8BDE-E990-4A0C-9259-8B28414271B8}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C62E848D-407E-4ECA-9DAF-46F36E1CC164}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CAB028B3-19AD-462C-B987-2EE2CBCB2267}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0BCF8C3-9980-4FC8-9E92-60B4468A474B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF88FC50-1508-4E6F-A9FE-657E947F8EED}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E0C4D493-0B01-4D88-B04B-5A7E9068C6CD}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EA380C51-A7CE-4492-937C-D52A3E0F7AB8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EF3FC3E1-EDC4-4134-BA1C-385EEDEAFFCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F028DFD2-FE60-4397-960A-FB6349AE8010}" = lport=137 | protocol=17 | dir=in | app=system |
"{F7FAED82-37E2-4A3C-9D5E-1AA3608CE380}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08CE773B-5DB2-4948-80B1-95B3AB4C2E49}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{10989112-5011-4C29-97E0-1CEC0E297963}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\addon.exe |
"{1212DB92-FD81-465A-A8B1-2EAF3D3063B3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"{15FC9CA1-74F4-44C1-A778-CBDD94A483F7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{17617DE1-3F52-43B0-956E-960AFA1D94B3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{1B6212B6-1CC0-4C05-91FF-0632892F11C6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{208E0C5C-2560-43DF-9BA7-2C7B54E9255F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\addon.exe |
"{2800265A-2E20-4759-BE26-1C3C7C7E96C2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{30EE8E32-9ACB-4AE2-8958-A1232E71ECDE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3619ADD8-3BF9-4A2C-9D17-DD8E0BAA6BFA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{3B5C5EFC-58D5-4639-9449-1B9BBB6FC8EB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{4207066C-90F5-4B5D-8077-BE9EF3A8B5AA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{45C527E4-7667-4BF8-BD34-2CDC105186E8}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe |
"{4F1D39CC-9EB4-4DFC-953B-34A34B403C8D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{51742890-7695-4861-83FD-51D26729EEF0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{5292DC23-64DC-405C-A28B-5F8AFD769E1C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{52B870AC-B320-4D9E-AA37-22A2F828BC45}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{58A689AE-A4F7-4E49-88FC-57DEC3708BC2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{590EABF7-25C7-413E-BABC-5CE221FFF645}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5A422287-2FED-4D11-99A1-B74D53BB52DD}" = protocol=17 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe |
"{5C12DA4F-E548-47A7-9136-E14FFE089414}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5E0BFBF3-9C46-449D-894D-7773825C3E8C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5EFE1420-2110-4221-94EA-E0EAA519342E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{6C4CD084-9500-446E-9DD4-82B2F6A20CE2}" = protocol=6 | dir=in | app=d:\spiele\fifa 14\game\fifa14.exe |
"{7DCDA3CE-39F5-4012-8AA1-3B1460D8BFE8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"{826B908E-C361-47C8-A555-AEAC017CD42B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe |
"{84D17E5E-E74F-40B5-B6A6-AAD8463C3138}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{86C7645C-1698-4CBB-84E0-0DD8A45055C7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{87CB2AC1-FECB-4D87-858A-BB1F0DDFFAF6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{8A1DD01D-0A35-4040-B788-7720C939C084}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8B21D88A-0353-4977-8BCB-6A93100BDBC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8CF39578-DBAA-4975-8872-DD2E3A45C3F6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{8EA8C951-80DC-4295-9226-51AD917EA1BF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{9307256C-94BB-42BB-801A-650149225DD9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{938C915A-4D96-410C-BE8E-E6FC48C95DAE}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\rockstar games social club\rgsclauncher.exe |
"{9741914B-79B0-4CCC-94FA-CCF82855B7F0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{97900F7C-D979-42FD-9C97-961622A4348B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{991DD247-C184-404E-8696-9CFA44C2843E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{9AC3F94C-6197-4624-BF84-E603AB80A6FC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{9BD34D1E-28E7-4302-BE8B-454C3A32DF07}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{9CEB369E-4579-40FA-9C65-C7D027C2C022}" = protocol=6 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe |
"{9D45A39D-CD29-4A6D-94AC-D768088E58A2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{9DB57904-61A7-49B5-8456-87CAD85E7FA0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe |
"{9F67605F-56D7-4CDB-8DA8-0254752F2F57}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"{A2305B2D-5DB6-4740-970C-E41790682C31}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{A53B63BF-52BA-4702-87C7-291F9CDB4066}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{AAC3ADCB-1B74-43F1-B11C-8E33AED217B1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{AD02F1A3-9725-4CE4-9574-3A8475DE6A76}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{AFA73688-AFD6-4CF8-B663-27A4944897D0}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe |
"{B10E287A-F745-434C-BFDF-F477978F8266}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{B36D1DC3-7F82-4F2D-BD77-DEB9E8374E0F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{B808E352-661E-4F20-96FF-EBE481BE5102}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{BBA9D5B5-AA92-4DCE-9881-06161FE02746}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{BF8FCBC2-D273-4C2F-9BAF-1DF2DC48DE0F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{BFBAF240-23AC-46D4-9588-DA00D111AEF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4C6A4CE-0085-4737-83CC-A722DEBBADB6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{C6881F06-5CE7-4EA6-BB27-7E3F1C0D3799}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{CE9AA842-5C35-4710-B0AD-05AF5983D9AA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CEEB4898-9342-476E-9433-60D2BC56B855}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{D238A1EF-353B-4B47-BA36-8DA746A20CC4}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{D3CE1B95-5098-429B-A24D-08E69EEB22B3}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{D72B5D06-3E95-466D-9E7A-3803A453D340}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{D7F3644E-B3C7-4A67-8BC4-CD1AD47DC046}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{D93B7042-99CA-433D-B2E6-A26CA68CE88A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{DB265A59-3955-493C-A038-3F4652FFF99F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{DE15297F-015E-46DE-A074-631515EB60D0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{DFF22524-018A-443A-AC13-6F14998EC32A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"{E2E175B1-9A87-410D-9E6A-7B221581F796}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{E46DBA56-40B0-45BC-94FC-F1FEE034DFDE}" = protocol=17 | dir=in | app=d:\spiele\fifa 14\game\fifa14.exe |
"{E56E1528-BEAD-4BE8-AA14-98B68267EB7D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E77D10DA-5CDC-44AE-9C46-C30579F712A7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EF618B5B-1A27-4DBE-BD9C-A2E6E84E7A45}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{F269E9F3-8DBB-493A-BCAA-482B38DD2EC9}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\rockstar games social club\rgsclauncher.exe |
"{F539A802-9947-440D-B20B-EF67B7DDDD8B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F7C0F167-F524-4224-91A5-CFBB97D480A0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{F7E3C8F1-A53A-41B6-AC28-637596A9FB85}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"TCP Query User{0D65D120-C204-4FDD-BB50-22C7BBCC458E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{123620F4-52D3-4CED-ACE4-5DA19DA78439}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{26DB3EA2-5B4E-4F7F-A522-F38F2D3C0E6D}C:\users\admin\desktop\fiji\fiji.app\imagej-win32.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\fiji\fiji.app\imagej-win32.exe |
"TCP Query User{3463F77B-FC6E-4CF9-934D-DC09735D5CFC}D:\steambuster\steamapps\grandmaster-psi@gmx.de\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\steambuster\steamapps\grandmaster-psi@gmx.de\counter-strike source\hl2.exe |
"TCP Query User{3A9C71FF-92A9-41E8-B3E7-D796F23A5E43}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{63C65172-F05C-4301-9566-31B21806AB63}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{6F61AD4A-F01B-4C8A-8E68-812533C731CD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8220D397-2143-41DD-9432-FC39DF45A2FB}D:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{8C9A88FF-7926-40D4-B1A0-080D30158931}D:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii\war3.exe |
"TCP Query User{97E51177-C042-4DD3-9103-01D0B9D86082}C:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"TCP Query User{AC4AAC9A-648F-4EE4-89FA-71406E14A95B}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{B48B642C-5B0A-4AB8-9525-FA646F6EBECC}C:\program files\ubisoft\related designs\anno 2070\anno5.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"TCP Query User{C9C84D0A-3964-4C38-B96E-BBA1682D69AA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C9E71F5F-30FF-4FAE-BA74-8357F47EFED7}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{CA13334F-1AE2-469D-946F-20BB31FA1CD5}D:\spiele\fifa 12\fifa 13\game\fifa13.exe" = protocol=6 | dir=in | app=d:\spiele\fifa 12\fifa 13\game\fifa13.exe |
"TCP Query User{D71B8691-E87D-4F12-A8F8-F974826D847C}D:\spiele\fifa 12\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\spiele\fifa 12\fifa 12\game\fifa.exe |
"TCP Query User{E13EA1F2-22F9-4462-8131-C75E50915CE7}D:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii\war3.exe |
"TCP Query User{E7CDD425-E3C3-44E9-A83D-9A4AB2B1BB76}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{372F6BAE-8476-4C67-9726-899390C0C29E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{40DFE3B5-1840-4435-A691-9FDE598A04A2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{4111157C-966D-42A6-8150-F3C49BE5D98E}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{4564BB49-453D-41F3-A48D-45CB2418029D}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{5DD7F0D7-0480-4660-884F-4FC25EC3ADB7}D:\spiele\fifa 12\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\spiele\fifa 12\fifa 12\game\fifa.exe |
"UDP Query User{606B0607-EC14-4E5C-924A-ABABE4A2AFA1}D:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii\war3.exe |
"UDP Query User{78BD6A81-7DE6-4571-8DB2-EDB9CEE26D0F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7993E751-ACC6-45BE-A10C-A30914B517D3}D:\steambuster\steamapps\grandmaster-psi@gmx.de\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\steambuster\steamapps\grandmaster-psi@gmx.de\counter-strike source\hl2.exe |
"UDP Query User{8A856D2D-F50B-4193-A746-CDF9999AFB6C}D:\spiele\fifa 12\fifa 13\game\fifa13.exe" = protocol=17 | dir=in | app=d:\spiele\fifa 12\fifa 13\game\fifa13.exe |
"UDP Query User{8B01F4BC-BAB2-4615-AF92-663A9BC75F92}D:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{9303F4D0-CF45-479A-A1EC-9D3A40133DDA}C:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe |
"UDP Query User{9C99C5D3-3DB7-4788-8D77-F43FFFB1D91B}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{A2FE5248-7069-4E14-8442-C5C09626AB7E}C:\users\admin\desktop\fiji\fiji.app\imagej-win32.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\fiji\fiji.app\imagej-win32.exe |
"UDP Query User{ADA394E0-5EFA-4B91-81A3-97182A21F298}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{B161D07B-6AFF-465A-B4C7-A76A4ED81225}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D465C97C-2D76-4B6B-A897-FE8C1A22C328}C:\program files\ubisoft\related designs\anno 2070\anno5.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"UDP Query User{EC4D71BD-DB5F-44B0-BF72-2B6ABC59A7E5}D:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii\war3.exe |
"UDP Query User{F16418DB-982C-4326-8D5A-9C4DD50A9D51}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{29F15D3F-5B37-44DB-BB89-390B3AD1404E}" = IEEE 802.11g Wireless Cardbus/PCI Adapter
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4B3AF51F-830F-409F-AE05-FB67040C90B6}" = Cisco AnyConnect Secure Mobility Client
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{759E97EC-9E3D-4F55-C321-7819C93F0887}" = ccc-utility
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2EAE643-8804-9420-5DBE-2752D6957964}" = AMD Catalyst Install Manager
"{AA7A2800-1E75-4240-855B-03AFF8E5171E}" = FIFA 14
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C5828861-B97B-4037-995C-C65E9CC13A3B}" = Sound Blaster Audigy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.64
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"AudioCS" = Creative Audio-Systemsteuerung
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"Der_Deploy_0" = Der Kleine Turnierplaner 6.7.3.1a
"DivX Setup.divx.com" = DivX-Setup
"InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}" = IEEE 802.11g Wireless Cardbus/PCI Adapter
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.4.1028
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 34.0.5 (x86 de)" = Mozilla Firefox 34.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PDF Image Extraction Wizard 1.2_is1" = PDF Image Extraction Wizard 1.2
"Revo Uninstaller" = Revo Uninstaller 1.93
"Steam App 220240" = Far Cry® 3
"Steam App 570" = Dota 2
"USB GAME PAD" = USB GAME PAD
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.01.2015 08:00:49 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 04.01.2015 15:27:30 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 04.01.2015 17:56:09 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 34.0.5.5443 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 14a8  Anfangszeit: 01d0285fdbeaf8ef  Zeitpunkt der
 Beendigung: 51
 
Error - 04.01.2015 17:56:09 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 34.0.5.5443, Zeitstempel
 0x5475dd5d, fehlerhaftes Modul mozalloc.dll, Version 34.0.5.5443, Zeitstempel 0x5475d664,
 Ausnahmecode 0x80000003, Fehleroffset 0x00001425,  Prozess-ID 0xfd4, Anwendungsstartzeit
 01d02868a9bee44f.
 
Error - 05.01.2015 06:56:59 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.01.2015 12:58:12 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.01.2015 13:39:06 | Computer Name = Admin-PC | Source = VSS | ID = 8194
Description =
 
Error - 05.01.2015 13:39:42 | Computer Name = Admin-PC | Source = VSS | ID = 8194
Description =
 
Error - 06.01.2015 07:31:13 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.01.2015 10:49:39 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 34.0.5.5443, Zeitstempel
 0x5475dd5d, fehlerhaftes Modul mozalloc.dll, Version 34.0.5.5443, Zeitstempel 0x5475d664,
 Ausnahmecode 0x80000003, Fehleroffset 0x00001425,  Prozess-ID 0x1714, Anwendungsstartzeit
 01d029b2e3f26749.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2660 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2169 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2660 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2169 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 8288 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 5936 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5661
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5623
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5377 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 06.01.2015 12:24:36 | Computer Name = Admin-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5312 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
[ System Events ]
Error - 05.01.2015 15:17:28 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 05.01.2015 15:20:43 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 05.01.2015 15:22:54 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 05.01.2015 15:53:43 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 05.01.2015 15:56:08 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 05.01.2015 15:58:10 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 06.01.2015 07:31:14 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 06.01.2015 11:25:20 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 06.01.2015 12:25:30 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 06.01.2015 12:25:46 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
 
 
< End of report >

schrauber 06.01.2015 22:13

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
DRV - (webinstrNewH) -- C:\Windows\System32\drivers\webinstrNewH.sys (Corsica)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found
:files
C:\Windows\System32\drivers\webinstrNewH.sys
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Finlay 06.01.2015 22:40
:D :D :D
Du hast ihn erwischt! Keine Ads mehr in jedem Browser nach dem Fix!

Code:
All processes killed
========== OTL ==========
Service webinstrNewH stopped successfully!
Service webinstrNewH deleted successfully!
C:\Windows\System32\drivers\webinstrNewH.sys moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: false removed from browser.search.isUS
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5 removed from extensions.enabledAddons
========== FILES ==========
File\Folder C:\Windows\System32\drivers\webinstrNewH.sys not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 34144 bytes
->Temporary Internet Files folder emptied: 34413 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 371323386 bytes
->Flash cache emptied: 3805752 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1500503 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6916 bytes
RecycleBin emptied: 18925591 bytes
 
Total Files Cleaned = 377,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01062015_222523

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Vielen, vielen Dank für die Zeit die du dir genommen hast mir zu helfen!
Ihr macht das hier ja alle hobbymäßig, vorallem deswegen weiß ich das sehr zu schätzen! Dankeschön! :D

Würde rein aus Interesse noch gerne wissen, was es denn nun genau war und warum die vorherigen Scans nichts gefunden haben und warum nun gerade OTL erfolgreich war.
Sofern es nicht zu umständlich ist, die Sache einem komplett Ahnungslosen wie mir zu erklären.

schrauber 07.01.2015 09:03
Zitat:
warum die vorherigen Scans nichts gefunden haben und warum nun gerade OTL erfolgreich war
Das ist so nicht ganz korrekt. Ich hab den pööösen Treiber erst im OTL Log gesehen. :)


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Finlay 07.01.2015 15:33
Okay, erledigt. Alles geklärt, vielen Dank nochmal! :D

schrauber 07.01.2015 15:34
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131