Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Werbung trotz Addblocker unter Windows 8.1 und Chrome (https://www.trojaner-board.de/163475-werbung-trotz-addblocker-windows-8-1-chrome.html)

Nathan Grey 02.02.2015 09:33
Werbung trotz Addblocker unter Windows 8.1 und Chrome
 
Hallo, ich war zwei Wochen krank und bin seit heute wieder am Rechner und plötzlich kommen unter Chrome immer neue Popups, Seiten werden geöffnet die ich nicht öffnen möchte (Werbeseite) überall ist Werbung für irgendwelche ominösen Gewinne und ähnliches, dass System ist Windows 8.1 64
Ich habe einfach mal eine Scan mit dem Farbar Recovery Scan Tool gemacht, damit mir vielleicht jemand schnell helfen kann:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by User (administrator) on USER-PC on 02-02-2015 09:27:31
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\professional\2015\Framework.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2015-01-08] (COMODO)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-12] (Comodo Security Solutions, Inc.)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [uTorrent] => "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-02] (Electronic Arts)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com?fr=fp-comodo
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1723894221-2360630800-121186594-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1723894221-2360630800-121186594-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1723894221-2360630800-121186594-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-1723894221-2360630800-121186594-1001 -> {9FB76076-0B46-4329-9C1D-42A4945D8128} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SoFaTeCouuP -> {e4f0da58-79eb-431d-8bc9-9a85d4853cc9} -> C:\Program Files (x86)\SoFaTeCouuP\oeSnIFsBhnbLpu.dll ()
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{780112F8-DAE7-4F4D-B811-86258285B676}: [NameServer] 156.154.70.25,156.154.71.25
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default
FF Homepage: hxxp://de.yahoo.com?fr=fp-comodo
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-12-08]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com [Not Found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default ->
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-13]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-13]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-13]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-13]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]
CHR Extension: (Carbon Footprint for Google Maps) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh [2015-02-02]
CHR Extension: (Google Tabellen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-13]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2015-01-12] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-01-08] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-01-08] (COMODO)
R2 d164f2af; c:\Program Files (x86)\IndepthEngine\IndepthEngine.dll [2030080 2015-01-12] () [File not signed]
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-12] (Comodo Security Solutions, Inc.)
R2 Haufe FabricHostService; C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe [23080 2014-09-18] (Haufe-Lexware GmbH & Co. KG)
R2 Lexware_Professional_Datenbank; C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe [142640 2014-08-07] (iAnywhere Solutions, Inc.)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-10-02] (Haufe-Lexware GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-02-02] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2015-02-02] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-02] (Electronic Arts)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2014-12-09] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2014-12-09] (COMODO)
S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2013-06-18] (Microsoft Corp.)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2014-12-09] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-02-02] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-02-02] (Malwarebytes Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-02-10] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-02-10] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700424 2014-02-10] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\Windows\Temp\OA3\ASUS\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
S3 RwDrv; \??\C:\Windows\system32\Drivers\RwDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 09:27 - 2015-02-02 09:28 - 00021872 _____ () C:\Users\User\Downloads\FRST.txt
2015-02-02 09:27 - 2015-02-02 09:27 - 00000000 ____D () C:\FRST
2015-02-02 09:26 - 2015-02-02 09:26 - 02131456 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-02-02 09:02 - 2015-02-02 09:02 - 00047792 _____ () C:\Windows\PFRO.log
2015-02-02 08:39 - 2015-02-02 09:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 08:31 - 2015-02-02 08:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-02 07:13 - 2015-02-02 08:40 - 00000000 ____D () C:\Program Files (x86)\SoFaTeCouuP
2015-02-02 07:13 - 2015-02-02 08:40 - 00000000 ____D () C:\Program Files (x86)\deauLstier
2015-02-02 07:12 - 2015-02-02 08:40 - 00000000 ____D () C:\Program Files (x86)\Carbon Footprint for Google Maps
2015-02-02 07:12 - 2015-02-02 07:13 - 00000000 ____D () C:\ProgramData\6409480964803766214
2015-01-15 07:53 - 2015-01-15 07:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\dvdcss
2015-01-15 07:52 - 2015-01-15 12:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-01-15 07:47 - 2015-01-15 07:47 - 00000894 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-15 07:47 - 2015-01-15 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-15 07:47 - 2015-01-15 07:47 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-15 07:35 - 2015-01-15 07:35 - 25611537 _____ () C:\Users\User\Downloads\vlc-2.1.5-win64.exe
2015-01-15 07:34 - 2015-01-15 07:34 - 01179936 _____ () C:\Users\User\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2015-01-14 11:48 - 2015-01-14 11:48 - 00000000 ____D () C:\Users\User\AppData\Local\Blizzard
2015-01-14 11:34 - 2015-01-14 11:48 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-01-14 11:34 - 2015-01-14 11:34 - 00001174 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-01-14 11:34 - 2015-01-14 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-01-14 11:32 - 2015-01-19 15:31 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2015-01-14 11:32 - 2015-01-14 11:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Battle.net
2015-01-14 11:32 - 2015-01-14 11:32 - 00001137 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\Users\User\AppData\Local\Blizzard Entertainment
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-14 11:29 - 2015-01-14 11:29 - 03099552 _____ (Blizzard Entertainment) C:\Users\User\Downloads\Hearthstone-Setup-deDE.exe
2015-01-14 11:29 - 2015-01-14 11:29 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-14 10:05 - 2015-01-26 11:17 - 00022016 _____ () C:\Users\User\Desktop\Lohn Checkliste 2015.xls
2015-01-14 06:50 - 2015-01-14 06:50 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:50 - 2015-01-14 06:50 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 06:50 - 2015-01-14 06:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-13 09:06 - 2015-01-13 09:06 - 00015872 _____ () C:\Users\User\Downloads\Terms NumeneraV2.xls
2015-01-12 15:14 - 2015-02-02 09:01 - 00000000 ____D () C:\ProgramData\CoupScaiNNnner
2015-01-12 15:12 - 2015-02-02 09:01 - 00000000 ____D () C:\ProgramData\SSAverAddon
2015-01-12 15:12 - 2015-01-12 15:15 - 00000000 ____D () C:\ProgramData\58f30cfa85c1a7c6
2015-01-12 14:18 - 2015-01-12 14:18 - 00000325 _____ () C:\Users\User\Downloads\BK_HOER_000966DE_LC_64_44100_ster_AGPRT2WQGBJ70.adh
2015-01-12 07:02 - 2015-02-02 09:08 - 00001957 _____ () C:\Windows\setupact.log
2015-01-12 07:02 - 2015-01-12 07:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 06:52 - 2015-01-12 06:52 - 00000000 ____D () C:\Program Files (x86)\IndepthEngine
2015-01-08 13:55 - 2015-01-08 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-08 13:52 - 2015-01-08 13:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-08 13:52 - 2015-01-08 13:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-08 11:07 - 2015-02-02 09:02 - 01275361 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 10:54 - 2015-01-08 10:54 - 00003028 _____ () C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2015-01-08 10:27 - 2015-01-08 10:27 - 00000000 ____D () C:\Users\User\Desktop\PARAGON2
2015-01-08 10:17 - 2015-02-02 09:26 - 00755868 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-01-08 10:17 - 2015-01-08 10:17 - 00000000 ___HD () C:\VTRoot
2015-01-08 09:31 - 2015-02-02 09:22 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-01-08 09:31 - 2015-01-08 10:54 - 00002001 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-01-08 09:31 - 2015-01-08 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-01-08 09:31 - 2015-01-08 09:31 - 00000000 ____D () C:\ProgramData\Shared Space
2015-01-08 09:30 - 2015-01-08 09:30 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2015-01-08 09:30 - 2015-01-08 09:30 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-08 09:29 - 2015-01-08 09:29 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-01-08 09:27 - 2015-01-12 14:03 - 00002036 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2015-01-08 09:27 - 2015-01-12 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-01-08 09:27 - 2015-01-08 09:31 - 00001067 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2015-01-08 09:27 - 2015-01-08 09:31 - 00000000 ____D () C:\Program Files\COMODO
2015-01-08 09:27 - 2015-01-08 09:30 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2015-01-08 09:27 - 2015-01-08 09:27 - 00000000 ____D () C:\Users\User\AppData\Local\Comodo
2015-01-08 09:27 - 2015-01-08 09:27 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-01-08 09:25 - 2015-01-08 09:31 - 00000000 ____D () C:\ProgramData\Comodo
2015-01-06 08:41 - 2015-01-06 08:41 - 00001010 _____ () C:\Users\Public\Desktop\Xleaner.lnk
2015-01-06 08:41 - 2015-01-06 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xleaner
2015-01-06 08:41 - 2015-01-06 08:41 - 00000000 ____D () C:\Program Files (x86)\Xleaner
2015-01-06 08:41 - 2005-04-15 16:58 - 01351392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2015-01-06 08:41 - 1998-06-23 22:00 - 00209192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.ocx
2015-01-06 08:38 - 2015-01-06 08:38 - 00001420 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2015-01-06 08:38 - 2015-01-06 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-01-06 08:37 - 2015-01-06 08:37 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-01-05 09:21 - 2015-01-26 13:01 - 00002234 _____ () C:\Users\Public\Desktop\Lexware professional.lnk
2015-01-05 08:50 - 2015-01-06 12:33 - 00000000 ____D () C:\Users\User\Documents\Sicherungen
2015-01-05 07:11 - 2015-01-05 07:17 - 00000000 ____D () C:\Users\User\AppData\Local\CyberGhost
2015-01-05 07:11 - 2015-01-05 07:11 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-05 07:10 - 2015-01-05 07:11 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-01-05 07:10 - 2015-01-05 07:10 - 00001747 _____ () C:\Users\User\Desktop\CyberGhost 5.lnk
2015-01-05 07:10 - 2015-01-05 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-05 06:58 - 2015-01-05 06:58 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 09:10 - 2014-11-13 09:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\apsec
2015-02-02 09:10 - 2014-05-16 09:12 - 00792962 _____ () C:\Windows\system32\perfh010.dat
2015-02-02 09:10 - 2014-05-16 09:12 - 00155884 _____ () C:\Windows\system32\perfc010.dat
2015-02-02 09:10 - 2014-03-18 10:47 - 03071032 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 09:10 - 2014-03-18 10:30 - 01020334 _____ () C:\Windows\system32\perfh007.dat
2015-02-02 09:10 - 2014-03-18 10:30 - 00243490 _____ () C:\Windows\system32\perfc007.dat
2015-02-02 09:09 - 2014-07-25 13:54 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1723894221-2360630800-121186594-1001
2015-02-02 09:07 - 2014-11-13 06:49 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-02 09:06 - 2014-12-10 11:48 - 00000000 ____D () C:\ProgramData\Origin
2015-02-02 09:04 - 2014-12-10 11:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-02 09:03 - 2014-12-01 08:11 - 00001696 _____ () C:\Windows\Tasks\QMCTYMH.job
2015-02-02 09:03 - 2014-12-01 08:11 - 00001348 _____ () C:\Windows\Tasks\BAGDZ.job
2015-02-02 09:03 - 2014-11-13 06:51 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 09:03 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 09:02 - 2014-06-02 06:57 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-02-02 09:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-02 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-02 08:58 - 2014-11-12 15:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 08:56 - 2014-11-13 06:51 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 07:50 - 2014-08-04 19:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\ClassicShell
2015-02-02 07:31 - 2014-11-13 08:13 - 00000000 ____D () C:\ProgramData\Lexware
2015-02-02 07:02 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-02 06:56 - 2014-08-04 20:07 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EF0CCB0B-59C3-41A1-9692-9080F675BEC0}
2015-01-26 13:01 - 2014-11-13 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-01-26 12:40 - 2014-11-13 13:05 - 00000000 ____D () C:\Users\User\Documents\Büro
2015-01-26 11:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-26 09:58 - 2014-11-12 15:17 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 09:25 - 2014-12-11 06:40 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 09:25 - 2014-12-11 06:40 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 08:29 - 2014-08-08 11:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:24 - 2014-08-08 11:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 07:59 - 2014-11-13 11:29 - 00000000 ____D () C:\Users\User\AppData\Local\Audible
2015-01-13 11:53 - 2014-11-13 07:59 - 00000000 ____D () C:\Users\User\Desktop\Günster Privat
2015-01-12 10:14 - 2014-12-01 07:41 - 00000744 _____ () C:\Users\User\Documents\builder_known_files.txt
2015-01-08 09:43 - 2014-05-20 11:17 - 00000000 ____D () C:\Windows\Panther
2015-01-08 09:12 - 2014-12-01 08:14 - 00000000 ____D () C:\Program Files (x86)\G Data
2015-01-08 09:12 - 2014-11-13 08:51 - 00000000 ____D () C:\ProgramData\G Data
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-01-06 12:35 - 2014-11-19 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\svnet
2015-01-06 12:35 - 2014-11-19 10:11 - 00000000 ____D () C:\Program Files (x86)\svnet
2015-01-06 08:38 - 2014-11-12 15:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-05 11:30 - 2014-11-13 08:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lexware
2015-01-05 09:23 - 2014-11-13 08:14 - 00000000 ____D () C:\Program Files (x86)\Lexware
2015-01-05 09:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2015-01-05 09:21 - 2014-11-13 08:14 - 00000248 _____ () C:\Windows\ODBC.INI
2015-01-05 07:17 - 2014-07-25 13:49 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-12-10 14:45 - 0001171 _____ () C:\Users\User\AppData\Roaming\BAGDZ
2014-12-01 08:17 - 2014-12-01 08:17 - 0000000 _____ () C:\Users\User\AppData\Roaming\gdfw.log
2014-12-01 08:17 - 2014-12-01 08:17 - 0000779 _____ () C:\Users\User\AppData\Roaming\gdscan.log

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\4zdjbeis.dll
C:\Users\User\AppData\Local\Temp\m6mqrges.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-26 11:39

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by User at 2015-02-02 09:28:55
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.2.0 - AppEx Networks)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1543504221.4759644.48.2147344384 - Audible, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
calibre (HKLM-x32\...\{75EA944A-4C53-4A0A-8B3B-E195EDAA626C}) (Version: 2.12.0 - Kovid Goyal)
Carbon Footprint for Google Maps (HKLM-x32\...\{23B82977-C816-92D2-66E7-BE67DD1E7786}) (Version:  - "")
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Character Builder (HKLM-x32\...\{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}) (Version: 1.10.0000 - Wizards of the Coast)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
COMODO Internet Security Premium (HKLM\...\{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}) (Version: 8.0.0.4337 - COMODO Security Solutions Inc.)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0.30 - ITSG GmbH)
dakota.ag (x32 Version: 6.0.30 - ITSG GmbH) Hidden
Dasi Doctor (x32 Version: 2.00.00.0002 - Haufe-Lexware GmbH & Co.KG) Hidden
deauLstier (HKLM-x32\...\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}) (Version:  - "") <==== ATTENTION
DesignPro 5 (HKLM-x32\...\InstallShield_{579021EE-3178-4AF2-A626-4990AC71B408}) (Version: 5.0.1056 - Avery Dennison)
DesignPro 5 (x32 Version: 5.0.1056 - Avery Dennison) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GeekBuddy (HKLM\...\{E98902C5-09AF-487A-AFAE-D4C386F506C0}) (Version: 4.18.121 - Comodo Security Solutions Inc)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lexware Elster (HKLM-x32\...\{A4AAD5E5-1563-4A51-AFFC-F896AC979EAE}) (Version: 15.04.00.0028 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 4.00.00.0008 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware lohn+gehalt pro 2015 (HKLM-x32\...\{1b34e75f-ac6a-4308-a063-9e7c7f8f73f3}) (Version: 15.0.0.150 - Haufe-Lexware GmbH & Co.KG)
Lexware lohn+gehalt pro 2015 (x32 Version: 15.04.00.0062 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware lohn+gehalt pro 2015 Client (HKLM-x32\...\{7998379e-15df-491e-919b-483b52487706}) (Version: 15.0.0.150 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (x32 Version: 22.00.00.0035 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware professional Datenbank 2015 (x32 Version: 15.25.00.0068 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Server Pro 2015 (x32 Version: 15.0.0.63 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Services (x32 Version: 3.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
LibreOffice 4.3.4.1 (HKLM-x32\...\{7D983A32-F645-48AB-8E38-4ACD234F40BC}) (Version: 4.3.4.1 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH)
PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.0 - pdfforge)
Photo to Cartoon (HKLM-x32\...\{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}) (Version: 1.0.0 - Caricature Software)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Savage-Gen 1.6.2 (HKLM-x32\...\{CBDD724B-A0F8-4DAB-81EC-4A4EC9E5E8DF}_is1) (Version:  - Goretzki Software Lösungen)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SoFaTeCouuP (HKLM-x32\...\{7540FDBD-7FDC-30AE-3778-815CB87DBE46}) (Version:  - SoftCoup) <==== ATTENTION
sv.net (HKLM-x32\...\sv.net) (Version: 15.0 - ITSG GmbH)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Xleaner v4.28.1368 (HKLM-x32\...\{72D84E46-E633-4729-8A77-2347C8CD4096}_is1) (Version:  - More Than A Cleaner.de)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-01-2015 08:23:17 Windows Update
26-01-2015 11:39:48 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {011B4BAC-2DCD-45B4-AACA-3CB80FD55774} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)
Task: {1875C662-93CB-4433-97A0-3ECD97CA3A33} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-08] (COMODO)
Task: {419A974F-B8DF-4FBE-B2EE-D4A134BB2C9B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {432F84F1-CD40-4954-B02C-6ED85F306780} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-08] (COMODO)
Task: {4E78815C-7544-4A35-8A6B-F80AB147039D} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-08] (COMODO)
Task: {5EA8B08F-E0A5-43F1-B9AC-DB6C1205B2F2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {64408CB4-C8D6-447E-AC5C-981185D2D0AB} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-08] (COMODO)
Task: {7202E9B3-492F-4754-B0E3-CCBBEB935B1F} - \QMCTYMH No Task File <==== ATTENTION
Task: {7B00C711-5436-46BC-AF67-6B235472ACFE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {92031454-2EFA-4EF4-BAAE-54D0D5875E9C} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-01-08] (COMODO)
Task: {9CDE5C89-846F-425F-9F23-B8FB50F4D402} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {A0F9484D-E81C-4590-A520-5F3092F84C80} - System32\Tasks\{E96CFCE4-B4D1-4965-AC8C-28414CA6B9B5} => pcalua.exe -a C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {C3343AD2-7941-4274-97B6-2E210E8F2574} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-01-08] (COMODO)
Task: {CEDEA143-803D-4E66-A803-8A8F79D881E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D13BB1ED-FF7E-478A-A814-2E149BA14919} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {DCB66D7E-FA34-4A7D-8B1B-D112B682DBBA} - \BAGDZ No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BAGDZ.job => C:\Users\User\AppData\Roaming\BAGDZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\QMCTYMH.job => C:\Users\User\AppData\Roaming\QMCTYMH.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-09-15 18:13 - 2014-09-15 18:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-09-25 06:38 - 2014-09-25 06:38 - 02875600 _____ () C:\Program Files\COMODO\GeekBuddy\QtCore4.dll
2014-09-25 06:38 - 2014-09-25 06:38 - 01283792 _____ () C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-09-25 06:38 - 2014-09-25 06:38 - 10451664 _____ () C:\Program Files\COMODO\GeekBuddy\QtGui4.dll
2014-09-25 06:38 - 2014-09-25 06:38 - 00039120 _____ () C:\Program Files\COMODO\GeekBuddy\imageformats\qgif4.dll
2014-09-25 06:38 - 2014-09-25 06:38 - 01529040 _____ () C:\Program Files\COMODO\GeekBuddy\QtScript4.dll
2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-01-12 06:52 - 2015-01-12 06:52 - 02030080 _____ () c:\Program Files (x86)\IndepthEngine\IndepthEngine.dll
2015-01-05 07:10 - 2014-10-15 11:11 - 00032768 _____ () C:\Program Files\CyberGhost 5\de\CyberGhost.resources.dll
2015-01-05 07:10 - 2014-11-03 08:32 - 01428584 _____ () C:\Program Files\CyberGhost 5\Geckofx-Core.dll
2014-09-11 14:09 - 2014-09-11 14:09 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2014-09-11 14:09 - 2014-09-11 14:09 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2014-12-08 14:13 - 2014-12-08 14:13 - 00534056 _____ () C:\Program Files (x86)\Lexware\professional\2015\lxuser.dll
2014-10-20 13:12 - 2014-10-20 13:12 - 01061416 _____ () C:\Program Files (x86)\Lexware\professional\2015\UAbwM10.dll
2014-12-08 14:13 - 2014-12-08 14:13 - 00151080 _____ () C:\Program Files (x86)\Lexware\professional\2015\lxcompany.dll
2015-01-02 15:31 - 2015-01-02 15:31 - 00493096 _____ () C:\Program Files (x86)\Lexware\professional\2015\LGComMeldeModuleVC8.dll
2015-01-02 15:30 - 2015-01-02 15:30 - 00249896 _____ () C:\Program Files (x86)\Lexware\professional\2015\Lexware.Loge.TatKeyManagerWrapper.dll
2014-11-27 09:51 - 2014-11-27 09:51 - 00087080 _____ () C:\Program Files (x86)\Lexware\professional\2015\LexCheckView.dll
2015-01-02 15:30 - 2015-01-02 15:30 - 00285224 _____ () C:\Program Files (x86)\Lexware\professional\2015\Lexware.Loge.TatKeyWizardWrapper.dll
2014-11-27 09:51 - 2014-11-27 09:51 - 00091688 _____ () C:\Program Files (x86)\Lexware\professional\2015\LexCheckMini.dll
2014-10-20 13:12 - 2014-10-20 13:12 - 00655400 _____ () C:\Program Files (x86)\Lexware\professional\2015\LGFZKalO.ocx
2014-10-20 13:12 - 2014-10-20 13:12 - 00773160 _____ () C:\Program Files (x86)\Lexware\professional\2015\UTools10.dll
2013-01-18 10:36 - 2013-01-18 10:36 - 00904704 _____ () C:\Program Files (x86)\Lexware\professional\2015\System.Data.SQLite.dll
2015-01-02 16:48 - 2015-01-02 16:48 - 01146920 _____ () C:\Program Files (x86)\Lexware\professional\2015\BNachwPro.dll
2015-01-02 15:30 - 2015-01-02 15:30 - 00400424 _____ () C:\Program Files (x86)\Lexware\professional\2015\Lexware.Loge.DakotaWrapper.dll
2015-01-02 15:30 - 2015-01-02 15:30 - 00111144 _____ () C:\Program Files (x86)\Lexware\professional\2015\Lexware.Loge.Core.Calculation.dll
2015-01-02 16:49 - 2015-01-02 16:49 - 01358888 _____ () C:\Program Files (x86)\Lexware\professional\2015\LGDtaExportAssi.dll
2014-10-20 13:12 - 2014-10-20 13:12 - 02321960 _____ () C:\Program Files (x86)\Lexware\professional\2015\UBuDg10.dll
2014-12-08 14:13 - 2014-12-08 14:13 - 00150056 _____ () C:\Program Files (x86)\Lexware\professional\2015\LXEmptyColl.dll
2014-12-15 17:23 - 2014-12-15 17:23 - 00067112 _____ () C:\Program Files (x86)\Common Files\Lexware\Dll\BitButton.ocx
2014-12-15 06:57 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-15 06:57 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-15 06:57 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-15 06:57 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-15 06:57 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Users\User\Downloads\BK_HOER_000966DE_LC_64_44100_ster_AGPRT2WQGBJ70.adh:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\User\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\Hearthstone-Setup-deDE.exe:$CmdTcID
AlternateDataStreams: C:\Users\User\Downloads\Hearthstone-Setup-deDE.exe:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe:$CmdTcID
AlternateDataStreams: C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\Rdschr. Nr. 1  2015.doc:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\Steuerbescheid_2013.pdf:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\Terms NumeneraV2.xls:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\VLC media player 64 Bit - CHIP-Installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\User\Downloads\VLC media player 64 Bit - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\vlc-2.1.5-win64.exe:$CmdTcID
AlternateDataStreams: C:\Users\User\Downloads\vlc-2.1.5-win64.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "SpywareTerminatorShield"
HKLM\...\StartupApproved\Run: => "SpywareTerminatorUpdater"
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\StartupApproved\Run: => "uTorrent"

========================= Accounts: ==========================

Administrator (S-1-5-21-1723894221-2360630800-121186594-500 - Administrator - Disabled)
Gast (S-1-5-21-1723894221-2360630800-121186594-501 - Limited - Disabled)
User (S-1-5-21-1723894221-2360630800-121186594-1001 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2015 09:06:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0xa18
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5

Error: (02/02/2015 06:55:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0x1114
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5

Error: (01/26/2015 01:09:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0xaec
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5

Error: (01/26/2015 09:30:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Framework.exe, Version: 15.1.0.163, Zeitstempel: 0x54859f81
Name des fehlerhaften Moduls: mfc100.dll, Version: 10.0.40219.1, Zeitstempel: 0x4d5f29b8
Ausnahmecode: 0xc000041d
Fehleroffset: 0x002b1c00
ID des fehlerhaften Prozesses: 0x8c8
Startzeit der fehlerhaften Anwendung: 0xFramework.exe0
Pfad der fehlerhaften Anwendung: Framework.exe1
Pfad des fehlerhaften Moduls: Framework.exe2
Berichtskennung: Framework.exe3
Vollständiger Name des fehlerhaften Pakets: Framework.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Framework.exe5

Error: (01/26/2015 09:30:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Framework.exe, Version: 15.1.0.163, Zeitstempel: 0x54859f81
Name des fehlerhaften Moduls: mfc100.dll, Version: 10.0.40219.1, Zeitstempel: 0x4d5f29b8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002b1c00
ID des fehlerhaften Prozesses: 0x8c8
Startzeit der fehlerhaften Anwendung: 0xFramework.exe0
Pfad der fehlerhaften Anwendung: Framework.exe1
Pfad des fehlerhaften Moduls: Framework.exe2
Berichtskennung: Framework.exe3
Vollständiger Name des fehlerhaften Pakets: Framework.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Framework.exe5

Error: (01/26/2015 09:30:44 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Framework.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 64431C00
Stapel:
  bei <Module>.AfxMessageBox(SByte*, UInt32, UInt32)
  bei CorrectionOperationProviderPro.CloseAndFinishCorrection(System.Windows.Forms.IWin32Window, System.DateTime, System.String)
  bei <Module>.CLGApp.ExecuteRollup(CLGApp*, ATL.CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char> > >*)
  bei <Module>.OnExecuteRollup(Void*, Void*)
  bei <Module>.CLogeEventBridge.Callback(CLogeEventBridge*, ATL.CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char> > >*, Void*)
  bei LogeEventBridgeAccessor.Callback(System.String, System.String)
  bei Haufe.Loge.UI.Inbox.InboxUIManager.ExecuteRollup(System.String, Int32, System.DateTime, System.DateTime)
  bei Haufe.Loge.UI.Inbox.ElstamPlugIn.InsertElstam(Lexware.BusinessComponents.Personnel.Objects.IInboxTask)
  bei Haufe.Loge.UI.Inbox.Helpers.InboxTreeListControl.DoAction(Lexware.BusinessComponents.Personnel.Objects.IInboxAction, Lexware.BusinessComponents.Personnel.Objects.IInboxTask, DevExpress.XtraTreeList.Nodes.TreeListNode)
  bei Haufe.Loge.UI.Inbox.Helpers.InboxTreeListControl._hyperlinkRepositoryEdit_Click(System.Object, System.EventArgs)
  bei System.Windows.Forms.Control.OnClick(System.EventArgs)
  bei DevExpress.XtraEditors.HyperLinkEdit.OnClick(System.EventArgs)
  bei System.Windows.Forms.Control.WmMouseUp(System.Windows.Forms.Message ByRef, System.Windows.Forms.MouseButtons, Int32)
  bei System.Windows.Forms.Control.WndProc(System.Windows.Forms.Message ByRef)
  bei DevExpress.Utils.Controls.ControlBase.WndProc(System.Windows.Forms.Message ByRef)
  bei DevExpress.XtraEditors.TextEdit.WndProc(System.Windows.Forms.Message ByRef)
  bei System.Windows.Forms.Control+ControlNativeWindow.OnMessage(System.Windows.Forms.Message ByRef)
  bei System.Windows.Forms.Control+ControlNativeWindow.WndProc(System.Windows.Forms.Message ByRef)
  bei System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)

Error: (01/26/2015 09:27:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LxTrans.exe, Version: 19.3.0.1, Zeitstempel: 0x54a6ae73
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xda8
Startzeit der fehlerhaften Anwendung: 0xLxTrans.exe0
Pfad der fehlerhaften Anwendung: LxTrans.exe1
Pfad des fehlerhaften Moduls: LxTrans.exe2
Berichtskennung: LxTrans.exe3
Vollständiger Name des fehlerhaften Pakets: LxTrans.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LxTrans.exe5

Error: (01/26/2015 09:13:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0x14e8
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5

Error: (01/19/2015 00:27:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (01/19/2015 00:22:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.


System errors:
=============
Error: (02/02/2015 09:05:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (02/02/2015 09:03:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (02/02/2015 06:54:22 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.

Error: (01/26/2015 11:40:00 AM) (Source: DCOM) (EventID: 10010) (User: User-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/26/2015 11:39:30 AM) (Source: DCOM) (EventID: 10010) (User: User-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/19/2015 09:44:57 AM) (Source: DCOM) (EventID: 10010) (User: User-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/19/2015 09:44:27 AM) (Source: DCOM) (EventID: 10010) (User: User-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/15/2015 00:13:24 PM) (Source: DCOM) (EventID: 10010) (User: User-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/15/2015 06:59:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/15/2015 06:56:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.


Microsoft Office Sessions:
=========================
Error: (02/02/2015 09:06:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6a1801d03ebef609cb27C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\SYSTEM32\amdmantle64.dll5ae25510-aab2-11e4-8289-b8975a879729

Error: (02/02/2015 06:55:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6111401d03eac96039f0aC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\SYSTEM32\amdmantle64.dll20cee4da-aaa0-11e4-8288-b8975a879729

Error: (01/26/2015 01:09:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6aec01d039609fe9092cC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\SYSTEM32\amdmantle64.dll1ee12265-a554-11e4-8288-b8975a879729

Error: (01/26/2015 09:30:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Framework.exe15.1.0.16354859f81mfc100.dll10.0.40219.14d5f29b8c000041d002b1c008c801d039404e08e705C:\Program Files (x86)\Lexware\professional\2015\Framework.exeC:\Windows\SYSTEM32\mfc100.dlla25c040c-a535-11e4-8288-b8975a879729

Error: (01/26/2015 09:30:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Framework.exe15.1.0.16354859f81mfc100.dll10.0.40219.14d5f29b8c0000005002b1c008c801d039404e08e705C:\Program Files (x86)\Lexware\professional\2015\Framework.exeC:\Windows\SYSTEM32\mfc100.dll9e5b5855-a535-11e4-8288-b8975a879729

Error: (01/26/2015 09:30:44 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Framework.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 64431C00
Stapel:
  bei <Module>.AfxMessageBox(SByte*, UInt32, UInt32)
  bei CorrectionOperationProviderPro.CloseAndFinishCorrection(System.Windows.Forms.IWin32Window, System.DateTime, System.String)
  bei <Module>.CLGApp.ExecuteRollup(CLGApp*, ATL.CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char> > >*)
  bei <Module>.OnExecuteRollup(Void*, Void*)
  bei <Module>.CLogeEventBridge.Callback(CLogeEventBridge*, ATL.CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char> > >*, Void*)
  bei LogeEventBridgeAccessor.Callback(System.String, System.String)
  bei Haufe.Loge.UI.Inbox.InboxUIManager.ExecuteRollup(System.String, Int32, System.DateTime, System.DateTime)
  bei Haufe.Loge.UI.Inbox.ElstamPlugIn.InsertElstam(Lexware.BusinessComponents.Personnel.Objects.IInboxTask)
  bei Haufe.Loge.UI.Inbox.Helpers.InboxTreeListControl.DoAction(Lexware.BusinessComponents.Personnel.Objects.IInboxAction, Lexware.BusinessComponents.Personnel.Objects.IInboxTask, DevExpress.XtraTreeList.Nodes.TreeListNode)
  bei Haufe.Loge.UI.Inbox.Helpers.InboxTreeListControl._hyperlinkRepositoryEdit_Click(System.Object, System.EventArgs)
  bei System.Windows.Forms.Control.OnClick(System.EventArgs)
  bei DevExpress.XtraEditors.HyperLinkEdit.OnClick(System.EventArgs)
  bei System.Windows.Forms.Control.WmMouseUp(System.Windows.Forms.Message ByRef, System.Windows.Forms.MouseButtons, Int32)
  bei System.Windows.Forms.Control.WndProc(System.Windows.Forms.Message ByRef)
  bei DevExpress.Utils.Controls.ControlBase.WndProc(System.Windows.Forms.Message ByRef)
  bei DevExpress.XtraEditors.TextEdit.WndProc(System.Windows.Forms.Message ByRef)
  bei System.Windows.Forms.Control+ControlNativeWindow.OnMessage(System.Windows.Forms.Message ByRef)
  bei System.Windows.Forms.Control+ControlNativeWindow.WndProc(System.Windows.Forms.Message ByRef)
  bei System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)

Error: (01/26/2015 09:27:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LxTrans.exe19.3.0.154a6ae73unknown0.0.0.000000000c000000500000000da801d03940d5182987C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exeunknown1d8eb29d-a535-11e4-8288-b8975a879729

Error: (01/26/2015 09:13:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa614e801d0393fc67a8263C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\SYSTEM32\amdmantle64.dll37078076-a533-11e4-8288-b8975a879729

Error: (01/19/2015 00:27:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (01/19/2015 00:22:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe


CodeIntegrity Errors:
===================================
  Date: 2015-02-02 09:25:32.944
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-02 09:06:43.121
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-02 09:01:06.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-02 08:39:08.549
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-02 06:54:45.213
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 13:00:14.265
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 12:33:05.756
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 12:06:35.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 11:59:37.841
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 11:54:32.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A8-6600K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 7346.21 MB
Available physical RAM: 4046.73 MB
Total Pagefile: 8498.21 MB
Available Pagefile: 4432.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.84 GB) (Free:795.07 GB) NTFS
Drive e: (PKBACK# 001) (Removable) (Total:7.74 GB) (Free:2.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B59A7638)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7.7 GB) (Disk ID: 66205247)
No partition Table on disk 1.

==================== End Of Log ============================

Nathan Grey 02.02.2015 09:38
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by User (administrator) on USER-PC on 02-02-2015 09:29:35
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\professional\2015\Framework.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2015-01-08] (COMODO)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-12] (Comodo Security Solutions, Inc.)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [uTorrent] => "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-02] (Electronic Arts)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com?fr=fp-comodo
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1723894221-2360630800-121186594-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1723894221-2360630800-121186594-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1723894221-2360630800-121186594-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-1723894221-2360630800-121186594-1001 -> {9FB76076-0B46-4329-9C1D-42A4945D8128} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SoFaTeCouuP -> {e4f0da58-79eb-431d-8bc9-9a85d4853cc9} -> C:\Program Files (x86)\SoFaTeCouuP\oeSnIFsBhnbLpu.dll ()
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{780112F8-DAE7-4F4D-B811-86258285B676}: [NameServer] 156.154.70.25,156.154.71.25
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default
FF Homepage: hxxp://de.yahoo.com?fr=fp-comodo
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-12-08]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com [Not Found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default ->
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-13]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-13]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-13]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-13]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]
CHR Extension: (Carbon Footprint for Google Maps) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh [2015-02-02]
CHR Extension: (Google Tabellen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-13]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2015-01-12] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-01-08] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-01-08] (COMODO)
R2 d164f2af; c:\Program Files (x86)\IndepthEngine\IndepthEngine.dll [2030080 2015-01-12] () [File not signed]
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-12] (Comodo Security Solutions, Inc.)
R2 Haufe FabricHostService; C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe [23080 2014-09-18] (Haufe-Lexware GmbH & Co. KG)
R2 Lexware_Professional_Datenbank; C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe [142640 2014-08-07] (iAnywhere Solutions, Inc.)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-10-02] (Haufe-Lexware GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-02-02] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2015-02-02] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-02] (Electronic Arts)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2014-12-09] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2014-12-09] (COMODO)
S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2013-06-18] (Microsoft Corp.)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2014-12-09] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-02-02] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-02-02] (Malwarebytes Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-02-10] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-02-10] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700424 2014-02-10] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\Windows\Temp\OA3\ASUS\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
S3 RwDrv; \??\C:\Windows\system32\Drivers\RwDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 09:28 - 2015-02-02 09:29 - 00042875 _____ () C:\Users\User\Downloads\Addition.txt
2015-02-02 09:27 - 2015-02-02 09:30 - 00021872 _____ () C:\Users\User\Downloads\FRST.txt
2015-02-02 09:27 - 2015-02-02 09:29 - 00000000 ____D () C:\FRST
2015-02-02 09:26 - 2015-02-02 09:26 - 02131456 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-02-02 09:02 - 2015-02-02 09:02 - 00047792 _____ () C:\Windows\PFRO.log
2015-02-02 08:39 - 2015-02-02 09:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 08:31 - 2015-02-02 08:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-02 07:13 - 2015-02-02 08:40 - 00000000 ____D () C:\Program Files (x86)\SoFaTeCouuP
2015-02-02 07:13 - 2015-02-02 08:40 - 00000000 ____D () C:\Program Files (x86)\deauLstier
2015-02-02 07:12 - 2015-02-02 08:40 - 00000000 ____D () C:\Program Files (x86)\Carbon Footprint for Google Maps
2015-02-02 07:12 - 2015-02-02 07:13 - 00000000 ____D () C:\ProgramData\6409480964803766214
2015-01-15 07:53 - 2015-01-15 07:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\dvdcss
2015-01-15 07:52 - 2015-01-15 12:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-01-15 07:47 - 2015-01-15 07:47 - 00000894 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-15 07:47 - 2015-01-15 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-15 07:47 - 2015-01-15 07:47 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-15 07:35 - 2015-01-15 07:35 - 25611537 _____ () C:\Users\User\Downloads\vlc-2.1.5-win64.exe
2015-01-15 07:34 - 2015-01-15 07:34 - 01179936 _____ () C:\Users\User\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2015-01-14 11:48 - 2015-01-14 11:48 - 00000000 ____D () C:\Users\User\AppData\Local\Blizzard
2015-01-14 11:34 - 2015-01-14 11:48 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-01-14 11:34 - 2015-01-14 11:34 - 00001174 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-01-14 11:34 - 2015-01-14 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-01-14 11:32 - 2015-01-19 15:31 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2015-01-14 11:32 - 2015-01-14 11:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Battle.net
2015-01-14 11:32 - 2015-01-14 11:32 - 00001137 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\Users\User\AppData\Local\Blizzard Entertainment
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-14 11:29 - 2015-01-14 11:29 - 03099552 _____ (Blizzard Entertainment) C:\Users\User\Downloads\Hearthstone-Setup-deDE.exe
2015-01-14 11:29 - 2015-01-14 11:29 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-14 10:05 - 2015-01-26 11:17 - 00022016 _____ () C:\Users\User\Desktop\Lohn Checkliste 2015.xls
2015-01-14 06:50 - 2015-01-14 06:50 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:50 - 2015-01-14 06:50 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 06:50 - 2015-01-14 06:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-13 09:06 - 2015-01-13 09:06 - 00015872 _____ () C:\Users\User\Downloads\Terms NumeneraV2.xls
2015-01-12 15:14 - 2015-02-02 09:01 - 00000000 ____D () C:\ProgramData\CoupScaiNNnner
2015-01-12 15:12 - 2015-02-02 09:01 - 00000000 ____D () C:\ProgramData\SSAverAddon
2015-01-12 15:12 - 2015-01-12 15:15 - 00000000 ____D () C:\ProgramData\58f30cfa85c1a7c6
2015-01-12 14:18 - 2015-01-12 14:18 - 00000325 _____ () C:\Users\User\Downloads\BK_HOER_000966DE_LC_64_44100_ster_AGPRT2WQGBJ70.adh
2015-01-12 07:02 - 2015-02-02 09:08 - 00001957 _____ () C:\Windows\setupact.log
2015-01-12 07:02 - 2015-01-12 07:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 06:52 - 2015-01-12 06:52 - 00000000 ____D () C:\Program Files (x86)\IndepthEngine
2015-01-08 13:55 - 2015-01-08 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-08 13:52 - 2015-01-08 13:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-08 13:52 - 2015-01-08 13:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-08 11:07 - 2015-02-02 09:02 - 01275361 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 10:54 - 2015-01-08 10:54 - 00003028 _____ () C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2015-01-08 10:27 - 2015-01-08 10:27 - 00000000 ____D () C:\Users\User\Desktop\PARAGON2
2015-01-08 10:17 - 2015-02-02 09:26 - 00755868 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-01-08 10:17 - 2015-01-08 10:17 - 00000000 ___HD () C:\VTRoot
2015-01-08 09:31 - 2015-02-02 09:22 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-01-08 09:31 - 2015-01-08 10:54 - 00002001 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-01-08 09:31 - 2015-01-08 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-01-08 09:31 - 2015-01-08 09:31 - 00000000 ____D () C:\ProgramData\Shared Space
2015-01-08 09:30 - 2015-01-08 09:30 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2015-01-08 09:30 - 2015-01-08 09:30 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-08 09:29 - 2015-01-08 09:29 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-01-08 09:27 - 2015-01-12 14:03 - 00002036 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2015-01-08 09:27 - 2015-01-12 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-01-08 09:27 - 2015-01-08 09:31 - 00001067 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2015-01-08 09:27 - 2015-01-08 09:31 - 00000000 ____D () C:\Program Files\COMODO
2015-01-08 09:27 - 2015-01-08 09:30 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2015-01-08 09:27 - 2015-01-08 09:27 - 00000000 ____D () C:\Users\User\AppData\Local\Comodo
2015-01-08 09:27 - 2015-01-08 09:27 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-01-08 09:25 - 2015-01-08 09:31 - 00000000 ____D () C:\ProgramData\Comodo
2015-01-06 08:41 - 2015-01-06 08:41 - 00001010 _____ () C:\Users\Public\Desktop\Xleaner.lnk
2015-01-06 08:41 - 2015-01-06 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xleaner
2015-01-06 08:41 - 2015-01-06 08:41 - 00000000 ____D () C:\Program Files (x86)\Xleaner
2015-01-06 08:41 - 2005-04-15 16:58 - 01351392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2015-01-06 08:41 - 1998-06-23 22:00 - 00209192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.ocx
2015-01-06 08:38 - 2015-01-06 08:38 - 00001420 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2015-01-06 08:38 - 2015-01-06 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-01-06 08:37 - 2015-01-06 08:37 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-01-05 09:21 - 2015-01-26 13:01 - 00002234 _____ () C:\Users\Public\Desktop\Lexware professional.lnk
2015-01-05 08:50 - 2015-01-06 12:33 - 00000000 ____D () C:\Users\User\Documents\Sicherungen
2015-01-05 07:11 - 2015-01-05 07:17 - 00000000 ____D () C:\Users\User\AppData\Local\CyberGhost
2015-01-05 07:11 - 2015-01-05 07:11 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-05 07:10 - 2015-01-05 07:11 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-01-05 07:10 - 2015-01-05 07:10 - 00001747 _____ () C:\Users\User\Desktop\CyberGhost 5.lnk
2015-01-05 07:10 - 2015-01-05 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-05 06:58 - 2015-01-05 06:58 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 09:10 - 2014-11-13 09:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\apsec
2015-02-02 09:10 - 2014-05-16 09:12 - 00792962 _____ () C:\Windows\system32\perfh010.dat
2015-02-02 09:10 - 2014-05-16 09:12 - 00155884 _____ () C:\Windows\system32\perfc010.dat
2015-02-02 09:10 - 2014-03-18 10:47 - 03071032 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 09:10 - 2014-03-18 10:30 - 01020334 _____ () C:\Windows\system32\perfh007.dat
2015-02-02 09:10 - 2014-03-18 10:30 - 00243490 _____ () C:\Windows\system32\perfc007.dat
2015-02-02 09:09 - 2014-07-25 13:54 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1723894221-2360630800-121186594-1001
2015-02-02 09:07 - 2014-11-13 06:49 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-02 09:06 - 2014-12-10 11:48 - 00000000 ____D () C:\ProgramData\Origin
2015-02-02 09:04 - 2014-12-10 11:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-02 09:03 - 2014-12-01 08:11 - 00001696 _____ () C:\Windows\Tasks\QMCTYMH.job
2015-02-02 09:03 - 2014-12-01 08:11 - 00001348 _____ () C:\Windows\Tasks\BAGDZ.job
2015-02-02 09:03 - 2014-11-13 06:51 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 09:03 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 09:02 - 2014-06-02 06:57 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-02-02 09:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-02 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-02 08:58 - 2014-11-12 15:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 08:56 - 2014-11-13 06:51 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 07:50 - 2014-08-04 19:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\ClassicShell
2015-02-02 07:31 - 2014-11-13 08:13 - 00000000 ____D () C:\ProgramData\Lexware
2015-02-02 07:02 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-02 06:56 - 2014-08-04 20:07 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EF0CCB0B-59C3-41A1-9692-9080F675BEC0}
2015-01-26 13:01 - 2014-11-13 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-01-26 12:40 - 2014-11-13 13:05 - 00000000 ____D () C:\Users\User\Documents\Büro
2015-01-26 11:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-26 09:58 - 2014-11-12 15:17 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 09:25 - 2014-12-11 06:40 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 09:25 - 2014-12-11 06:40 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 08:29 - 2014-08-08 11:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:24 - 2014-08-08 11:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 07:59 - 2014-11-13 11:29 - 00000000 ____D () C:\Users\User\AppData\Local\Audible
2015-01-13 11:53 - 2014-11-13 07:59 - 00000000 ____D () C:\Users\User\Desktop\Günster Privat
2015-01-12 10:14 - 2014-12-01 07:41 - 00000744 _____ () C:\Users\User\Documents\builder_known_files.txt
2015-01-08 09:43 - 2014-05-20 11:17 - 00000000 ____D () C:\Windows\Panther
2015-01-08 09:12 - 2014-12-01 08:14 - 00000000 ____D () C:\Program Files (x86)\G Data
2015-01-08 09:12 - 2014-11-13 08:51 - 00000000 ____D () C:\ProgramData\G Data
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-01-06 12:35 - 2014-11-19 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\svnet
2015-01-06 12:35 - 2014-11-19 10:11 - 00000000 ____D () C:\Program Files (x86)\svnet
2015-01-06 08:38 - 2014-11-12 15:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-05 11:30 - 2014-11-13 08:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lexware
2015-01-05 09:23 - 2014-11-13 08:14 - 00000000 ____D () C:\Program Files (x86)\Lexware
2015-01-05 09:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2015-01-05 09:21 - 2014-11-13 08:14 - 00000248 _____ () C:\Windows\ODBC.INI
2015-01-05 07:17 - 2014-07-25 13:49 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-12-10 14:45 - 0001171 _____ () C:\Users\User\AppData\Roaming\BAGDZ
2014-12-01 08:17 - 2014-12-01 08:17 - 0000000 _____ () C:\Users\User\AppData\Roaming\gdfw.log
2014-12-01 08:17 - 2014-12-01 08:17 - 0000779 _____ () C:\Users\User\AppData\Roaming\gdscan.log

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\4zdjbeis.dll
C:\Users\User\AppData\Local\Temp\m6mqrges.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-26 11:39

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by User at 2015-02-02 09:30:38
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.2.0 - AppEx Networks)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1543504221.4759644.48.2147344384 - Audible, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
calibre (HKLM-x32\...\{75EA944A-4C53-4A0A-8B3B-E195EDAA626C}) (Version: 2.12.0 - Kovid Goyal)
Carbon Footprint for Google Maps (HKLM-x32\...\{23B82977-C816-92D2-66E7-BE67DD1E7786}) (Version:  - "")
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Character Builder (HKLM-x32\...\{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}) (Version: 1.10.0000 - Wizards of the Coast)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
COMODO Internet Security Premium (HKLM\...\{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}) (Version: 8.0.0.4337 - COMODO Security Solutions Inc.)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0.30 - ITSG GmbH)
dakota.ag (x32 Version: 6.0.30 - ITSG GmbH) Hidden
Dasi Doctor (x32 Version: 2.00.00.0002 - Haufe-Lexware GmbH & Co.KG) Hidden
deauLstier (HKLM-x32\...\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}) (Version:  - "") <==== ATTENTION
DesignPro 5 (HKLM-x32\...\InstallShield_{579021EE-3178-4AF2-A626-4990AC71B408}) (Version: 5.0.1056 - Avery Dennison)
DesignPro 5 (x32 Version: 5.0.1056 - Avery Dennison) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GeekBuddy (HKLM\...\{E98902C5-09AF-487A-AFAE-D4C386F506C0}) (Version: 4.18.121 - Comodo Security Solutions Inc)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lexware Elster (HKLM-x32\...\{A4AAD5E5-1563-4A51-AFFC-F896AC979EAE}) (Version: 15.04.00.0028 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 4.00.00.0008 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware lohn+gehalt pro 2015 (HKLM-x32\...\{1b34e75f-ac6a-4308-a063-9e7c7f8f73f3}) (Version: 15.0.0.150 - Haufe-Lexware GmbH & Co.KG)
Lexware lohn+gehalt pro 2015 (x32 Version: 15.04.00.0062 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware lohn+gehalt pro 2015 Client (HKLM-x32\...\{7998379e-15df-491e-919b-483b52487706}) (Version: 15.0.0.150 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (x32 Version: 22.00.00.0035 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware professional Datenbank 2015 (x32 Version: 15.25.00.0068 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Server Pro 2015 (x32 Version: 15.0.0.63 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Services (x32 Version: 3.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
LibreOffice 4.3.4.1 (HKLM-x32\...\{7D983A32-F645-48AB-8E38-4ACD234F40BC}) (Version: 4.3.4.1 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH)
PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.0 - pdfforge)
Photo to Cartoon (HKLM-x32\...\{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}) (Version: 1.0.0 - Caricature Software)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Savage-Gen 1.6.2 (HKLM-x32\...\{CBDD724B-A0F8-4DAB-81EC-4A4EC9E5E8DF}_is1) (Version:  - Goretzki Software Lösungen)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SoFaTeCouuP (HKLM-x32\...\{7540FDBD-7FDC-30AE-3778-815CB87DBE46}) (Version:  - SoftCoup) <==== ATTENTION
sv.net (HKLM-x32\...\sv.net) (Version: 15.0 - ITSG GmbH)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Xleaner v4.28.1368 (HKLM-x32\...\{72D84E46-E633-4729-8A77-2347C8CD4096}_is1) (Version:  - More Than A Cleaner.de)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-01-2015 08:23:17 Windows Update
26-01-2015 11:39:48 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {011B4BAC-2DCD-45B4-AACA-3CB80FD55774} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)
Task: {1875C662-93CB-4433-97A0-3ECD97CA3A33} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-08] (COMODO)
Task: {419A974F-B8DF-4FBE-B2EE-D4A134BB2C9B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {432F84F1-CD40-4954-B02C-6ED85F306780} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-08] (COMODO)
Task: {4E78815C-7544-4A35-8A6B-F80AB147039D} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-08] (COMODO)
Task: {5EA8B08F-E0A5-43F1-B9AC-DB6C1205B2F2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {64408CB4-C8D6-447E-AC5C-981185D2D0AB} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-08] (COMODO)
Task: {7202E9B3-492F-4754-B0E3-CCBBEB935B1F} - \QMCTYMH No Task File <==== ATTENTION
Task: {7B00C711-5436-46BC-AF67-6B235472ACFE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {92031454-2EFA-4EF4-BAAE-54D0D5875E9C} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-01-08] (COMODO)
Task: {9CDE5C89-846F-425F-9F23-B8FB50F4D402} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {A0F9484D-E81C-4590-A520-5F3092F84C80} - System32\Tasks\{E96CFCE4-B4D1-4965-AC8C-28414CA6B9B5} => pcalua.exe -a C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {C3343AD2-7941-4274-97B6-2E210E8F2574} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-01-08] (COMODO)
Task: {CEDEA143-803D-4E66-A803-8A8F79D881E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D13BB1ED-FF7E-478A-A814-2E149BA14919} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {DCB66D7E-FA34-4A7D-8B1B-D112B682DBBA} - \BAGDZ No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BAGDZ.job => C:\Users\User\AppData\Roaming\BAGDZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\QMCTYMH.job => C:\Users\User\AppData\Roaming\QMCTYMH.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-09-15 18:13 - 2014-09-15 18:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-09-25 06:38 - 2014-09-25 06:38 - 02875600 _____ () C:\Program Files\COMODO\GeekBuddy\QtCore4.dll
2014-09-25 06:38 - 2014-09-25 06:38 - 01283792 _____ () C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-09-25 06:38 - 2014-09-25 06:38 - 10451664 _____ () C:\Program Files\COMODO\GeekBuddy\QtGui4.dll
2014-09-25 06:38 - 2014-09-25 06:38 - 00039120 _____ () C:\Program Files\COMODO\GeekBuddy\imageformats\qgif4.dll
2014-09-25 06:38 - 2014-09-25 06:38 - 01529040 _____ () C:\Program Files\COMODO\GeekBuddy\QtScript4.dll
2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-01-12 06:52 - 2015-01-12 06:52 - 02030080 _____ () c:\Program Files (x86)\IndepthEngine\IndepthEngine.dll
2015-01-05 07:10 - 2014-10-15 11:11 - 00032768 _____ () C:\Program Files\CyberGhost 5\de\CyberGhost.resources.dll
2015-01-05 07:10 - 2014-11-03 08:32 - 01428584 _____ () C:\Program Files\CyberGhost 5\Geckofx-Core.dll
2014-09-11 14:09 - 2014-09-11 14:09 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2014-09-11 14:09 - 2014-09-11 14:09 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2014-12-08 14:13 - 2014-12-08 14:13 - 00534056 _____ () C:\Program Files (x86)\Lexware\professional\2015\lxuser.dll
2014-10-20 13:12 - 2014-10-20 13:12 - 01061416 _____ () C:\Program Files (x86)\Lexware\professional\2015\UAbwM10.dll
2014-12-08 14:13 - 2014-12-08 14:13 - 00151080 _____ () C:\Program Files (x86)\Lexware\professional\2015\lxcompany.dll
2015-01-02 15:31 - 2015-01-02 15:31 - 00493096 _____ () C:\Program Files (x86)\Lexware\professional\2015\LGComMeldeModuleVC8.dll
2015-01-02 15:30 - 2015-01-02 15:30 - 00249896 _____ () C:\Program Files (x86)\Lexware\professional\2015\Lexware.Loge.TatKeyManagerWrapper.dll
2014-11-27 09:51 - 2014-11-27 09:51 - 00087080 _____ () C:\Program Files (x86)\Lexware\professional\2015\LexCheckView.dll
2015-01-02 15:30 - 2015-01-02 15:30 - 00285224 _____ () C:\Program Files (x86)\Lexware\professional\2015\Lexware.Loge.TatKeyWizardWrapper.dll
2014-11-27 09:51 - 2014-11-27 09:51 - 00091688 _____ () C:\Program Files (x86)\Lexware\professional\2015\LexCheckMini.dll
2014-10-20 13:12 - 2014-10-20 13:12 - 00655400 _____ () C:\Program Files (x86)\Lexware\professional\2015\LGFZKalO.ocx
2014-10-20 13:12 - 2014-10-20 13:12 - 00773160 _____ () C:\Program Files (x86)\Lexware\professional\2015\UTools10.dll
2013-01-18 10:36 - 2013-01-18 10:36 - 00904704 _____ () C:\Program Files (x86)\Lexware\professional\2015\System.Data.SQLite.dll
2015-01-02 16:48 - 2015-01-02 16:48 - 01146920 _____ () C:\Program Files (x86)\Lexware\professional\2015\BNachwPro.dll
2015-01-02 15:30 - 2015-01-02 15:30 - 00400424 _____ () C:\Program Files (x86)\Lexware\professional\2015\Lexware.Loge.DakotaWrapper.dll
2015-01-02 15:30 - 2015-01-02 15:30 - 00111144 _____ () C:\Program Files (x86)\Lexware\professional\2015\Lexware.Loge.Core.Calculation.dll
2015-01-02 16:49 - 2015-01-02 16:49 - 01358888 _____ () C:\Program Files (x86)\Lexware\professional\2015\LGDtaExportAssi.dll
2014-10-20 13:12 - 2014-10-20 13:12 - 02321960 _____ () C:\Program Files (x86)\Lexware\professional\2015\UBuDg10.dll
2014-12-08 14:13 - 2014-12-08 14:13 - 00150056 _____ () C:\Program Files (x86)\Lexware\professional\2015\LXEmptyColl.dll
2014-12-15 17:23 - 2014-12-15 17:23 - 00067112 _____ () C:\Program Files (x86)\Common Files\Lexware\Dll\BitButton.ocx
2014-12-15 06:57 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-15 06:57 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-15 06:57 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-15 06:57 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-15 06:57 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Users\User\Downloads\BK_HOER_000966DE_LC_64_44100_ster_AGPRT2WQGBJ70.adh:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\User\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\Hearthstone-Setup-deDE.exe:$CmdTcID
AlternateDataStreams: C:\Users\User\Downloads\Hearthstone-Setup-deDE.exe:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe:$CmdTcID
AlternateDataStreams: C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\Rdschr. Nr. 1  2015.doc:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\Steuerbescheid_2013.pdf:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\Terms NumeneraV2.xls:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\VLC media player 64 Bit - CHIP-Installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\User\Downloads\VLC media player 64 Bit - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\User\Downloads\vlc-2.1.5-win64.exe:$CmdTcID
AlternateDataStreams: C:\Users\User\Downloads\vlc-2.1.5-win64.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "SpywareTerminatorShield"
HKLM\...\StartupApproved\Run: => "SpywareTerminatorUpdater"
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\StartupApproved\Run: => "uTorrent"

========================= Accounts: ==========================

Administrator (S-1-5-21-1723894221-2360630800-121186594-500 - Administrator - Disabled)
Gast (S-1-5-21-1723894221-2360630800-121186594-501 - Limited - Disabled)
User (S-1-5-21-1723894221-2360630800-121186594-1001 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2015 09:06:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0xa18
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5

Error: (02/02/2015 06:55:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0x1114
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5

Error: (01/26/2015 01:09:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0xaec
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5

Error: (01/26/2015 09:30:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Framework.exe, Version: 15.1.0.163, Zeitstempel: 0x54859f81
Name des fehlerhaften Moduls: mfc100.dll, Version: 10.0.40219.1, Zeitstempel: 0x4d5f29b8
Ausnahmecode: 0xc000041d
Fehleroffset: 0x002b1c00
ID des fehlerhaften Prozesses: 0x8c8
Startzeit der fehlerhaften Anwendung: 0xFramework.exe0
Pfad der fehlerhaften Anwendung: Framework.exe1
Pfad des fehlerhaften Moduls: Framework.exe2
Berichtskennung: Framework.exe3
Vollständiger Name des fehlerhaften Pakets: Framework.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Framework.exe5

Error: (01/26/2015 09:30:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Framework.exe, Version: 15.1.0.163, Zeitstempel: 0x54859f81
Name des fehlerhaften Moduls: mfc100.dll, Version: 10.0.40219.1, Zeitstempel: 0x4d5f29b8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002b1c00
ID des fehlerhaften Prozesses: 0x8c8
Startzeit der fehlerhaften Anwendung: 0xFramework.exe0
Pfad der fehlerhaften Anwendung: Framework.exe1
Pfad des fehlerhaften Moduls: Framework.exe2
Berichtskennung: Framework.exe3
Vollständiger Name des fehlerhaften Pakets: Framework.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Framework.exe5

Error: (01/26/2015 09:30:44 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Framework.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 64431C00
Stapel:
  bei <Module>.AfxMessageBox(SByte*, UInt32, UInt32)
  bei CorrectionOperationProviderPro.CloseAndFinishCorrection(System.Windows.Forms.IWin32Window, System.DateTime, System.String)
  bei <Module>.CLGApp.ExecuteRollup(CLGApp*, ATL.CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char> > >*)
  bei <Module>.OnExecuteRollup(Void*, Void*)
  bei <Module>.CLogeEventBridge.Callback(CLogeEventBridge*, ATL.CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char> > >*, Void*)
  bei LogeEventBridgeAccessor.Callback(System.String, System.String)
  bei Haufe.Loge.UI.Inbox.InboxUIManager.ExecuteRollup(System.String, Int32, System.DateTime, System.DateTime)
  bei Haufe.Loge.UI.Inbox.ElstamPlugIn.InsertElstam(Lexware.BusinessComponents.Personnel.Objects.IInboxTask)
  bei Haufe.Loge.UI.Inbox.Helpers.InboxTreeListControl.DoAction(Lexware.BusinessComponents.Personnel.Objects.IInboxAction, Lexware.BusinessComponents.Personnel.Objects.IInboxTask, DevExpress.XtraTreeList.Nodes.TreeListNode)
  bei Haufe.Loge.UI.Inbox.Helpers.InboxTreeListControl._hyperlinkRepositoryEdit_Click(System.Object, System.EventArgs)
  bei System.Windows.Forms.Control.OnClick(System.EventArgs)
  bei DevExpress.XtraEditors.HyperLinkEdit.OnClick(System.EventArgs)
  bei System.Windows.Forms.Control.WmMouseUp(System.Windows.Forms.Message ByRef, System.Windows.Forms.MouseButtons, Int32)
  bei System.Windows.Forms.Control.WndProc(System.Windows.Forms.Message ByRef)
  bei DevExpress.Utils.Controls.ControlBase.WndProc(System.Windows.Forms.Message ByRef)
  bei DevExpress.XtraEditors.TextEdit.WndProc(System.Windows.Forms.Message ByRef)
  bei System.Windows.Forms.Control+ControlNativeWindow.OnMessage(System.Windows.Forms.Message ByRef)
  bei System.Windows.Forms.Control+ControlNativeWindow.WndProc(System.Windows.Forms.Message ByRef)
  bei System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)

Error: (01/26/2015 09:27:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LxTrans.exe, Version: 19.3.0.1, Zeitstempel: 0x54a6ae73
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xda8
Startzeit der fehlerhaften Anwendung: 0xLxTrans.exe0
Pfad der fehlerhaften Anwendung: LxTrans.exe1
Pfad des fehlerhaften Moduls: LxTrans.exe2
Berichtskennung: LxTrans.exe3
Vollständiger Name des fehlerhaften Pakets: LxTrans.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LxTrans.exe5

Error: (01/26/2015 09:13:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0x14e8
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5

Error: (01/19/2015 00:27:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (01/19/2015 00:22:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.


System errors:
=============
Error: (02/02/2015 09:05:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (02/02/2015 09:03:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (02/02/2015 06:54:22 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20.

Error: (01/26/2015 11:40:00 AM) (Source: DCOM) (EventID: 10010) (User: User-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/26/2015 11:39:30 AM) (Source: DCOM) (EventID: 10010) (User: User-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/19/2015 09:44:57 AM) (Source: DCOM) (EventID: 10010) (User: User-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/19/2015 09:44:27 AM) (Source: DCOM) (EventID: 10010) (User: User-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/15/2015 00:13:24 PM) (Source: DCOM) (EventID: 10010) (User: User-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/15/2015 06:59:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/15/2015 06:56:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.


Microsoft Office Sessions:
=========================
Error: (02/02/2015 09:06:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6a1801d03ebef609cb27C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\SYSTEM32\amdmantle64.dll5ae25510-aab2-11e4-8289-b8975a879729

Error: (02/02/2015 06:55:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6111401d03eac96039f0aC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\SYSTEM32\amdmantle64.dll20cee4da-aaa0-11e4-8288-b8975a879729

Error: (01/26/2015 01:09:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6aec01d039609fe9092cC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\SYSTEM32\amdmantle64.dll1ee12265-a554-11e4-8288-b8975a879729

Error: (01/26/2015 09:30:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Framework.exe15.1.0.16354859f81mfc100.dll10.0.40219.14d5f29b8c000041d002b1c008c801d039404e08e705C:\Program Files (x86)\Lexware\professional\2015\Framework.exeC:\Windows\SYSTEM32\mfc100.dlla25c040c-a535-11e4-8288-b8975a879729

Error: (01/26/2015 09:30:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Framework.exe15.1.0.16354859f81mfc100.dll10.0.40219.14d5f29b8c0000005002b1c008c801d039404e08e705C:\Program Files (x86)\Lexware\professional\2015\Framework.exeC:\Windows\SYSTEM32\mfc100.dll9e5b5855-a535-11e4-8288-b8975a879729

Error: (01/26/2015 09:30:44 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Framework.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 64431C00
Stapel:
  bei <Module>.AfxMessageBox(SByte*, UInt32, UInt32)
  bei CorrectionOperationProviderPro.CloseAndFinishCorrection(System.Windows.Forms.IWin32Window, System.DateTime, System.String)
  bei <Module>.CLGApp.ExecuteRollup(CLGApp*, ATL.CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char> > >*)
  bei <Module>.OnExecuteRollup(Void*, Void*)
  bei <Module>.CLogeEventBridge.Callback(CLogeEventBridge*, ATL.CStringT<char,StrTraitMFC_DLL<char,ATL::ChTraitsCRT<char> > >*, Void*)
  bei LogeEventBridgeAccessor.Callback(System.String, System.String)
  bei Haufe.Loge.UI.Inbox.InboxUIManager.ExecuteRollup(System.String, Int32, System.DateTime, System.DateTime)
  bei Haufe.Loge.UI.Inbox.ElstamPlugIn.InsertElstam(Lexware.BusinessComponents.Personnel.Objects.IInboxTask)
  bei Haufe.Loge.UI.Inbox.Helpers.InboxTreeListControl.DoAction(Lexware.BusinessComponents.Personnel.Objects.IInboxAction, Lexware.BusinessComponents.Personnel.Objects.IInboxTask, DevExpress.XtraTreeList.Nodes.TreeListNode)
  bei Haufe.Loge.UI.Inbox.Helpers.InboxTreeListControl._hyperlinkRepositoryEdit_Click(System.Object, System.EventArgs)
  bei System.Windows.Forms.Control.OnClick(System.EventArgs)
  bei DevExpress.XtraEditors.HyperLinkEdit.OnClick(System.EventArgs)
  bei System.Windows.Forms.Control.WmMouseUp(System.Windows.Forms.Message ByRef, System.Windows.Forms.MouseButtons, Int32)
  bei System.Windows.Forms.Control.WndProc(System.Windows.Forms.Message ByRef)
  bei DevExpress.Utils.Controls.ControlBase.WndProc(System.Windows.Forms.Message ByRef)
  bei DevExpress.XtraEditors.TextEdit.WndProc(System.Windows.Forms.Message ByRef)
  bei System.Windows.Forms.Control+ControlNativeWindow.OnMessage(System.Windows.Forms.Message ByRef)
  bei System.Windows.Forms.Control+ControlNativeWindow.WndProc(System.Windows.Forms.Message ByRef)
  bei System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)

Error: (01/26/2015 09:27:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LxTrans.exe19.3.0.154a6ae73unknown0.0.0.000000000c000000500000000da801d03940d5182987C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exeunknown1d8eb29d-a535-11e4-8288-b8975a879729

Error: (01/26/2015 09:13:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa614e801d0393fc67a8263C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\SYSTEM32\amdmantle64.dll37078076-a533-11e4-8288-b8975a879729

Error: (01/19/2015 00:27:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (01/19/2015 00:22:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe


CodeIntegrity Errors:
===================================
  Date: 2015-02-02 09:25:32.944
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-02 09:06:43.121
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-02 09:01:06.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-02 08:39:08.549
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-02 06:54:45.213
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 13:00:14.265
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 12:33:05.756
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 12:06:35.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 11:59:37.841
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-26 11:54:32.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A8-6600K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 7346.21 MB
Available physical RAM: 4098.98 MB
Total Pagefile: 8498.21 MB
Available Pagefile: 4388.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.84 GB) (Free:795.09 GB) NTFS
Drive e: (PKBACK# 001) (Removable) (Total:7.74 GB) (Free:2.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B59A7638)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7.7 GB) (Disk ID: 66205247)
No partition Table on disk 1.

==================== End Of Log ============================
Außerdem bekomme ich von Malewarebytes seit neustem bei jeder Seite die ich aufrufe, dass eine Seite geblockt wird (ran.bfylueopfyia.com)

Und was mit grad auch noch aufgefallen ist, dass unwillkürlich Worte in Foren zu Links umfunktioniert werden, was garantiert nicht von den Foren ausgeht.

Nathan Grey 02.02.2015 10:50
Hier mal das Malwarebytes Log von heute Morgen:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02.02.2015
Scan Time: 08:40:03
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.01.07
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334826
Time Elapsed: 18 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 49
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{562e075f-a9bf-4cda-bc90-aa19a9f4d176}, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{562E075F-A9BF-4CDA-BC90-AA19A9F4D176}, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{562E075F-A9BF-4CDA-BC90-AA19A9F4D176}, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P562e075f_a9bf_4cda_bc90_aa19a9f4d176_.P562e075f_a9bf_4cda_bc90_aa19a9f4d176_, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P562e075f_a9bf_4cda_bc90_aa19a9f4d176_.P562e075f_a9bf_4cda_bc90_aa19a9f4d176_.9, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P562e075f_a9bf_4cda_bc90_aa19a9f4d176_.P562e075f_a9bf_4cda_bc90_aa19a9f4d176_, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P562e075f_a9bf_4cda_bc90_aa19a9f4d176_.P562e075f_a9bf_4cda_bc90_aa19a9f4d176_.9, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{562E075F-A9BF-4CDA-BC90-AA19A9F4D176}, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{562E075F-A9BF-4CDA-BC90-AA19A9F4D176}\INPROCSERVER32, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1723894221-2360630800-121186594-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{562E075F-A9BF-4CDA-BC90-AA19A9F4D176}, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1723894221-2360630800-121186594-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{562E075F-A9BF-4CDA-BC90-AA19A9F4D176}, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{562E075F-A9BF-4CDA-BC90-AA19A9F4D176}, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{562E075F-A9BF-4CDA-BC90-AA19A9F4D176}, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{10A0E600-D246-BD63-F465-4C849C688998}, Quarantined, [d27958c17119b086536436bac141768a],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7f22afaa-7af7-436f-a079-0efa68707e08}, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F22AFAA-7AF7-436F-A079-0EFA68707E08}, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F22AFAA-7AF7-436F-A079-0EFA68707E08}, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P7f22afaa_7af7_436f_a079_0efa68707e08_.P7f22afaa_7af7_436f_a079_0efa68707e08_, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P7f22afaa_7af7_436f_a079_0efa68707e08_.P7f22afaa_7af7_436f_a079_0efa68707e08_.9, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P7f22afaa_7af7_436f_a079_0efa68707e08_.P7f22afaa_7af7_436f_a079_0efa68707e08_, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P7f22afaa_7af7_436f_a079_0efa68707e08_.P7f22afaa_7af7_436f_a079_0efa68707e08_.9, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{7F22AFAA-7AF7-436F-A079-0EFA68707E08}, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{7F22AFAA-7AF7-436F-A079-0EFA68707E08}\INPROCSERVER32, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1723894221-2360630800-121186594-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7F22AFAA-7AF7-436F-A079-0EFA68707E08}, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1723894221-2360630800-121186594-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7F22AFAA-7AF7-436F-A079-0EFA68707E08}, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F22AFAA-7AF7-436F-A079-0EFA68707E08}, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F22AFAA-7AF7-436F-A079-0EFA68707E08}, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{80E8B0A0-117D-1402-7CDE-688156237115}, Quarantined, [ef5cdc3d94f63204724520d0a0622ad6],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [391290894d3d4fe7bdfcdf0b6a9a27d9],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, Quarantined, [ef5c8f8a068443f3c640098319ea54ac],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, [391222f70b7f7bbb25dea8579272aa56],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarantined, [2c1fd544c8c2181e56a8267304ff9769],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [b8934bceafdb79bdcb67079bf0137d83],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [4407cf4ae3a732046455ba3016eebd43],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d164f2af}, Quarantined, [9cafd0495c2e92a4ee5b9b0a4eb5d12f],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [af9c6bae3d4d8bab8579827f7293ff01],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [86c59683deac171fe31ca35ee42131cf],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, Quarantined, [69e254c5f39754e215b75148bd46b44c],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarantined, [a7a43ddc32581b1b6895e2b76d9617e9],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarantined, [0a41bc5de5a51b1b0d1fd7b8739047b9],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [5bf04fca523830061b12513e23e055ab],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TornTv Downloader, Quarantined, [143700194347f145b40d632836cd37c9],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1723894221-2360630800-121186594-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [3f0c23f60a802a0c3049ce1213f1d729],
PUP.Optional.BoBrowser.A, HKU\S-1-5-21-1723894221-2360630800-121186594-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BoBrowser, Quarantined, [91ba64b56228280e844adaa832d150b0],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-1723894221-2360630800-121186594-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, Quarantined, [460566b3f9919f974e5ec3d809fadc24],
PUP.Optional.TornTV.A, HKU\S-1-5-21-1723894221-2360630800-121186594-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TornTv Downloader, Quarantined, [341768b1f09ae5517e430a81c43f6a96],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1723894221-2360630800-121186594-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [420959c0444634020053ee0552b2629e],
PUP.Optional.Qone8, HKU\S-1-5-21-1723894221-2360630800-121186594-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [cd7e26f3b7d37db914a428c2c0445ea2],
PUP.Optional.FastStart.A, HKU\S-1-5-21-1723894221-2360630800-121186594-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [292271a8d9b1c175d83d0f8823e00ef2],

Registry Values: 5
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [b8934bceafdb79bdcb67079bf0137d83]
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com, Quarantined, [9bb0c9505238ae883ae3a75707fd4ab6]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, Quarantined, [69e254c5f39754e215b75148bd46b44c]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, ild, Quarantined, [a7a43ddc32581b1b6895e2b76d9617e9]
PUP.Optional.FastStart.A, HKU\S-1-5-21-1723894221-2360630800-121186594-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [292271a8d9b1c175d83d0f8823e00ef2]

Registry Data: 10
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141),Replaced,[1b30a376c5c5330314ad6042fb0a03fd]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141),Replaced,[7ecd1efbaae0cd69bd05e8ba966f5fa1]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141&q={searchTerms}),Replaced,[f754021794f61e180ffd584b7b8ac53b]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141, Good: (www.google.com), Bad: (hxxp://www.mystartsearch.com/?type=hp&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141),Replaced,[d6753cddccbe0d295cafecb77095f20e]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141, Good: (www.google.com), Bad: (hxxp://www.mystartsearch.com/?type=hp&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141),Replaced,[e66549d02c5edb5bc6ce119f75904fb1]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=ds&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141&q={searchTerms}),Replaced,[c685bc5d91f9c571bf4ec6dd3dc8b24e]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[4cff01186129d0663d9ef1bd2ed714ec]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141),Replaced,[60ebef2a6b1fd561a51c435fab5aa759]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1417417971&from=ild&uid=WDCXWD10EVDS-73V9B0_WD-WMAVU415314153141),Replaced,[51fa15040d7d171f942e921028ddfa06]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[df6cfc1dc2c8ba7c716a2b8333d27987]

Folders: 47
Rogue.Multiple, C:\ProgramData\600440862, Quarantined, [84c744d599f169cdd8e47eba5da61ee2],
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy, Quarantined, [d07bf722701ad75f0547fd4b758ec43c],
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\OpenCandy_B6C704AD25B941A89A84E6CEED55E46E, Quarantined, [d07bf722701ad75f0547fd4b758ec43c],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Quarantined, [f9520811632784b22e7f342904ff956b],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [f9520811632784b22e7f342904ff956b],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\include, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\include\tools, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js\lib, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js\module, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js\pack, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\en, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\en-US, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\es, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\es-419, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\fr, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\it, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\pl, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\ru, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\tr, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\vi, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\skin, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\defaults, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\defaults\preferences, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\modules, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, [69e2be5bc7c3181e46c2144c0af939c7],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [69e2be5bc7c3181e46c2144c0af939c7],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Quarantined, [c8831dfc96f48caa040f6afc689bcd33],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, Quarantined, [c8831dfc96f48caa040f6afc689bcd33],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, Quarantined, [c8831dfc96f48caa040f6afc689bcd33],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, Quarantined, [c8831dfc96f48caa040f6afc689bcd33],
PUP.Optional.CrossRider, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh, Quarantined, [5fec3bded0baef4761b28ae753b0fb05],
PUP.Optional.CrossRider, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\0.1_0, Quarantined, [5fec3bded0baef4761b28ae753b0fb05],
PUP.Optional.CrossRider, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\0.1_0\_metadata, Quarantined, [5fec3bded0baef4761b28ae753b0fb05],

Files: 86
PUP.Optional.MultiPlug.A, C:\ProgramData\SSAverAddon\JAphxqkD3bh0OC.dll, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.MultiPlug.A, C:\ProgramData\SSAverAddon\JAphxqkD3bh0OC.x64.dll, Quarantined, [361536e32b5fc175f513099660a518e8],
PUP.Optional.Multiplug, C:\ProgramData\SSAverAddon\JAphxqkD3bh0OC.exe, Quarantined, [d27958c17119b086536436bac141768a],
PUP.Optional.MultiPlug.A, C:\ProgramData\CoupScaiNNnner\W2wEZJ5eKPm56y.dll, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.MultiPlug.A, C:\ProgramData\CoupScaiNNnner\W2wEZJ5eKPm56y.x64.dll, Quarantined, [2724ae6be5a5b383cd3b821d6e97c13f],
PUP.Optional.Multiplug, C:\ProgramData\CoupScaiNNnner\W2wEZJ5eKPm56y.exe, Quarantined, [ef5cdc3d94f63204724520d0a0622ad6],
PUP.Optional.Patsearch.A, C:\Windows\patsearch.bin, Quarantined, [78d3fe1b3258d561b493265c56adf808],
PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrH_01009.Wdf, Quarantined, [400b11087119ca6c6a0b8003b74c52ae],
PUP.Optional.BoBrowser.A, C:\Windows\System32\Tasks\Run_Bobby_Browser, Quarantined, [410a39e0d4b6a690221d96ee996a08f8],
PUP.Optional.MyStartSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml, Quarantined, [410a1aff59319e98a85cf29a9a69e020],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [004bf7225634a98d5b565da2996bcd33],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [8ac17a9fc2c851e5337f8a7520e4d32d],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [f259ef2afe8c46f02b88946bb64e12ee],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [7dce38e1157559dd08ac88771be9c838],
Rogue.Multiple, C:\ProgramData\600440862\BITA36F.tmp, Quarantined, [84c744d599f169cdd8e47eba5da61ee2],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome.manifest, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\install.rdf, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\index.html, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\chrome\skin\style.css, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\modules\addonmanager.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\modules\aes.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\modules\config.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\modules\dialogs.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\modules\last_tab.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\modules\misc.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\modules\properties.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\modules\remoterequest.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.FastStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com\modules\settings.js, Quarantined, [77d4db3e612991a50ac57de1b64d51af],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, [69e2be5bc7c3181e46c2144c0af939c7],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, Quarantined, [c8831dfc96f48caa040f6afc689bcd33],
PUP.Optional.CrossRider, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\0.1_0\background.js, Quarantined, [5fec3bded0baef4761b28ae753b0fb05],
PUP.Optional.CrossRider, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\0.1_0\bookmarklet.js, Quarantined, [5fec3bded0baef4761b28ae753b0fb05],
PUP.Optional.CrossRider, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\0.1_0\icon-128.png, Quarantined, [5fec3bded0baef4761b28ae753b0fb05],
PUP.Optional.CrossRider, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\0.1_0\icon-16.png, Quarantined, [5fec3bded0baef4761b28ae753b0fb05],
PUP.Optional.CrossRider, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\0.1_0\icon-48.png, Quarantined, [5fec3bded0baef4761b28ae753b0fb05],
PUP.Optional.CrossRider, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\0.1_0\manifest.json, Quarantined, [5fec3bded0baef4761b28ae753b0fb05],
PUP.Optional.CrossRider, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\0.1_0\_metadata\verified_contents.json, Quarantined, [5fec3bded0baef4761b28ae753b0fb05],
PUP.Optional.QuickStart.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Replaced,[65e691886c1e6ccae57111d8e520619f]

Physical Sectors: 0
(No malicious items detected)


(end)
Und das Log vom AdwCleaner:
Code:
# AdwCleaner v4.109 - Bericht erstellt am 02/02/2015 um 10:47:08
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 8.1 Connected  (64 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Downloads\AdwCleaner09.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : globalUpdate
Dienst Gefunden : globalUpdatem
Dienst Gefunden : 51cdb72

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
Datei Gefunden : C:\Users\Public\Desktop\GeekBuddy.lnk
Ordner Gefunden : C:\Program Files (x86)\deauLstier
Ordner Gefunden : C:\Program Files (x86)\SoFaTeCouuP
Ordner Gefunden : C:\ProgramData\58f30cfa85c1a7c6
Ordner Gefunden : C:\ProgramData\6409480964803766214
Ordner Gefunden : C:\ProgramData\CoupScaiNNnner
Ordner Gefunden : C:\ProgramData\SSAverAddon
Ordner Gefunden : C:\Users\User\AppData\Local\globalUpdate
Ordner Gefunden : C:\Users\User\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\User\AppData\Roaming\RHEng
Ordner Gefunden : C:\Users\User\Documents\Optimizer Pro

***** [ Tasks ] *****

Task Gefunden : Run_Bobby_Browser

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\BetterMarkIt
Schlüssel Gefunden : HKCU\Software\Classes\pokki
Schlüssel Gefunden : HKCU\Software\GlobalUpdate
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : [x64] HKCU\Software\GlobalUpdate
Schlüssel Gefunden : [x64] HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gefunden : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gefunden : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gefunden : HKLM\SOFTWARE\Clara
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{e4f0da58-79eb-431d-8bc9-9a85d4853cc9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Pe4f0da58_79eb_431d_8bc9_9a85d4853cc9_.Pe4f0da58_79eb_431d_8bc9_9a85d4853cc9_
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Pe4f0da58_79eb_431d_8bc9_9a85d4853cc9_.Pe4f0da58_79eb_431d_8bc9_9a85d4853cc9_.9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{5D6736D5-0D77-46CE-9906-C4B2C679BF88}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Schlüssel Gefunden : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4f0da58-79eb-431d-8bc9-9a85d4853cc9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e4f0da58-79eb-431d-8bc9-9a85d4853cc9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7540FDBD-7FDC-30AE-3778-815CB87DBE46}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7540FDBD-7FDC-30AE-3778-815CB87DBE46}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v31.0 (x86 de)

[sectyxux.default] - Zeile gefunden : user_pref("extensions.quick_start.enable_search1", false);
[sectyxux.default] - Zeile gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", true);

-\\ Google Chrome v39.0.2171.95


-\\ Comodo Dragon v36.1.1.21


*************************

AdwCleaner[R0].txt - [9149 octets] - [02/02/2015 09:40:49]
AdwCleaner[R1].txt - [9053 octets] - [02/02/2015 10:47:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [9113 octets] ##########
Und das Log von Malwarebytes Daily Protection:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 02.02.2015 08:39:29, SYSTEM, USER-PC, Protection, Malware Protection, Starting,
Protection, 02.02.2015 08:39:29, SYSTEM, USER-PC, Protection, Malware Protection, Started,
Protection, 02.02.2015 08:39:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting,
Protection, 02.02.2015 08:39:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started,
Update, 02.02.2015 08:39:30, SYSTEM, USER-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 02.02.2015 08:39:30, SYSTEM, USER-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1,
Update, 02.02.2015 08:39:38, SYSTEM, USER-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.1.7,
Protection, 02.02.2015 08:39:38, SYSTEM, USER-PC, Protection, Refresh, Starting,
Protection, 02.02.2015 08:39:38, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping,
Protection, 02.02.2015 08:39:38, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped,
Protection, 02.02.2015 08:39:45, SYSTEM, USER-PC, Protection, Refresh, Success,
Protection, 02.02.2015 08:39:45, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting,
Protection, 02.02.2015 08:39:46, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started,
Detection, 02.02.2015 08:40:01, SYSTEM, USER-PC, Protection, Malware Protection, File, PUP.Optional.Multiplug, C:\Program Files (x86)\Carbon Footprint for Google Maps\Carbon Footprint for Google Maps.exe, Quarantine, [ff4cc851cac03303b205e7097d855ca4]
Detection, 02.02.2015 08:40:02, SYSTEM, USER-PC, Protection, Malware Protection, File, PUP.Optional.Multiplug, C:\Program Files (x86)\SoFaTeCouuP\oeSnIFsBhnbLpu.exe, Quarantine, [84c772a7a3e723135c5be20e7092db25]
Detection, 02.02.2015 08:40:03, SYSTEM, USER-PC, Protection, Malware Protection, File, PUP.Optional.Multiplug, C:\Program Files (x86)\deauLstier\deauLstier.exe, Quarantine, [e86349d04743a393536441aff2109a66]
Scan, 02.02.2015 09:01:04, SYSTEM, USER-PC, Manual, Start:02.02.2015 08:40:03, Duration:18 min 30 sec, Hyper Scan, Completed, 2 Malware Detections, 195 Non-Malware Detections,
Protection, 02.02.2015 09:03:55, SYSTEM, USER-PC, Protection, Malware Protection, Starting,
Protection, 02.02.2015 09:03:55, SYSTEM, USER-PC, Protection, Malware Protection, Started,
Protection, 02.02.2015 09:03:55, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting,
Protection, 02.02.2015 09:03:56, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started,
Detection, 02.02.2015 09:09:07, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49399, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:09:07, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49399, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:09:07, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49400, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:09:27, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49581, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Scan, 02.02.2015 09:11:13, SYSTEM, USER-PC, Manual, Start:02.02.2015 09:07:20, Duration:3 min 52 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 02.02.2015 09:11:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49819, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:11:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49819, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:11:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49820, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:11:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49821, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:11:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49822, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:11:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49823, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:12:22, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49879, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:14:13, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49994, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:14:33, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50039, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:15:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50110, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:15:11, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50123, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:15:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50137, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Scan, 02.02.2015 09:15:33, SYSTEM, USER-PC, Manual, Start:02.02.2015 09:12:09, Duration:3 min 23 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 02.02.2015 09:25:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50330, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50330, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50332, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50333, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50340, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:32, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50359, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:32, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50360, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:32, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50361, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:44, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50421, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:53, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50451, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:59, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50464, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:26:27, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50498, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:26:36, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50533, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:27:06, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50576, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:27:37, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50597, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:27:48, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50646, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:27:54, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50654, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:27:59, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50661, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:28:18, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50691, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:28:19, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50695, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:28:27, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50699, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:28:34, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50706, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:28:38, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50718, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:28:43, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50728, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:28:48, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50737, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:29:44, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50778, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:29:44, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50779, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:29:44, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50780, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:29:44, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50781, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:29:49, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50803, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:31:18, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50825, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:32:54, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50858, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:33:01, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50880, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:33:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50891, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:33:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50902, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:33:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50917, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:33:38, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50924, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:33:44, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50940, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:33:52, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50945, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:34:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50955, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:34:16, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50965, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:34:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50970, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:34:39, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50981, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:37:08, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51080, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:38:38, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51194, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:38:39, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51198, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:38:39, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51199, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:38:39, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51200, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:38:43, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51237, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:38:52, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51266, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:38:57, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51272, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:40:14, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51364, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:40:14, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51365, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:40:14, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51366, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:40:14, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51367, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:40:24, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51459, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:41:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51581, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:42:00, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51642, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:42:16, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51731, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:42:43, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51793, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51834, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51835, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51836, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51837, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:27, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51859, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:31, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51870, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:35, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51901, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:49, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51938, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:44:00, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51955, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:44:00, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51956, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:44:00, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51957, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:44:01, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51978, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:44:08, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51994, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:44:19, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52018, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:44:22, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52033, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:45:38, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52085, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:49:56, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52122, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:49:56, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52123, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:49:57, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52132, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:01, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52149, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52170, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:25, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52182, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:25, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52183, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:26, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52197, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52204, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:43, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52239, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:47, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52298, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:51:01, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52321, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:51:37, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52337, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Update, 02.02.2015 10:01:25, SYSTEM, USER-PC, Scheduler, Malware Database, 2015.2.1.7, 2015.2.2.1,
Protection, 02.02.2015 10:01:25, SYSTEM, USER-PC, Protection, Refresh, Starting,
Protection, 02.02.2015 10:01:25, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping,
Protection, 02.02.2015 10:01:25, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped,
Protection, 02.02.2015 10:04:39, SYSTEM, USER-PC, Protection, Refresh, Success,
Protection, 02.02.2015 10:04:39, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting,
Protection, 02.02.2015 10:04:40, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started,
Detection, 02.02.2015 10:11:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52473, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:11:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52473, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:11:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52476, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:11:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52504, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:12:15, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52591, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:12:35, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52616, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:13:10, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52635, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:13:10, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52636, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:13:10, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52637, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:13:27, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52742, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:14:02, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52827, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:14:16, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52879, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:14:33, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52926, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:00, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52956, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52971, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:27, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53002, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:31, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53010, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:37, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53018, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53023, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:44, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53029, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:47, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53035, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:51, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53039, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:17:04, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53054, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:17:33, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53064, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:17:42, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53076, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:18:00, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53085, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:18:33, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53143, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:18:47, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53175, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:18:54, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53187, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:19:13, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53212, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:19:26, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53234, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:19:39, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53258, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:19:46, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53276, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:19:54, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53301, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:20:02, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53350, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:20:07, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53366, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:20:18, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53399, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:20:26, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53428, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:20:31, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53463, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:21:21, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53515, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:21:32, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53550, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:21:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53612, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:21:43, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53627, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:22:03, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53683, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:22:04, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53686, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:22:09, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53695, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:22:40, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53712, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:22:49, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53744, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:22:58, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53764, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:23:09, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53791, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:23:19, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53821, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:23:27, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53849, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:23:37, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53865, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:23:57, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53886, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:23:59, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53902, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:24:21, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54004, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:24:49, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54037, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:24:53, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54047, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:24:59, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54054, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:25:07, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54104, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:26:34, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54194, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:30:14, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54284, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:31:48, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54321, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:32:06, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54373, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:33:12, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54403, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:03, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54540, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:03, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54541, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:09, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54634, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54702, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54703, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54704, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54705, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:35, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54722, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:35, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54723, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:35, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54724, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:35, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54725, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:37, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54731, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:37, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54732, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:37, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54733, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:40, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54772, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:40, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54791, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:40, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54792, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:40, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54793, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:44:54, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54963, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:44:54, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54987, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:44:54, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54988, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:44:56, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 55008, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:45:13, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 55068, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:45:19, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 55078, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:45:58, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 55127, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:46:19, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 55144, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:48:13, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 55169, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:48:17, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 55189, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,

(end)

Nathan Grey 02.02.2015 10:51
Und das Log von Malwarebytes Daily Protection:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 02.02.2015 08:39:29, SYSTEM, USER-PC, Protection, Malware Protection, Starting,
Protection, 02.02.2015 08:39:29, SYSTEM, USER-PC, Protection, Malware Protection, Started,
Protection, 02.02.2015 08:39:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting,
Protection, 02.02.2015 08:39:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started,
Update, 02.02.2015 08:39:30, SYSTEM, USER-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 02.02.2015 08:39:30, SYSTEM, USER-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1,
Update, 02.02.2015 08:39:38, SYSTEM, USER-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.1.7,
Protection, 02.02.2015 08:39:38, SYSTEM, USER-PC, Protection, Refresh, Starting,
Protection, 02.02.2015 08:39:38, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping,
Protection, 02.02.2015 08:39:38, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped,
Protection, 02.02.2015 08:39:45, SYSTEM, USER-PC, Protection, Refresh, Success,
Protection, 02.02.2015 08:39:45, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting,
Protection, 02.02.2015 08:39:46, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started,
Detection, 02.02.2015 08:40:01, SYSTEM, USER-PC, Protection, Malware Protection, File, PUP.Optional.Multiplug, C:\Program Files (x86)\Carbon Footprint for Google Maps\Carbon Footprint for Google Maps.exe, Quarantine, [ff4cc851cac03303b205e7097d855ca4]
Detection, 02.02.2015 08:40:02, SYSTEM, USER-PC, Protection, Malware Protection, File, PUP.Optional.Multiplug, C:\Program Files (x86)\SoFaTeCouuP\oeSnIFsBhnbLpu.exe, Quarantine, [84c772a7a3e723135c5be20e7092db25]
Detection, 02.02.2015 08:40:03, SYSTEM, USER-PC, Protection, Malware Protection, File, PUP.Optional.Multiplug, C:\Program Files (x86)\deauLstier\deauLstier.exe, Quarantine, [e86349d04743a393536441aff2109a66]
Scan, 02.02.2015 09:01:04, SYSTEM, USER-PC, Manual, Start:02.02.2015 08:40:03, Duration:18 min 30 sec, Hyper Scan, Completed, 2 Malware Detections, 195 Non-Malware Detections,
Protection, 02.02.2015 09:03:55, SYSTEM, USER-PC, Protection, Malware Protection, Starting,
Protection, 02.02.2015 09:03:55, SYSTEM, USER-PC, Protection, Malware Protection, Started,
Protection, 02.02.2015 09:03:55, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting,
Protection, 02.02.2015 09:03:56, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started,
Detection, 02.02.2015 09:09:07, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49399, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:09:07, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49399, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:09:07, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49400, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:09:27, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49581, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Scan, 02.02.2015 09:11:13, SYSTEM, USER-PC, Manual, Start:02.02.2015 09:07:20, Duration:3 min 52 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 02.02.2015 09:11:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49819, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:11:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49819, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:11:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49820, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:11:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49821, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:11:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49822, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:11:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49823, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:12:22, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49879, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:14:13, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 49994, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:14:33, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50039, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:15:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50110, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:15:11, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50123, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:15:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50137, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Scan, 02.02.2015 09:15:33, SYSTEM, USER-PC, Manual, Start:02.02.2015 09:12:09, Duration:3 min 23 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 02.02.2015 09:25:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50330, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50330, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50332, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50333, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50340, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:32, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50359, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:32, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50360, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:32, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50361, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:44, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50421, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:53, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50451, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:25:59, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50464, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:26:27, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50498, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:26:36, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50533, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:27:06, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50576, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:27:37, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50597, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:27:48, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50646, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:27:54, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50654, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:27:59, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50661, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:28:18, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50691, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:28:19, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50695, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:28:27, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50699, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:28:34, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50706, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:28:38, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50718, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:28:43, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50728, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:28:48, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50737, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:29:44, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50778, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:29:44, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50779, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:29:44, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50780, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:29:44, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50781, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:29:49, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50803, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:31:18, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50825, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:32:54, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50858, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:33:01, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50880, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:33:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50891, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:33:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50902, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:33:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50917, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:33:38, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50924, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:33:44, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50940, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:33:52, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50945, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:34:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50955, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:34:16, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50965, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:34:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50970, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:34:39, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 50981, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:37:08, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51080, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:38:38, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51194, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:38:39, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51198, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:38:39, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51199, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:38:39, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51200, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:38:43, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51237, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:38:52, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51266, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:38:57, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51272, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:40:14, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51364, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:40:14, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51365, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:40:14, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51366, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:40:14, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51367, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:40:24, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51459, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:41:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51581, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:42:00, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51642, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:42:16, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51731, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:42:43, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51793, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51834, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51835, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51836, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51837, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:27, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51859, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:31, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51870, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:35, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51901, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:43:49, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51938, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:44:00, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51955, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:44:00, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51956, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:44:00, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51957, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:44:01, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51978, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:44:08, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 51994, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:44:19, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52018, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:44:22, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52033, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:45:38, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52085, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:49:56, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52122, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:49:56, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52123, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:49:57, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52132, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:01, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52149, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52170, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:25, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52182, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:25, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52183, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:26, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52197, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52204, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:43, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52239, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:50:47, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52298, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:51:01, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52321, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 09:51:37, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52337, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Update, 02.02.2015 10:01:25, SYSTEM, USER-PC, Scheduler, Malware Database, 2015.2.1.7, 2015.2.2.1,
Protection, 02.02.2015 10:01:25, SYSTEM, USER-PC, Protection, Refresh, Starting,
Protection, 02.02.2015 10:01:25, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping,
Protection, 02.02.2015 10:01:25, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped,
Protection, 02.02.2015 10:04:39, SYSTEM, USER-PC, Protection, Refresh, Success,
Protection, 02.02.2015 10:04:39, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting,
Protection, 02.02.2015 10:04:40, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started,
Detection, 02.02.2015 10:11:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52473, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:11:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52473, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:11:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52476, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:11:20, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52504, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:12:15, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52591, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:12:35, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52616, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:13:10, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52635, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:13:10, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52636, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:13:10, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52637, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:13:27, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52742, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:14:02, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52827, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:14:16, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52879, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:14:33, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52926, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:00, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52956, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:05, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 52971, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:27, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53002, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:31, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53010, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:37, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53018, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53023, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:44, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53029, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:47, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53035, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:16:51, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53039, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:17:04, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53054, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:17:33, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53064, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:17:42, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53076, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:18:00, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53085, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:18:33, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53143, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:18:47, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53175, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:18:54, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53187, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:19:13, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53212, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:19:26, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53234, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:19:39, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53258, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:19:46, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53276, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:19:54, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53301, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:20:02, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53350, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:20:07, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53366, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:20:18, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53399, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:20:26, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53428, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:20:31, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53463, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:21:21, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53515, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:21:32, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53550, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:21:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53612, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:21:43, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53627, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:22:03, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53683, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:22:04, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53686, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:22:09, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53695, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:22:40, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53712, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:22:49, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53744, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:22:58, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53764, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:23:09, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53791, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:23:19, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53821, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:23:27, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53849, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:23:37, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53865, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:23:57, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53886, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:23:59, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 53902, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:24:21, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54004, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:24:49, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54037, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:24:53, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54047, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:24:59, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54054, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:25:07, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54104, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:26:34, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54194, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:30:14, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54284, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:31:48, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54321, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:32:06, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54373, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:33:12, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54403, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:03, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54540, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:03, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54541, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:09, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54634, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54702, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54703, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54704, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:29, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54705, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:35, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54722, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:35, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54723, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:35, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54724, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:35, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54725, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:37, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54731, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:37, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54732, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:37, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54733, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:40, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54772, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:40, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54791, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:40, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54792, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:41:40, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54793, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:44:54, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54963, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:44:54, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54987, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:44:54, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 54988, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:44:56, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 55008, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:45:13, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 55068, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:45:19, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 55078, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:45:58, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 55127, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:46:19, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 55144, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:48:13, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 55169, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 02.02.2015 10:48:17, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 5.153.38.133, ran.bfylueopfyia.com, 55189, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,

(end)

schrauber 02.02.2015 11:31
hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    deauLstier

    SoFaTeCouuP


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 



Und dann nochmal:


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Nathan Grey 02.02.2015 12:50
Soll ich Malwarebytes und AdwCleaner nochmals installieren oder reicht die vorhandene Installation aus?

Malwarebytes Log, wobei ich nach dem obigen Scan schon alle schädlichen Dateien in Quarantäne verschoben hatte.
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 02.02.2015
Suchlauf-Zeit: 11:50:14
Logdatei:
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.02.01
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 335236
Verstrichene Zeit: 15 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
AdwCleaner Log

Code:
# AdwCleaner v4.109 - Bericht erstellt am 02/02/2015 um 12:10:35
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 8.1 Connected  (64 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Downloads\AdwCleaner09.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
[#] Dienst Gelöscht : 51cdb72

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\CoupScaiNNnner
Ordner Gelöscht : C:\ProgramData\SSAverAddon
Ordner Gelöscht : C:\ProgramData\58f30cfa85c1a7c6
Ordner Gelöscht : C:\ProgramData\6409480964803766214
Ordner Gelöscht : C:\Program Files (x86)\deauLstier
Ordner Gelöscht : C:\Program Files (x86)\SoFaTeCouuP
Ordner Gelöscht : C:\Users\User\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\User\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\User\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\User\Documents\Optimizer Pro
Datei Gelöscht : C:\Users\Public\Desktop\GeekBuddy.lnk
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk

***** [ Tasks ] *****

Task Gelöscht : Run_Bobby_Browser

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pe4f0da58_79eb_431d_8bc9_9a85d4853cc9_.Pe4f0da58_79eb_431d_8bc9_9a85d4853cc9_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pe4f0da58_79eb_431d_8bc9_9a85d4853cc9_.Pe4f0da58_79eb_431d_8bc9_9a85d4853cc9_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{e4f0da58-79eb-431d-8bc9-9a85d4853cc9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5D6736D5-0D77-46CE-9906-C4B2C679BF88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4f0da58-79eb-431d-8bc9-9a85d4853cc9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e4f0da58-79eb-431d-8bc9-9a85d4853cc9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BetterMarkIt
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v31.0 (x86 de)

[sectyxux.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[sectyxux.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", true);

-\\ Google Chrome v39.0.2171.95


-\\ Comodo Dragon v36.1.1.21


*************************

AdwCleaner[R0].txt - [9149 octets] - [02/02/2015 09:40:49]
AdwCleaner[R1].txt - [9209 octets] - [02/02/2015 10:47:08]
AdwCleaner[R2].txt - [8797 octets] - [02/02/2015 12:08:13]
AdwCleaner[S0].txt - [9308 octets] - [02/02/2015 12:10:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9368 octets] ##########
JRT Log
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Connected x64
Ran by User on 02.02.2015 at 12:17:59,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\sectyxux.default\extensions\staged



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.02.2015 at 12:40:36,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by User (administrator) on USER-PC on 02-02-2015 12:49:18
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2015-01-08] (COMODO)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-12] (Comodo Security Solutions, Inc.)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [uTorrent] => "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-02] (Electronic Arts)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com?fr=fp-comodo
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1723894221-2360630800-121186594-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-1723894221-2360630800-121186594-1001 -> {9FB76076-0B46-4329-9C1D-42A4945D8128} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{780112F8-DAE7-4F4D-B811-86258285B676}: [NameServer] 156.154.70.25,156.154.71.25
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default
FF Homepage: hxxp://de.yahoo.com?fr=fp-comodo
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-12-08]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com [Not Found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default ->
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-13]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-13]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-13]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-13]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]
CHR Extension: (Carbon Footprint for Google Maps) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh [2015-02-02]
CHR Extension: (Google Tabellen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-13]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2015-01-12] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-01-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-01-08] (COMODO)
S2 d164f2af; c:\Program Files (x86)\IndepthEngine\IndepthEngine.dll [2030080 2015-01-12] () [File not signed]
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-12] (Comodo Security Solutions, Inc.)
R2 Haufe FabricHostService; C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe [23080 2014-09-18] (Haufe-Lexware GmbH & Co. KG)
R2 Lexware_Professional_Datenbank; C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe [142640 2014-08-07] (iAnywhere Solutions, Inc.)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-10-02] (Haufe-Lexware GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-02-02] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2015-02-02] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-02] (Electronic Arts)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2014-12-09] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2014-12-09] (COMODO)
S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2013-06-18] (Microsoft Corp.)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2014-12-09] (COMODO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-02-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-02-02] (Malwarebytes Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-02-10] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-02-10] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700424 2014-02-10] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\Windows\Temp\OA3\ASUS\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
S3 RwDrv; \??\C:\Windows\system32\Drivers\RwDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 12:40 - 2015-02-02 12:40 - 00000900 _____ () C:\Users\User\Desktop\JRT.txt
2015-02-02 12:17 - 2015-02-02 12:17 - 00000000 ____D () C:\Windows\ERUNT
2015-02-02 12:07 - 2015-02-02 12:07 - 00055623 _____ () C:\Users\User\Desktop\Anleitung Malware.odt
2015-02-02 11:45 - 2015-02-02 11:45 - 01707939 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2015-02-02 11:41 - 2015-02-02 11:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2015-02-02 11:41 - 2015-02-02 11:41 - 00001287 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-02-02 11:41 - 2015-02-02 11:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-02 09:40 - 2015-02-02 12:10 - 00000000 ____D () C:\AdwCleaner
2015-02-02 09:40 - 2015-02-02 09:40 - 02194432 _____ () C:\Users\User\Downloads\AdwCleaner09.exe
2015-02-02 09:28 - 2015-02-02 09:31 - 00042875 _____ () C:\Users\User\Downloads\Addition.txt
2015-02-02 09:27 - 2015-02-02 12:49 - 00019486 _____ () C:\Users\User\Downloads\FRST.txt
2015-02-02 09:27 - 2015-02-02 12:49 - 00000000 ____D () C:\FRST
2015-02-02 09:26 - 2015-02-02 09:26 - 02131456 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-02-02 09:02 - 2015-02-02 12:11 - 00048348 _____ () C:\Windows\PFRO.log
2015-02-02 08:39 - 2015-02-02 12:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 08:31 - 2015-02-02 08:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-02 07:12 - 2015-02-02 08:40 - 00000000 ____D () C:\Program Files (x86)\Carbon Footprint for Google Maps
2015-01-15 07:53 - 2015-01-15 07:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\dvdcss
2015-01-15 07:52 - 2015-01-15 12:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-01-15 07:47 - 2015-01-15 07:47 - 00000894 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-15 07:47 - 2015-01-15 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-15 07:47 - 2015-01-15 07:47 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-15 07:35 - 2015-01-15 07:35 - 25611537 _____ () C:\Users\User\Downloads\vlc-2.1.5-win64.exe
2015-01-15 07:34 - 2015-01-15 07:34 - 01179936 _____ () C:\Users\User\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2015-01-14 11:48 - 2015-01-14 11:48 - 00000000 ____D () C:\Users\User\AppData\Local\Blizzard
2015-01-14 11:34 - 2015-01-14 11:48 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-01-14 11:34 - 2015-01-14 11:34 - 00001174 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-01-14 11:34 - 2015-01-14 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-01-14 11:32 - 2015-01-19 15:31 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2015-01-14 11:32 - 2015-01-14 11:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Battle.net
2015-01-14 11:32 - 2015-01-14 11:32 - 00001137 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\Users\User\AppData\Local\Blizzard Entertainment
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-14 11:29 - 2015-01-14 11:29 - 03099552 _____ (Blizzard Entertainment) C:\Users\User\Downloads\Hearthstone-Setup-deDE.exe
2015-01-14 11:29 - 2015-01-14 11:29 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-14 10:05 - 2015-01-26 11:17 - 00022016 _____ () C:\Users\User\Desktop\Lohn Checkliste 2015.xls
2015-01-14 06:50 - 2015-01-14 06:50 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:50 - 2015-01-14 06:50 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 06:50 - 2015-01-14 06:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-13 09:06 - 2015-01-13 09:06 - 00015872 _____ () C:\Users\User\Downloads\Terms NumeneraV2.xls
2015-01-12 14:18 - 2015-01-12 14:18 - 00000325 _____ () C:\Users\User\Downloads\BK_HOER_000966DE_LC_64_44100_ster_AGPRT2WQGBJ70.adh
2015-01-12 07:02 - 2015-02-02 12:12 - 00002868 _____ () C:\Windows\setupact.log
2015-01-12 07:02 - 2015-01-12 07:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 06:52 - 2015-01-12 06:52 - 00000000 ____D () C:\Program Files (x86)\IndepthEngine
2015-01-08 13:55 - 2015-01-08 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-08 13:52 - 2015-01-08 13:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-08 13:52 - 2015-01-08 13:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-08 11:07 - 2015-02-02 12:11 - 01362739 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 10:54 - 2015-01-08 10:54 - 00003028 _____ () C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2015-01-08 10:27 - 2015-01-08 10:27 - 00000000 ____D () C:\Users\User\Desktop\PARAGON2
2015-01-08 10:17 - 2015-02-02 12:11 - 00755872 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-01-08 10:17 - 2015-01-08 10:17 - 00000000 ___HD () C:\VTRoot
2015-01-08 09:31 - 2015-02-02 12:41 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-01-08 09:31 - 2015-01-08 10:54 - 00002001 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-01-08 09:31 - 2015-01-08 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-01-08 09:31 - 2015-01-08 09:31 - 00000000 ____D () C:\ProgramData\Shared Space
2015-01-08 09:30 - 2015-01-08 09:30 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2015-01-08 09:30 - 2015-01-08 09:30 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-08 09:29 - 2015-01-08 09:29 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-01-08 09:27 - 2015-01-12 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-01-08 09:27 - 2015-01-08 09:31 - 00001067 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2015-01-08 09:27 - 2015-01-08 09:31 - 00000000 ____D () C:\Program Files\COMODO
2015-01-08 09:27 - 2015-01-08 09:30 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2015-01-08 09:27 - 2015-01-08 09:27 - 00000000 ____D () C:\Users\User\AppData\Local\Comodo
2015-01-08 09:27 - 2015-01-08 09:27 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-01-08 09:25 - 2015-01-08 09:31 - 00000000 ____D () C:\ProgramData\Comodo
2015-01-06 08:41 - 2015-01-06 08:41 - 00001010 _____ () C:\Users\Public\Desktop\Xleaner.lnk
2015-01-06 08:41 - 2015-01-06 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xleaner
2015-01-06 08:41 - 2015-01-06 08:41 - 00000000 ____D () C:\Program Files (x86)\Xleaner
2015-01-06 08:41 - 2005-04-15 16:58 - 01351392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2015-01-06 08:41 - 1998-06-23 22:00 - 00209192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.ocx
2015-01-06 08:38 - 2015-01-06 08:38 - 00001420 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2015-01-06 08:38 - 2015-01-06 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-01-06 08:37 - 2015-01-06 08:37 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-01-05 09:21 - 2015-01-26 13:01 - 00002234 _____ () C:\Users\Public\Desktop\Lexware professional.lnk
2015-01-05 08:50 - 2015-01-06 12:33 - 00000000 ____D () C:\Users\User\Documents\Sicherungen
2015-01-05 07:11 - 2015-01-05 07:17 - 00000000 ____D () C:\Users\User\AppData\Local\CyberGhost
2015-01-05 07:11 - 2015-01-05 07:11 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-05 07:10 - 2015-01-05 07:11 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-01-05 07:10 - 2015-01-05 07:10 - 00001747 _____ () C:\Users\User\Desktop\CyberGhost 5.lnk
2015-01-05 07:10 - 2015-01-05 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-05 06:58 - 2015-01-05 06:58 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 12:41 - 2014-07-25 13:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1723894221-2360630800-121186594-1001
2015-02-02 12:18 - 2014-08-04 19:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\ClassicShell
2015-02-02 12:15 - 2014-11-13 06:49 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-02 12:14 - 2014-12-10 11:48 - 00000000 ____D () C:\ProgramData\Origin
2015-02-02 12:13 - 2014-12-10 11:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-02 12:12 - 2014-12-01 08:11 - 00001696 _____ () C:\Windows\Tasks\QMCTYMH.job
2015-02-02 12:12 - 2014-12-01 08:11 - 00001348 _____ () C:\Windows\Tasks\BAGDZ.job
2015-02-02 12:12 - 2014-11-13 06:51 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 12:12 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 12:11 - 2014-06-02 06:57 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-02-02 12:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-02 12:10 - 2014-11-13 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-02 12:10 - 2014-08-08 11:17 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 12:10 - 2014-08-08 11:17 - 00001068 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-02 12:10 - 2014-07-25 13:49 - 00001012 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-02 12:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-02 11:58 - 2014-11-12 15:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 11:56 - 2014-11-13 06:51 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 10:56 - 2014-05-16 09:12 - 00792962 _____ () C:\Windows\system32\perfh010.dat
2015-02-02 10:56 - 2014-05-16 09:12 - 00155884 _____ () C:\Windows\system32\perfc010.dat
2015-02-02 10:56 - 2014-03-18 10:47 - 03071032 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 10:56 - 2014-03-18 10:30 - 01020334 _____ () C:\Windows\system32\perfh007.dat
2015-02-02 10:56 - 2014-03-18 10:30 - 00243490 _____ () C:\Windows\system32\perfc007.dat
2015-02-02 10:26 - 2014-11-13 09:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\apsec
2015-02-02 10:13 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-02 07:31 - 2014-11-13 08:13 - 00000000 ____D () C:\ProgramData\Lexware
2015-02-02 07:04 - 2014-12-11 06:40 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-02 07:04 - 2014-12-11 06:40 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 06:56 - 2014-08-04 20:07 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EF0CCB0B-59C3-41A1-9692-9080F675BEC0}
2015-01-26 13:01 - 2014-11-13 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-01-26 12:40 - 2014-11-13 13:05 - 00000000 ____D () C:\Users\User\Documents\Büro
2015-01-26 11:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-26 09:58 - 2014-11-12 15:17 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 08:29 - 2014-08-08 11:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:24 - 2014-08-08 11:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 07:59 - 2014-11-13 11:29 - 00000000 ____D () C:\Users\User\AppData\Local\Audible
2015-01-13 11:53 - 2014-11-13 07:59 - 00000000 ____D () C:\Users\User\Desktop\Günster Privat
2015-01-12 10:14 - 2014-12-01 07:41 - 00000744 _____ () C:\Users\User\Documents\builder_known_files.txt
2015-01-08 09:43 - 2014-05-20 11:17 - 00000000 ____D () C:\Windows\Panther
2015-01-08 09:12 - 2014-12-01 08:14 - 00000000 ____D () C:\Program Files (x86)\G Data
2015-01-08 09:12 - 2014-11-13 08:51 - 00000000 ____D () C:\ProgramData\G Data
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-01-06 12:35 - 2014-11-19 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\svnet
2015-01-06 12:35 - 2014-11-19 10:11 - 00000000 ____D () C:\Program Files (x86)\svnet
2015-01-06 08:38 - 2014-11-12 15:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-05 11:30 - 2014-11-13 08:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lexware
2015-01-05 09:23 - 2014-11-13 08:14 - 00000000 ____D () C:\Program Files (x86)\Lexware
2015-01-05 09:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2015-01-05 09:21 - 2014-11-13 08:14 - 00000248 _____ () C:\Windows\ODBC.INI
2015-01-05 07:17 - 2014-07-25 13:49 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-12-10 14:45 - 0001171 _____ () C:\Users\User\AppData\Roaming\BAGDZ
2014-12-01 08:17 - 2014-12-01 08:17 - 0000000 _____ () C:\Users\User\AppData\Roaming\gdfw.log
2014-12-01 08:17 - 2014-12-01 08:17 - 0000779 _____ () C:\Users\User\AppData\Roaming\gdscan.log

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\4zdjbeis.dll
C:\Users\User\AppData\Local\Temp\m6mqrges.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-26 11:39

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 02.02.2015 17:46

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Nathan Grey 03.02.2015 10:30
Eset Online Scanner Log
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ee9656783ba63740807973acb264dff7
# engine=22281
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-03 09:13:44
# local_time=2015-02-03 10:13:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3081 16777213 87 100 2243667 56910864 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5545212 13259143 0 0
# scanned=225626
# found=12
# cleaned=0
# scan_time=12080
sh=926F6FA56DB1634985C134A3DD9FC6E83063F4E2 ft=1 fh=c71c0011b9f579a9 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoFaTeCouuP\oeSnIFsBhnbLpu.dll.vir"
sh=DE07B6A229741C068CC701185B689E47FF08B66D ft=1 fh=bbdf2839debd73d8 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoFaTeCouuP\oeSnIFsBhnbLpu.x64.dll.vir"
sh=56581D6943C33C3A2748D25233D423DF8F56033D ft=1 fh=c71c0011bd943113 vn="Variante von Win32/SProtector.N evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\IndepthEngine\IndepthEngine.dll"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{0CF4596C-33B1-4735-80E7-9292CCB8FF75}"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{0CF4596C-33B1-4735-80E7-9292CCB8FF75}"
sh=75E62C9F98C537D9BCA60B03792E717DB18EEFC6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh\152\HVNxZVc9.js"
sh=9F7B9E7E4913995C217D9A0894AA158B7493C175 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh\152\lsdb.js"
sh=C0794B81D4232F94E3E59917E6EFE025A5AC72D4 ft=1 fh=793aa3eeb17df0ba vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\Conduit\Community Alerts\Alert.dll"
sh=642822CB36493733B829D20B514471B46C5B0BD5 ft=1 fh=045ef86e0ed41b34 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\Conduit\CT3317893\RadioTotal4ToolbarHelper.exe"
sh=951F1464C34CDFE104A888C3F1E31FFA3C58077E ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx"
sh=DF1D3DB3B839BBEFA71C3CC67836EE4FD2683909 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.172_0\extensionData\plugins\91.js"
sh=AE378B94F7B46B61BA74A80354CE826B38744370 ft=1 fh=6505bda392dd1995 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\VLC media player 64 Bit - CHIP-Installer.exe"
Security Check Log
Code:
Results of screen317's Security Check version 0.99.95 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
COMODO Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player        16.0.0.296 
 Adobe Reader XI 
 Mozilla Firefox 31.0 Firefox out of Date! 
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent```````` 
 Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by User (administrator) on USER-PC on 03-02-2015 10:26:31
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2015-01-08] (COMODO)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-12] (Comodo Security Solutions, Inc.)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [uTorrent] => "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-02] (Electronic Arts)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com?fr=fp-comodo
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1723894221-2360630800-121186594-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-1723894221-2360630800-121186594-1001 -> {9FB76076-0B46-4329-9C1D-42A4945D8128} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{780112F8-DAE7-4F4D-B811-86258285B676}: [NameServer] 156.154.70.25,156.154.71.25
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default
FF Homepage: hxxp://de.yahoo.com?fr=fp-comodo
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-12-08]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default\extensions\faststartff@gmail.com [Not Found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default ->
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-13]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-13]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-13]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-13]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]
CHR Extension: (Carbon Footprint for Google Maps) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh [2015-02-02]
CHR Extension: (Google Tabellen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-13]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2015-01-12] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-01-08] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-01-08] (COMODO)
S2 d164f2af; c:\Program Files (x86)\IndepthEngine\IndepthEngine.dll [2030080 2015-01-12] () [File not signed]
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-12] (Comodo Security Solutions, Inc.)
R2 Haufe FabricHostService; C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe [23080 2014-09-18] (Haufe-Lexware GmbH & Co. KG)
R2 Lexware_Professional_Datenbank; C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe [142640 2014-08-07] (iAnywhere Solutions, Inc.)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-10-02] (Haufe-Lexware GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-02-02] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2015-02-02] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-02] (Electronic Arts)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2014-12-09] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2014-12-09] (COMODO)
S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2013-06-18] (Microsoft Corp.)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2014-12-09] (COMODO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-02-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-02-02] (Malwarebytes Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-02-10] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-02-10] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700424 2014-02-10] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\Windows\Temp\OA3\ASUS\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
S3 RwDrv; \??\C:\Windows\system32\Drivers\RwDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 07:18 - 2015-02-03 07:18 - 00852573 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2015-02-03 06:50 - 2015-02-03 06:50 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_deu.exe
2015-02-02 12:40 - 2015-02-02 12:40 - 00000900 _____ () C:\Users\User\Desktop\JRT.txt
2015-02-02 12:17 - 2015-02-02 12:17 - 00000000 ____D () C:\Windows\ERUNT
2015-02-02 12:07 - 2015-02-02 12:07 - 00055623 _____ () C:\Users\User\Desktop\Anleitung Malware.odt
2015-02-02 11:45 - 2015-02-02 11:45 - 01707939 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2015-02-02 11:41 - 2015-02-02 11:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2015-02-02 11:41 - 2015-02-02 11:41 - 00001287 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-02-02 11:41 - 2015-02-02 11:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-02 09:40 - 2015-02-02 12:10 - 00000000 ____D () C:\AdwCleaner
2015-02-02 09:40 - 2015-02-02 09:40 - 02194432 _____ () C:\Users\User\Downloads\AdwCleaner09.exe
2015-02-02 09:28 - 2015-02-02 09:31 - 00042875 _____ () C:\Users\User\Downloads\Addition.txt
2015-02-02 09:27 - 2015-02-03 10:26 - 00019626 _____ () C:\Users\User\Downloads\FRST.txt
2015-02-02 09:27 - 2015-02-03 10:26 - 00000000 ____D () C:\FRST
2015-02-02 09:26 - 2015-02-02 09:26 - 02131456 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-02-02 09:02 - 2015-02-02 12:11 - 00048348 _____ () C:\Windows\PFRO.log
2015-02-02 08:39 - 2015-02-03 06:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 08:31 - 2015-02-02 08:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-02 07:12 - 2015-02-02 08:40 - 00000000 ____D () C:\Program Files (x86)\Carbon Footprint for Google Maps
2015-01-15 07:53 - 2015-01-15 07:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\dvdcss
2015-01-15 07:52 - 2015-01-15 12:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-01-15 07:47 - 2015-01-15 07:47 - 00000894 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-15 07:47 - 2015-01-15 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-15 07:47 - 2015-01-15 07:47 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-15 07:35 - 2015-01-15 07:35 - 25611537 _____ () C:\Users\User\Downloads\vlc-2.1.5-win64.exe
2015-01-15 07:34 - 2015-01-15 07:34 - 01179936 _____ () C:\Users\User\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2015-01-14 11:48 - 2015-01-14 11:48 - 00000000 ____D () C:\Users\User\AppData\Local\Blizzard
2015-01-14 11:34 - 2015-01-14 11:48 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-01-14 11:34 - 2015-01-14 11:34 - 00001174 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-01-14 11:34 - 2015-01-14 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-01-14 11:32 - 2015-01-19 15:31 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2015-01-14 11:32 - 2015-01-14 11:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Battle.net
2015-01-14 11:32 - 2015-01-14 11:32 - 00001137 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\Users\User\AppData\Local\Blizzard Entertainment
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-14 11:29 - 2015-01-14 11:29 - 03099552 _____ (Blizzard Entertainment) C:\Users\User\Downloads\Hearthstone-Setup-deDE.exe
2015-01-14 11:29 - 2015-01-14 11:29 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-14 10:05 - 2015-01-26 11:17 - 00022016 _____ () C:\Users\User\Desktop\Lohn Checkliste 2015.xls
2015-01-14 06:50 - 2015-01-14 06:50 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:50 - 2015-01-14 06:50 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 06:50 - 2015-01-14 06:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-13 09:06 - 2015-01-13 09:06 - 00015872 _____ () C:\Users\User\Downloads\Terms NumeneraV2.xls
2015-01-12 14:18 - 2015-01-12 14:18 - 00000325 _____ () C:\Users\User\Downloads\BK_HOER_000966DE_LC_64_44100_ster_AGPRT2WQGBJ70.adh
2015-01-12 07:02 - 2015-02-03 10:06 - 00003564 _____ () C:\Windows\setupact.log
2015-01-12 07:02 - 2015-01-12 07:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 06:52 - 2015-01-12 06:52 - 00000000 ____D () C:\Program Files (x86)\IndepthEngine
2015-01-08 13:55 - 2015-01-08 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-08 13:52 - 2015-01-08 13:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-08 13:52 - 2015-01-08 13:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-08 11:07 - 2015-02-03 08:43 - 01559840 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 10:54 - 2015-01-08 10:54 - 00003028 _____ () C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2015-01-08 10:27 - 2015-01-08 10:27 - 00000000 ____D () C:\Users\User\Desktop\PARAGON2
2015-01-08 10:17 - 2015-02-03 10:23 - 00756062 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-01-08 10:17 - 2015-01-08 10:17 - 00000000 ___HD () C:\VTRoot
2015-01-08 09:31 - 2015-02-03 10:23 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-01-08 09:31 - 2015-01-08 10:54 - 00002001 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-01-08 09:31 - 2015-01-08 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-01-08 09:31 - 2015-01-08 09:31 - 00000000 ____D () C:\ProgramData\Shared Space
2015-01-08 09:30 - 2015-01-08 09:30 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2015-01-08 09:30 - 2015-01-08 09:30 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-08 09:29 - 2015-01-08 09:29 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-01-08 09:27 - 2015-01-12 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-01-08 09:27 - 2015-01-08 09:31 - 00001067 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2015-01-08 09:27 - 2015-01-08 09:31 - 00000000 ____D () C:\Program Files\COMODO
2015-01-08 09:27 - 2015-01-08 09:30 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2015-01-08 09:27 - 2015-01-08 09:27 - 00000000 ____D () C:\Users\User\AppData\Local\Comodo
2015-01-08 09:27 - 2015-01-08 09:27 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-01-08 09:25 - 2015-01-08 09:31 - 00000000 ____D () C:\ProgramData\Comodo
2015-01-06 08:41 - 2015-01-06 08:41 - 00001010 _____ () C:\Users\Public\Desktop\Xleaner.lnk
2015-01-06 08:41 - 2015-01-06 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xleaner
2015-01-06 08:41 - 2015-01-06 08:41 - 00000000 ____D () C:\Program Files (x86)\Xleaner
2015-01-06 08:41 - 2005-04-15 16:58 - 01351392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2015-01-06 08:41 - 1998-06-23 22:00 - 00209192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.ocx
2015-01-06 08:38 - 2015-02-02 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-01-06 08:37 - 2015-02-02 13:07 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-01-05 09:21 - 2015-01-26 13:01 - 00002234 _____ () C:\Users\Public\Desktop\Lexware professional.lnk
2015-01-05 08:50 - 2015-01-06 12:33 - 00000000 ____D () C:\Users\User\Documents\Sicherungen
2015-01-05 07:11 - 2015-01-05 07:17 - 00000000 ____D () C:\Users\User\AppData\Local\CyberGhost
2015-01-05 07:11 - 2015-01-05 07:11 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-05 07:10 - 2015-01-05 07:11 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-01-05 07:10 - 2015-01-05 07:10 - 00001747 _____ () C:\Users\User\Desktop\CyberGhost 5.lnk
2015-01-05 07:10 - 2015-01-05 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-05 06:58 - 2015-01-05 06:58 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 10:26 - 2014-08-04 19:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\ClassicShell
2015-02-03 10:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-03 09:58 - 2014-11-12 15:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 09:56 - 2014-11-13 06:51 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 08:11 - 2014-12-01 08:11 - 00001696 _____ () C:\Windows\Tasks\QMCTYMH.job
2015-02-03 08:11 - 2014-12-01 08:11 - 00001348 _____ () C:\Windows\Tasks\BAGDZ.job
2015-02-03 06:56 - 2014-11-13 06:51 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 06:52 - 2014-08-04 20:07 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EF0CCB0B-59C3-41A1-9692-9080F675BEC0}
2015-02-03 06:52 - 2014-05-16 09:12 - 00792962 _____ () C:\Windows\system32\perfh010.dat
2015-02-03 06:52 - 2014-05-16 09:12 - 00155884 _____ () C:\Windows\system32\perfc010.dat
2015-02-03 06:52 - 2014-03-18 10:47 - 03071032 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 06:52 - 2014-03-18 10:30 - 01020334 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 06:52 - 2014-03-18 10:30 - 00243490 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 06:50 - 2014-12-10 11:48 - 00000000 ____D () C:\ProgramData\Origin
2015-02-03 06:50 - 2014-07-25 13:54 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1723894221-2360630800-121186594-1001
2015-02-03 06:47 - 2014-11-13 06:49 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-03 06:46 - 2014-12-10 11:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-03 06:43 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 15:18 - 2014-06-02 06:57 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-02-02 15:17 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-02 12:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-02 12:10 - 2014-11-13 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-02 12:10 - 2014-08-08 11:17 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 12:10 - 2014-08-08 11:17 - 00001068 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-02 12:10 - 2014-07-25 13:49 - 00001012 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-02 10:26 - 2014-11-13 09:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\apsec
2015-02-02 07:31 - 2014-11-13 08:13 - 00000000 ____D () C:\ProgramData\Lexware
2015-02-02 07:04 - 2014-12-11 06:40 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-02 07:04 - 2014-12-11 06:40 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 13:01 - 2014-11-13 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-01-26 12:40 - 2014-11-13 13:05 - 00000000 ____D () C:\Users\User\Documents\Büro
2015-01-26 11:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-26 09:58 - 2014-11-12 15:17 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 08:29 - 2014-08-08 11:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:24 - 2014-08-08 11:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 07:59 - 2014-11-13 11:29 - 00000000 ____D () C:\Users\User\AppData\Local\Audible
2015-01-13 11:53 - 2014-11-13 07:59 - 00000000 ____D () C:\Users\User\Desktop\Günster Privat
2015-01-12 10:14 - 2014-12-01 07:41 - 00000744 _____ () C:\Users\User\Documents\builder_known_files.txt
2015-01-08 09:43 - 2014-05-20 11:17 - 00000000 ____D () C:\Windows\Panther
2015-01-08 09:12 - 2014-12-01 08:14 - 00000000 ____D () C:\Program Files (x86)\G Data
2015-01-08 09:12 - 2014-11-13 08:51 - 00000000 ____D () C:\ProgramData\G Data
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-01-06 12:35 - 2014-11-19 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\svnet
2015-01-06 12:35 - 2014-11-19 10:11 - 00000000 ____D () C:\Program Files (x86)\svnet
2015-01-06 08:38 - 2014-11-12 15:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-05 11:30 - 2014-11-13 08:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lexware
2015-01-05 09:23 - 2014-11-13 08:14 - 00000000 ____D () C:\Program Files (x86)\Lexware
2015-01-05 09:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2015-01-05 09:21 - 2014-11-13 08:14 - 00000248 _____ () C:\Windows\ODBC.INI
2015-01-05 07:17 - 2014-07-25 13:49 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-12-10 14:45 - 0001171 _____ () C:\Users\User\AppData\Roaming\BAGDZ
2014-12-01 08:17 - 2014-12-01 08:17 - 0000000 _____ () C:\Users\User\AppData\Roaming\gdfw.log
2014-12-01 08:17 - 2014-12-01 08:17 - 0000779 _____ () C:\Users\User\AppData\Roaming\gdscan.log

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\4zdjbeis.dll
C:\Users\User\AppData\Local\Temp\m6mqrges.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-26 11:39

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Ach ja die unerwünschte Werbung ist jetzt übrigens nicht mehr vorhanden.

schrauber 03.02.2015 12:04
Java und Firefox updaten.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
S2 d164f2af; c:\Program Files (x86)\IndepthEngine\IndepthEngine.dll [2030080 2015-01-12] () [File not signed]

C:\Program Files (x86)\IndepthEngine

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh\152\HVNxZVc9.js

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh\152\lsdb.js

C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\Conduit\Community Alerts\Alert.dll

C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\Conduit\CT3317893\RadioTotal4ToolbarHelper.exe

C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx

C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.172_0\extensionData\plugins\91.js

C:\Users\User\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\Windows\Temp\OA3\ASUS\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte.

Nathan Grey 03.02.2015 12:34
Da ist sie schon
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by User at 2015-02-03 12:27:31 Run:1
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S2 d164f2af; c:\Program Files (x86)\IndepthEngine\IndepthEngine.dll [2030080 2015-01-12] () [File not signed]

C:\Program Files (x86)\IndepthEngine

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh\152\HVNxZVc9.js

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh\152\lsdb.js

C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\Conduit\Community Alerts\Alert.dll

C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\Conduit\CT3317893\RadioTotal4ToolbarHelper.exe

C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx

C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.172_0\extensionData\plugins\91.js

C:\Users\User\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\Windows\Temp\OA3\ASUS\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
Emptytemp:
       
*****************

d164f2af => Service deleted successfully.
C:\Program Files (x86)\IndepthEngine => Moved successfully.
"C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh\152\HVNxZVc9.js" => File/Directory not found.
"C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh\152\lsdb.js" => File/Directory not found.
C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\Conduit\Community Alerts\Alert.dll => Moved successfully.
C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\Conduit\CT3317893\RadioTotal4ToolbarHelper.exe => Moved successfully.
C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx => Moved successfully.
C:\Users\User\Desktop\Günster Privat\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.172_0\extensionData\plugins\91.js => Moved successfully.
C:\Users\User\Downloads\VLC media player 64 Bit - CHIP-Installer.exe => Moved successfully.
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
e1edc438-f640-4184-a443-d2a7c37a01dc => Service deleted successfully.
EmptyTemp: => Removed 84.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:27:38 ====

schrauber 03.02.2015 13:33
und das frische FRST Log?

Nathan Grey 03.02.2015 13:41
Habe ich wegen dem Runterfahren vergessen, tut mir leid.

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by User (administrator) on USER-PC on 03-02-2015 13:39:54
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2015-01-08] (COMODO)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-12] (Comodo Security Solutions, Inc.)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [uTorrent] => "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-02] (Electronic Arts)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1723894221-2360630800-121186594-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com?fr=fp-comodo
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1723894221-2360630800-121186594-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-1723894221-2360630800-121186594-1001 -> {9FB76076-0B46-4329-9C1D-42A4945D8128} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{780112F8-DAE7-4F4D-B811-86258285B676}: [NameServer] 156.154.70.25,156.154.71.25
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sectyxux.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://de.yahoo.com?fr=fp-comodo
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-12-08]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-03]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-03]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-03]
CHR Extension: (Google Tabellen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-03]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-03]
CHR Extension: (Compete) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh [2015-02-03]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2015-01-12] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-01-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-01-08] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-12] (Comodo Security Solutions, Inc.)
R2 Haufe FabricHostService; C:\Program Files (x86)\Lexware\services\Haufe.FabricHostService.exe [23080 2014-09-18] (Haufe-Lexware GmbH & Co. KG)
R2 Lexware_Professional_Datenbank; C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe [142640 2014-08-07] (iAnywhere Solutions, Inc.)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-10-02] (Haufe-Lexware GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-02-02] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2015-02-02] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-02] (Electronic Arts)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2014-12-09] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2014-12-09] (COMODO)
S3 dc21x4vm; C:\Windows\system32\DRIVERS\dc21x4vm.sys [57344 2013-06-18] (Microsoft Corp.)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2014-12-09] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-02-02] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-02-02] (Malwarebytes Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-02-10] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-02-10] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700424 2014-02-10] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 DIRECTIO; \??\UNC\srv1c027.wds8.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S3 RwDrv; \??\C:\Windows\system32\Drivers\RwDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 12:54 - 2015-02-03 12:54 - 00001484 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2015-02-03 12:54 - 2015-02-03 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2015-02-03 12:53 - 2015-02-03 12:54 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2015-02-03 12:42 - 2015-02-03 12:44 - 225890304 _____ () C:\Users\User\Downloads\LibreOffice_4.3.5_Win_x86.msi
2015-02-03 12:25 - 2015-02-03 12:25 - 00002274 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 12:25 - 2015-02-03 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-03 12:24 - 2015-02-03 13:29 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 12:24 - 2015-02-03 12:29 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 12:24 - 2015-02-03 12:24 - 00880784 _____ (Google Inc.) C:\Users\User\Downloads\ChromeSetup.exe
2015-02-03 12:24 - 2015-02-03 12:24 - 00004094 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 12:24 - 2015-02-03 12:24 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 12:21 - 2015-02-03 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-03 10:57 - 2015-02-03 10:57 - 13087456 _____ (Microsoft Corporation) C:\Users\User\Downloads\Silverlight_x64.exe
2015-02-03 07:18 - 2015-02-03 07:18 - 00852573 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2015-02-03 06:50 - 2015-02-03 06:50 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_deu.exe
2015-02-02 12:40 - 2015-02-02 12:40 - 00000900 _____ () C:\Users\User\Desktop\JRT.txt
2015-02-02 12:17 - 2015-02-02 12:17 - 00000000 ____D () C:\Windows\ERUNT
2015-02-02 12:07 - 2015-02-03 12:17 - 00049619 _____ () C:\Users\User\Desktop\Anleitung Malware.odt
2015-02-02 11:45 - 2015-02-02 11:45 - 01707939 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2015-02-02 11:41 - 2015-02-02 11:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2015-02-02 11:41 - 2015-02-02 11:41 - 00001287 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-02-02 11:41 - 2015-02-02 11:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-02 09:40 - 2015-02-02 12:10 - 00000000 ____D () C:\AdwCleaner
2015-02-02 09:40 - 2015-02-02 09:40 - 02194432 _____ () C:\Users\User\Downloads\AdwCleaner09.exe
2015-02-02 09:28 - 2015-02-02 09:31 - 00042875 _____ () C:\Users\User\Downloads\Addition.txt
2015-02-02 09:27 - 2015-02-03 13:39 - 00019049 _____ () C:\Users\User\Downloads\FRST.txt
2015-02-02 09:27 - 2015-02-03 13:39 - 00000000 ____D () C:\FRST
2015-02-02 09:26 - 2015-02-02 09:26 - 02131456 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-02-02 09:02 - 2015-02-03 12:28 - 00050850 _____ () C:\Windows\PFRO.log
2015-02-02 08:39 - 2015-02-03 12:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 08:39 - 2015-02-02 08:39 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 08:39 - 2015-02-02 08:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 08:31 - 2015-02-02 08:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-02 07:12 - 2015-02-02 08:40 - 00000000 ____D () C:\Program Files (x86)\Carbon Footprint for Google Maps
2015-01-15 07:53 - 2015-01-15 07:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\dvdcss
2015-01-15 07:52 - 2015-01-15 12:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-01-15 07:47 - 2015-01-15 07:47 - 00000894 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-15 07:47 - 2015-01-15 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-15 07:47 - 2015-01-15 07:47 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-15 07:35 - 2015-01-15 07:35 - 25611537 _____ () C:\Users\User\Downloads\vlc-2.1.5-win64.exe
2015-01-14 11:48 - 2015-01-14 11:48 - 00000000 ____D () C:\Users\User\AppData\Local\Blizzard
2015-01-14 11:34 - 2015-01-14 11:48 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-01-14 11:34 - 2015-01-14 11:34 - 00001174 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-01-14 11:34 - 2015-01-14 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-01-14 11:32 - 2015-01-19 15:31 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2015-01-14 11:32 - 2015-01-14 11:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Battle.net
2015-01-14 11:32 - 2015-01-14 11:32 - 00001137 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\Users\User\AppData\Local\Blizzard Entertainment
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-01-14 11:32 - 2015-01-14 11:32 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-01-14 11:29 - 2015-01-14 11:29 - 03099552 _____ (Blizzard Entertainment) C:\Users\User\Downloads\Hearthstone-Setup-deDE.exe
2015-01-14 11:29 - 2015-01-14 11:29 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-14 10:05 - 2015-01-26 11:17 - 00022016 _____ () C:\Users\User\Desktop\Lohn Checkliste 2015.xls
2015-01-14 06:50 - 2015-01-14 06:50 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:50 - 2015-01-14 06:50 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 06:50 - 2015-01-14 06:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 06:50 - 2015-01-14 06:50 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 06:50 - 2015-01-14 06:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-13 09:06 - 2015-01-13 09:06 - 00015872 _____ () C:\Users\User\Downloads\Terms NumeneraV2.xls
2015-01-12 14:18 - 2015-01-12 14:18 - 00000325 _____ () C:\Users\User\Downloads\BK_HOER_000966DE_LC_64_44100_ster_AGPRT2WQGBJ70.adh
2015-01-12 07:02 - 2015-02-03 12:28 - 00003680 _____ () C:\Windows\setupact.log
2015-01-12 07:02 - 2015-01-12 07:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-08 13:55 - 2015-02-03 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-08 13:52 - 2015-02-03 12:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-08 13:52 - 2015-02-03 12:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-08 11:07 - 2015-02-03 13:05 - 01901932 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 10:54 - 2015-01-08 10:54 - 00003028 _____ () C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2015-01-08 10:27 - 2015-01-08 10:27 - 00000000 ____D () C:\Users\User\Desktop\PARAGON2
2015-01-08 10:17 - 2015-02-03 12:28 - 00756624 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-01-08 10:17 - 2015-01-08 10:17 - 00000000 ___HD () C:\VTRoot
2015-01-08 09:31 - 2015-02-03 13:38 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-01-08 09:31 - 2015-01-08 10:54 - 00002001 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-01-08 09:31 - 2015-01-08 09:31 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-01-08 09:31 - 2015-01-08 09:31 - 00000000 ____D () C:\ProgramData\Shared Space
2015-01-08 09:30 - 2015-01-08 09:30 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2015-01-08 09:30 - 2015-01-08 09:30 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-08 09:29 - 2015-01-08 09:29 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-08 09:29 - 2015-01-08 09:29 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-01-08 09:27 - 2015-01-12 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-01-08 09:27 - 2015-01-08 09:31 - 00001067 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2015-01-08 09:27 - 2015-01-08 09:31 - 00000000 ____D () C:\Program Files\COMODO
2015-01-08 09:27 - 2015-01-08 09:30 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2015-01-08 09:27 - 2015-01-08 09:27 - 00000000 ____D () C:\Users\User\AppData\Local\Comodo
2015-01-08 09:27 - 2015-01-08 09:27 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-01-08 09:25 - 2015-01-08 09:31 - 00000000 ____D () C:\ProgramData\Comodo
2015-01-06 08:41 - 2015-01-06 08:41 - 00001010 _____ () C:\Users\Public\Desktop\Xleaner.lnk
2015-01-06 08:41 - 2015-01-06 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xleaner
2015-01-06 08:41 - 2015-01-06 08:41 - 00000000 ____D () C:\Program Files (x86)\Xleaner
2015-01-06 08:41 - 2005-04-15 16:58 - 01351392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2015-01-06 08:41 - 1998-06-23 22:00 - 00209192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.ocx
2015-01-06 08:38 - 2015-02-02 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-01-06 08:37 - 2015-02-02 13:07 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-01-05 09:21 - 2015-01-26 13:01 - 00002234 _____ () C:\Users\Public\Desktop\Lexware professional.lnk
2015-01-05 08:50 - 2015-01-06 12:33 - 00000000 ____D () C:\Users\User\Documents\Sicherungen
2015-01-05 07:11 - 2015-01-05 07:17 - 00000000 ____D () C:\Users\User\AppData\Local\CyberGhost
2015-01-05 07:11 - 2015-01-05 07:11 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-05 07:10 - 2015-01-05 07:11 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-01-05 07:10 - 2015-01-05 07:10 - 00001747 _____ () C:\Users\User\Desktop\CyberGhost 5.lnk
2015-01-05 07:10 - 2015-01-05 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-01-05 06:58 - 2015-01-05 06:58 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 13:39 - 2014-08-04 19:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\ClassicShell
2015-02-03 13:37 - 2014-08-04 20:07 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EF0CCB0B-59C3-41A1-9692-9080F675BEC0}
2015-02-03 13:01 - 2014-07-25 13:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1723894221-2360630800-121186594-1001
2015-02-03 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-03 12:58 - 2014-11-12 15:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 12:33 - 2014-12-10 11:48 - 00000000 ____D () C:\ProgramData\Origin
2015-02-03 12:31 - 2014-11-13 06:49 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-03 12:30 - 2014-12-10 11:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-03 12:29 - 2014-12-01 08:11 - 00001696 _____ () C:\Windows\Tasks\QMCTYMH.job
2015-02-03 12:29 - 2014-12-01 08:11 - 00001348 _____ () C:\Windows\Tasks\BAGDZ.job
2015-02-03 12:28 - 2014-08-08 11:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-03 12:28 - 2014-06-02 06:57 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-02-03 12:28 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 12:25 - 2014-11-13 06:51 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-02-03 12:25 - 2014-11-13 06:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-03 12:23 - 2014-11-26 12:02 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-03 12:22 - 2014-11-26 12:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-03 12:22 - 2014-11-26 12:02 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-03 10:53 - 2014-05-16 09:12 - 00792962 _____ () C:\Windows\system32\perfh010.dat
2015-02-03 10:53 - 2014-05-16 09:12 - 00155884 _____ () C:\Windows\system32\perfc010.dat
2015-02-03 10:53 - 2014-03-18 10:47 - 03071032 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 10:53 - 2014-03-18 10:30 - 01020334 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 10:53 - 2014-03-18 10:30 - 00243490 _____ () C:\Windows\system32\perfc007.dat
2015-02-02 15:17 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-02 12:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-02 12:10 - 2014-08-08 11:17 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 12:10 - 2014-08-08 11:17 - 00001068 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-02 12:10 - 2014-07-25 13:49 - 00001012 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-02 10:26 - 2014-11-13 09:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\apsec
2015-02-02 07:31 - 2014-11-13 08:13 - 00000000 ____D () C:\ProgramData\Lexware
2015-02-02 07:04 - 2014-12-11 06:40 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-02 07:04 - 2014-12-11 06:40 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 13:01 - 2014-11-13 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-01-26 12:40 - 2014-11-13 13:05 - 00000000 ____D () C:\Users\User\Documents\Büro
2015-01-26 11:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-26 09:58 - 2014-11-12 15:17 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 08:29 - 2014-08-08 11:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:24 - 2014-08-08 11:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 07:59 - 2014-11-13 11:29 - 00000000 ____D () C:\Users\User\AppData\Local\Audible
2015-01-13 11:53 - 2014-11-13 07:59 - 00000000 ____D () C:\Users\User\Desktop\Günster Privat
2015-01-12 10:14 - 2014-12-01 07:41 - 00000744 _____ () C:\Users\User\Documents\builder_known_files.txt
2015-01-08 09:43 - 2014-05-20 11:17 - 00000000 ____D () C:\Windows\Panther
2015-01-08 09:12 - 2014-12-01 08:14 - 00000000 ____D () C:\Program Files (x86)\G Data
2015-01-08 09:12 - 2014-11-13 08:51 - 00000000 ____D () C:\ProgramData\G Data
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-08 09:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-01-06 12:35 - 2014-11-19 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\svnet
2015-01-06 12:35 - 2014-11-19 10:11 - 00000000 ____D () C:\Program Files (x86)\svnet
2015-01-06 08:38 - 2014-11-12 15:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-05 11:30 - 2014-11-13 08:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lexware
2015-01-05 09:23 - 2014-11-13 08:14 - 00000000 ____D () C:\Program Files (x86)\Lexware
2015-01-05 09:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2015-01-05 09:21 - 2014-11-13 08:14 - 00000248 _____ () C:\Windows\ODBC.INI
2015-01-05 07:17 - 2014-07-25 13:49 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-12-10 14:45 - 0001171 _____ () C:\Users\User\AppData\Roaming\BAGDZ
2014-12-01 08:17 - 2014-12-01 08:17 - 0000000 _____ () C:\Users\User\AppData\Roaming\gdfw.log
2014-12-01 08:17 - 2014-12-01 08:17 - 0000779 _____ () C:\Users\User\AppData\Roaming\gdscan.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-26 11:39

==================== End Of Log ============================
--- --- ---

schrauber 03.02.2015 19:09
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
2014-09-01 09:18 - 2014-12-10 14:45 - 0001171 _____ () C:\Users\User\AppData\Roaming\BAGDZ

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Nathan Grey 04.02.2015 12:47
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by User at 2015-02-04 12:45:45 Run:2
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2014-09-01 09:18 - 2014-12-10 14:45 - 0001171 _____ () C:\Users\User\AppData\Roaming\BAGDZ
*****************

C:\Users\User\AppData\Roaming\BAGDZ => Moved successfully.

==== End of Fixlog 12:45:45 ====

schrauber 04.02.2015 19:41
fertig :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19