Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Pc ist langsam und ist einmal abgestürtzt (https://www.trojaner-board.de/163847-pc-langsam-einmal-abgestuertzt.html)

LauraThal 11.02.2015 03:41
Pc ist langsam und ist einmal abgestürtzt
 
Hallo,

der Pc meines Freundes ist in letzter Zeit sehr langsam und ist heute auch einmal abgestürzt. Ich hoffe ihr könnt mir helfen, woran es liegt

schrauber 11.02.2015 06:32
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


LauraThal 11.02.2015 15:25

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015
Ran by Admin (administrator) on ADMIN-PC on 11-02-2015 15:17:32
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin & postgres (Available profiles: Admin & postgres)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Skiller Pro\Monitor.EXE
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.234\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcherUx.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcherUx.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcherUx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [Skiller Pro] => C:\Program Files (x86)\Skiller Pro\Monitor.exe [475136 2014-02-26] ()
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\...\RunOnce: [Adobe Speed Launcher] => 1423632906
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2dbkfjlb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2dbkfjlb.default\user.js
FF Extension: YouTube™ Flash® Player - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2dbkfjlb.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2015-01-18]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2dbkfjlb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-02]

Chrome:
=======
CHR HomePage: Profile 5 -> hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=4d4ba0460630431ca180d06365bd86d2&tu=10G9z00Bf1C01g0&sku=&tstsId=&ver=&
CHR StartupUrls: Profile 5 -> "hxxp://google.de/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-01]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-01]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-01]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-01]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-01]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-12-02] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-12-02] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-17] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-05-14] (Realtek Semiconductor Corporation                          )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 15:17 - 2015-02-11 15:18 - 00018426 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-02-11 15:16 - 2015-02-11 15:18 - 00000000 ____D () C:\FRST
2015-02-11 15:16 - 2015-02-11 15:16 - 02133504 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-02-11 02:14 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 02:14 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 02:14 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 02:14 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 02:14 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 02:14 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 02:14 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 02:14 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 02:14 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 02:14 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 02:14 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 02:14 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 02:14 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 02:14 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 02:14 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 02:14 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 02:14 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 02:14 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 02:14 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 02:14 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 02:14 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 02:14 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 02:14 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 02:14 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 02:14 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 02:14 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 02:14 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 02:14 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 02:14 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 02:14 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 02:14 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 02:14 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 02:14 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 02:14 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 02:14 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 02:14 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 02:13 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 02:13 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 02:13 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 02:13 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 02:13 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 02:13 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 02:13 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 02:13 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 02:13 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 02:13 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 02:13 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 02:13 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 02:13 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 02:13 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 02:13 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 02:13 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 02:13 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 02:13 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 02:13 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 02:13 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 02:13 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 02:13 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 02:13 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 02:13 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 02:13 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 02:13 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 02:13 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 02:13 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 02:13 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 02:13 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 02:13 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 02:13 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 02:13 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 02:13 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 02:13 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 02:13 - 2015-01-12 03:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 02:13 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 02:13 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 02:13 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 02:13 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 02:13 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 02:13 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 02:13 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 02:13 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 02:13 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 02:13 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 02:13 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 02:13 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 02:13 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 02:13 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 02:13 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 02:13 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 02:13 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 02:13 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 02:13 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 02:13 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 02:13 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 02:13 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 02:13 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 02:13 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 02:12 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 23:33 - 2015-02-10 23:33 - 00042282 _____ () C:\Users\Admin\Downloads\bild40742_v-tlarge169_w-600_zc-be147c57.jpg-version=19366
2015-02-10 17:39 - 2015-02-11 03:26 - 00271440 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-10 03:07 - 2015-02-11 03:54 - 00000616 _____ () C:\Windows\setupact.log
2015-02-10 03:07 - 2015-02-10 03:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-09 20:43 - 2015-02-09 20:43 - 00060056 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-09 16:13 - 2015-02-09 16:13 - 05325208 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup502.exe
2015-02-09 02:23 - 2015-02-09 02:23 - 00065237 _____ () C:\Users\Admin\Downloads\537775ebf04a.jpeg
2015-02-08 02:40 - 2015-02-08 02:40 - 00262144 _____ () C:\Windows\system32\config\elam
2015-02-07 22:35 - 2015-02-07 22:35 - 00000000 ____D () C:\Program Files\Java
2015-02-07 22:34 - 2015-02-07 22:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\HoldemResources
2015-02-07 22:33 - 2015-02-07 22:33 - 74773785 _____ (HoldemResources) C:\Users\Admin\Downloads\holdemresources_release_x86_64_win-setup.exe
2015-02-07 22:24 - 2015-02-11 07:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\In The Money
2015-02-07 22:24 - 2015-02-07 22:24 - 09288947 _____ () C:\Users\Admin\Downloads\SitNGoWizardSetup_1_0_2_075.exe
2015-02-07 22:24 - 2015-02-07 22:24 - 00000000 ____D () C:\Users\Admin\AppData\Local\SitNGo_Wizard_Software_LL
2015-02-07 22:24 - 2015-02-07 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SitNGo Wizard
2015-02-07 22:24 - 2015-02-07 22:24 - 00000000 ____D () C:\Program Files (x86)\In The Money
2015-02-05 21:54 - 2015-02-05 21:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-04 17:03 - 2015-02-04 17:03 - 01754039 _____ () C:\Users\Admin\Downloads\Anhänge_20150204.zip
2015-02-04 17:03 - 2015-02-04 17:03 - 00000000 ____D () C:\Users\Admin\Downloads\Anhänge_20150204
2015-02-04 01:12 - 2015-02-04 01:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-04 01:12 - 2015-02-04 01:12 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-04 01:12 - 2015-02-04 01:12 - 00000000 ____D () C:\Program Files\iTunes
2015-02-04 01:12 - 2015-02-04 01:12 - 00000000 ____D () C:\Program Files\iPod
2015-02-04 01:12 - 2015-02-04 01:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-02 02:29 - 2015-02-02 02:29 - 02060888 _____ () C:\Users\Admin\Downloads\winrar-x64-520d.exe
2015-02-02 02:29 - 2015-02-02 02:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WinRAR
2015-02-02 02:29 - 2015-02-02 02:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 02:29 - 2015-02-02 02:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 02:29 - 2015-02-02 02:29 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-02 02:28 - 2015-02-02 02:28 - 01026453 _____ () C:\Users\Admin\Downloads\Champions_27.01.2015_14_57_36.rar
2015-02-01 02:40 - 2015-02-01 02:40 - 00096607 _____ () C:\Users\Admin\Downloads\two-office-hardcore-testers-tags-totallyundressed-312324_700_0.jpeg
2015-02-01 02:40 - 2015-02-01 02:40 - 00069135 _____ () C:\Users\Admin\Downloads\two-office-hard-sex-testers-tags-312337_700_0.jpeg
2015-02-01 02:40 - 2015-02-01 02:40 - 00055402 _____ () C:\Users\Admin\Downloads\two-office-hardcore-testers-tags-totallyundressed-312342_700_0.jpeg
2015-02-01 02:40 - 2015-02-01 02:40 - 00053054 _____ () C:\Users\Admin\Downloads\two-office-hardcore-testers-tags-totallyundressed-312322_700_0.jpeg
2015-02-01 02:04 - 2015-02-04 17:05 - 00000000 ____D () C:\Users\Admin\Downloads\sng
2015-01-29 17:56 - 2015-01-29 17:56 - 00039332 _____ () C:\Users\Admin\Downloads\media.media.b868980e-64c8-4c6d-a637-ed88e2c204d3.normalized.jpeg
2015-01-23 18:18 - 2015-01-23 18:18 - 00268259 _____ () C:\Users\Admin\Downloads\komine-tsubasa-cen-lolicon-shotacon-mom-98606_700_0.jpeg
2015-01-23 18:17 - 2015-01-23 18:17 - 00174200 _____ () C:\Users\Admin\Downloads\tags-1280x1024-bdsm-bestiality-blush-bondage-113258.jpeg
2015-01-23 06:57 - 2015-01-09 23:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-23 06:55 - 2015-01-13 05:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-23 06:55 - 2015-01-13 05:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 06:55 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-22 18:52 - 2015-01-22 18:52 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-22 18:52 - 2015-01-22 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlyRO
2015-01-22 18:52 - 2015-01-22 18:52 - 00000000 ____D () C:\Games
2015-01-22 18:51 - 2015-01-22 18:51 - 18364482 _____ (OnlyRO.com ) C:\Users\Admin\Downloads\OnlyRO.exe
2015-01-22 01:23 - 2015-01-22 01:23 - 00331804 _____ () C:\Users\Admin\Downloads\8e8983dc.jpg~original
2015-01-22 01:23 - 2015-01-22 01:23 - 00301654 _____ () C:\Users\Admin\Downloads\75f1d263.jpg~original
2015-01-22 01:22 - 2015-01-22 01:22 - 00350902 _____ () C:\Users\Admin\Downloads\32831b6d.jpg~original
2015-01-18 14:55 - 2015-01-18 14:55 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-01-18 14:23 - 2015-01-18 18:43 - 00000000 ____D () C:\Users\Admin\Downloads\Neuer Ordner
2015-01-18 14:23 - 2015-01-18 14:24 - 00000000 ____D () C:\Users\Admin\Downloads\Neuer Ordner (2)
2015-01-18 01:46 - 2015-01-18 01:46 - 00000000 ____D () C:\Users\Admin\AppData\Local\Macromedia
2015-01-18 01:43 - 2015-02-11 15:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 01:43 - 2015-02-05 01:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-18 01:43 - 2015-02-05 01:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 01:43 - 2015-02-05 01:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-18 01:43 - 2015-01-18 01:43 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-18 01:43 - 2015-01-18 01:43 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-14 18:46 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 18:46 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 18:46 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 18:46 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 18:46 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 18:46 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 15:18 - 2014-03-27 14:25 - 01048661 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 15:07 - 2014-11-25 20:52 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 15:07 - 2014-11-25 20:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 11:19 - 2014-12-02 20:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-11 07:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 07:17 - 2014-12-01 20:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HoldemManager
2015-02-11 07:16 - 2014-12-01 20:50 - 00000000 ____D () C:\Program Files (x86)\Holdem Manager 2
2015-02-11 07:16 - 2014-11-25 20:53 - 00000000 ____D () C:\Users\Admin\Desktop\Neuer Ordner
2015-02-11 06:56 - 2014-11-25 21:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\PokerStars.EU
2015-02-11 06:12 - 2014-12-07 04:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-11 03:32 - 2009-07-14 05:45 - 00036112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 03:32 - 2009-07-14 05:45 - 00036112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 03:26 - 2014-03-28 08:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-11 03:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 03:24 - 2014-12-13 01:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 03:24 - 2014-11-25 19:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 03:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 03:23 - 2014-03-28 11:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SoftGrid Client
2015-02-11 03:06 - 2014-03-28 08:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:01 - 2014-03-28 08:54 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 20:01 - 2014-03-28 09:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-02-09 16:13 - 2014-12-04 19:31 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-09 12:53 - 2014-11-27 16:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-08 14:03 - 2014-03-27 23:13 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2015-02-08 14:03 - 2014-03-27 23:13 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2015-02-08 14:03 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 02:54 - 2009-07-14 06:08 - 00026334 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-08 02:48 - 2014-12-01 20:50 - 00000000 ____D () C:\Users\postgres
2015-02-08 02:48 - 2014-03-27 14:26 - 00000000 ____D () C:\Users\Admin
2015-02-08 02:47 - 2014-11-28 20:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView
2015-02-08 02:47 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-08 02:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-07 11:55 - 2014-11-25 20:52 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 11:55 - 2014-11-25 20:52 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 01:12 - 2014-11-30 20:05 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-23 06:57 - 2015-01-07 01:25 - 00000000 ____D () C:\TEMP
2015-01-23 06:57 - 2014-03-28 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-22 16:41 - 2014-11-30 20:08 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2015-01-18 01:46 - 2014-12-06 23:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-01-17 17:06 - 2014-11-30 14:48 - 00028877 _____ () C:\Users\Admin\Documents\Jennifear's MTT Push%2FFold Charts.xlsx
2015-01-16 07:41 - 2014-10-02 18:11 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-16 07:41 - 2014-10-02 18:11 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-16 07:41 - 2014-03-28 08:24 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-16 07:41 - 2014-03-28 08:24 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-14 19:28 - 2014-12-14 23:03 - 00006656 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-13 05:15 - 2014-03-28 08:18 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll

==================== Files in the root of some directories =======

2014-12-14 23:03 - 2015-01-14 19:28 - 0006656 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 06:05

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015
Ran by Admin at 2015-02-11 15:21:03
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.6129.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OnlyRO (HKLM-x32\...\{47EDDAFC-C71F-4F26-BBDC-D4D8629B2688}_is1) (Version:  - OnlyRO.com)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
RICOH_Media_Driver_v2.22.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.22.18.01 - RICOH)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
SitNGo Wizard (HKLM-x32\...\SitNGoWizard) (Version:  - In The Money LLC)
Skiller Pro Driver (HKLM-x32\...\{54C8FBB3-B992-43CB-8F0A-E26228013F88}) (Version: 1.0 - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
Tournament Indicator 2.2.5 (HKLM-x32\...\Tournament Indicator_is1) (Version:  - hxxp://www.TournamentIndicator.com)
TP-LINK TL-WN821N Driver (HKLM-x32\...\{26B52E5B-1620-4676-9B46-B6C56B8105CE}) (Version: 1.2.1 - TP-LINK)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

07-02-2015 22:34:48 Installed Java 7 Update 51 (64-bit)
11-02-2015 02:03:44 Windows Update
11-02-2015 03:00:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B499B33-812A-42D8-96F2-53E4BDA68083} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {15E60113-C68E-4D01-A1FB-485772EC5C94} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {19C3820F-2251-42EA-8923-D222D5E75AF7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2630139D-E392-49D5-AE40-6A1B104A9227} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {6A964508-99A9-429F-8870-2465037DE218} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {B8E8D1EF-9BF5-4F38-B05B-C40F070507FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.)
Task: {EE67241D-F366-4188-850C-2A2DC7432AC1} - System32\Tasks\{6E27A0AE-8F92-4AE0-920B-476CEB25AD61} => pcalua.exe -a D:\Software\setup.exe -d D:\Software
Task: {F9991ECF-A100-492C-9FCF-23FE8ACB1B02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-28 08:20 - 2015-01-10 00:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-25 19:51 - 2013-10-29 13:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-11-25 19:59 - 2014-02-26 14:45 - 00475136 _____ () C:\Program Files (x86)\Skiller Pro\Monitor.EXE
2014-11-25 19:51 - 2012-12-11 11:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2014-01-21 16:54 - 2014-11-26 00:14 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2014-11-26 00:14 - 2015-02-05 03:45 - 02445816 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.234\deploy\LoLLauncher.exe
2015-02-05 03:45 - 2015-02-05 03:45 - 04234232 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcher.exe
2015-02-05 03:45 - 2015-02-05 03:45 - 03299832 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcherUx.exe
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-12-01 20:49 - 2014-02-18 09:11 - 00172032 _____ () c:\postgreSQL\bin\LIBPQ.dll
2014-12-01 20:50 - 2012-08-14 14:19 - 00999424 _____ () c:\postgreSQL\bin\libxml2.dll
2014-11-25 19:51 - 2013-01-15 17:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2014-11-25 19:59 - 2014-09-03 15:58 - 00057344 _____ () C:\Program Files (x86)\Skiller Pro\lan.dll
2014-11-25 19:59 - 2012-08-14 22:41 - 00061440 _____ () C:\Program Files (x86)\Skiller Pro\hiddriver.dll
2014-11-25 19:51 - 2013-11-05 16:31 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
2015-02-06 20:59 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 20:59 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 20:59 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-05 03:45 - 2015-02-05 03:45 - 01618424 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\RiotLauncher.dll
2015-02-05 03:45 - 2015-02-05 03:45 - 43374072 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\libcef.dll
2015-02-05 03:45 - 2015-02-05 03:45 - 01571832 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\icui18n.dll
2015-02-05 03:45 - 2015-02-05 03:45 - 01253880 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\icuuc.dll
2015-02-05 03:45 - 2015-02-05 03:45 - 05088760 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\v8.dll
2015-02-05 03:45 - 2015-02-05 03:45 - 01712120 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\RiotRadsIO.dll
2015-02-05 03:45 - 2015-02-05 03:45 - 01775096 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\libglesv2.dll
2015-02-05 03:45 - 2015-02-05 03:45 - 00171512 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\libegl.dll
2015-02-05 03:45 - 2015-02-05 03:45 - 01056248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\ffmpegsumo.dll
2015-02-06 20:59 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Accounts: =============================

Admin (S-1-5-21-3980298719-2773488239-3045808690-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3980298719-2773488239-3045808690-500 - Administrator - Disabled)
Gast (S-1-5-21-3980298719-2773488239-3045808690-501 - Limited - Disabled)
postgres (S-1-5-21-3980298719-2773488239-3045808690-1004 - Limited - Enabled) => C:\Users\postgres

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2015 07:16:56 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:16:56 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:16:56 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:16:56 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:16:56 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:16:56 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:16:56 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:16:56 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:16:56 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:16:56 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:16:56 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:16:56 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:10:36 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:10:36 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:10:36 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:10:36 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:10:36 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:10:36 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:10:36 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:10:36 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:10:36 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:10:36 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:10:36 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:10:36 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:08:10 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:08:10 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:08:10 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:08:10 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:08:10 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:08:10 CETSTATEMENT:  SELECT databaseversion FROM readsettings


System errors:
=============
Error: (02/11/2015 07:08:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/11/2015 07:08:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Automatische WLAN-Konfiguration" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/11/2015 07:08:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sitzungs-Manager für Desktopfenster-Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/11/2015 07:08:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (02/11/2015 07:08:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (02/11/2015 07:08:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (02/11/2015 07:08:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Netzwerkverbindungen" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (02/11/2015 07:08:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Zugriff auf Eingabegeräte" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/11/2015 07:08:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Offlinedateien" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (02/11/2015 07:08:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Audio-Endpunkterstellung" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (02/11/2015 07:16:56 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:16:56 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:16:56 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:16:56 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:16:56 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:16:56 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:16:56 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:16:56 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:16:56 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:16:56 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:16:56 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:16:56 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:10:36 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:10:36 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:10:36 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:10:36 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:10:36 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:10:36 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:10:36 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:10:36 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:10:36 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:10:36 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:10:36 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:10:36 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:08:10 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:08:10 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:08:10 CETSTATEMENT:  SELECT databaseversion FROM readsettings

Error: (02/11/2015 07:08:10 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-11 07:08:10 CETERROR:  relation "readsettings" does not exist at character 29
2015-02-11 07:08:10 CETSTATEMENT:  SELECT databaseversion FROM readsettings


CodeIntegrity Errors:
===================================
  Date: 2014-12-21 04:49:08.418
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-21 04:49:08.417
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-21 04:49:08.416
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-21 04:49:08.365
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-13 03:30:03.961
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-13 03:30:03.952
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-13 03:28:06.393
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-13 03:28:06.330
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 42%
Total physical RAM: 8173.55 MB
Available physical RAM: 4709.62 MB
Total Pagefile: 16345.3 MB
Available Pagefile: 12107.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:803.3 GB) NTFS
Drive e: (Iomega ScreenPlay HD) (Fixed) (Total:931.51 GB) (Free:874.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2CC7C6E0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: D02E5EE4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 11.02.2015 18:20
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

LauraThal 11.02.2015 20:06
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 11.02.2015
Suchlauf-Zeit: 19:12:20
Logdatei: malware.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.11.05
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Admin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 375904
Verstrichene Zeit: 12 Min, 11 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
# AdwCleaner v4.110 - Bericht erstellt 11/02/2015 um 19:51:24
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-09.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Admin - ADMIN-PC
# Gestarted von : C:\Users\Admin\Downloads\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2dbkfjlb.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0 (x86 de)


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [1123 Bytes] - [11/02/2015 19:49:26]
AdwCleaner[S0].txt - [1000 Bytes] - [11/02/2015 19:51:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1059  Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Admin on 11.02.2015 at 19:54:45,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.02.2015 at 19:58:02,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Admin (administrator) on ADMIN-PC on 11-02-2015 20:03:28
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin & postgres (Available profiles: Admin & postgres)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
() C:\Program Files (x86)\Skiller Pro\Monitor.EXE
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [Skiller Pro] => C:\Program Files (x86)\Skiller Pro\Monitor.exe [475136 2014-02-26] ()
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3980298719-2773488239-3045808690-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2dbkfjlb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: YouTube™ Flash® Player - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2dbkfjlb.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2015-01-18]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2dbkfjlb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-02]

Chrome:
=======
CHR HomePage: Profile 5 -> hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=4d4ba0460630431ca180d06365bd86d2&tu=10G9z00Bf1C01g0&sku=&tstsId=&ver=&
CHR StartupUrls: Profile 5 -> "hxxp://google.de/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-01]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-01]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-01]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-01]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-01]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-12-02] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-12-02] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-05-14] (Realtek Semiconductor Corporation                          )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 20:03 - 2015-02-11 20:03 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2015-02-11 19:58 - 2015-02-11 19:58 - 00000625 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-02-11 19:54 - 2015-02-11 19:54 - 01388274 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2015-02-11 19:49 - 2015-02-11 19:51 - 00000000 ____D () C:\AdwCleaner
2015-02-11 19:40 - 2015-02-11 19:40 - 02112512 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.110.exe
2015-02-11 19:32 - 2015-02-11 19:32 - 00001204 _____ () C:\Users\Admin\Documents\malware.txt
2015-02-11 15:21 - 2015-02-11 15:23 - 00028022 _____ () C:\Users\Admin\Downloads\Addition.txt
2015-02-11 15:17 - 2015-02-11 20:03 - 00017420 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-02-11 15:16 - 2015-02-11 20:03 - 02134016 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-02-11 15:16 - 2015-02-11 20:03 - 00000000 ____D () C:\FRST
2015-02-11 02:14 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 02:14 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 02:14 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 02:14 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 02:14 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 02:14 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 02:14 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 02:14 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 02:14 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 02:14 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 02:14 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 02:14 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 02:14 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 02:14 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 02:14 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 02:14 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 02:14 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 02:14 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 02:14 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 02:14 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 02:14 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 02:14 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 02:14 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 02:14 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 02:14 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 02:14 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 02:14 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 02:14 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 02:14 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 02:14 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 02:14 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 02:14 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 02:14 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 02:14 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 02:14 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 02:14 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 02:13 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 02:13 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 02:13 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 02:13 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 02:13 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 02:13 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 02:13 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 02:13 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 02:13 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 02:13 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 02:13 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 02:13 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 02:13 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 02:13 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 02:13 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 02:13 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 02:13 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 02:13 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 02:13 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 02:13 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 02:13 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 02:13 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 02:13 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 02:13 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 02:13 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 02:13 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 02:13 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 02:13 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 02:13 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 02:13 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 02:13 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 02:13 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 02:13 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 02:13 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 02:13 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 02:13 - 2015-01-12 03:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 02:13 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 02:13 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 02:13 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 02:13 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 02:13 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 02:13 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 02:13 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 02:13 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 02:13 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 02:13 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 02:13 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 02:13 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 02:13 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 02:13 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 02:13 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 02:13 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 02:13 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 02:13 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 02:13 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 02:13 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 02:13 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 02:13 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 02:13 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 02:13 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 02:12 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 23:33 - 2015-02-10 23:33 - 00042282 _____ () C:\Users\Admin\Downloads\bild40742_v-tlarge169_w-600_zc-be147c57.jpg-version=19366
2015-02-10 17:39 - 2015-02-11 03:26 - 00271440 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-10 03:07 - 2015-02-11 19:53 - 00000784 _____ () C:\Windows\setupact.log
2015-02-10 03:07 - 2015-02-10 03:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-09 20:43 - 2015-02-09 20:43 - 00060056 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-09 16:13 - 2015-02-09 16:13 - 05325208 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup502.exe
2015-02-09 02:23 - 2015-02-09 02:23 - 00065237 _____ () C:\Users\Admin\Downloads\537775ebf04a.jpeg
2015-02-08 02:40 - 2015-02-08 02:40 - 00262144 _____ () C:\Windows\system32\config\elam
2015-02-07 22:35 - 2015-02-07 22:35 - 00000000 ____D () C:\Program Files\Java
2015-02-07 22:34 - 2015-02-07 22:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\HoldemResources
2015-02-07 22:33 - 2015-02-07 22:33 - 74773785 _____ (HoldemResources) C:\Users\Admin\Downloads\holdemresources_release_x86_64_win-setup.exe
2015-02-07 22:24 - 2015-02-11 07:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\In The Money
2015-02-07 22:24 - 2015-02-07 22:24 - 09288947 _____ () C:\Users\Admin\Downloads\SitNGoWizardSetup_1_0_2_075.exe
2015-02-07 22:24 - 2015-02-07 22:24 - 00000000 ____D () C:\Users\Admin\AppData\Local\SitNGo_Wizard_Software_LL
2015-02-07 22:24 - 2015-02-07 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SitNGo Wizard
2015-02-07 22:24 - 2015-02-07 22:24 - 00000000 ____D () C:\Program Files (x86)\In The Money
2015-02-05 21:54 - 2015-02-05 21:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-04 17:03 - 2015-02-04 17:03 - 01754039 _____ () C:\Users\Admin\Downloads\Anhänge_20150204.zip
2015-02-04 17:03 - 2015-02-04 17:03 - 00000000 ____D () C:\Users\Admin\Downloads\Anhänge_20150204
2015-02-04 01:12 - 2015-02-04 01:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-04 01:12 - 2015-02-04 01:12 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-04 01:12 - 2015-02-04 01:12 - 00000000 ____D () C:\Program Files\iTunes
2015-02-04 01:12 - 2015-02-04 01:12 - 00000000 ____D () C:\Program Files\iPod
2015-02-04 01:12 - 2015-02-04 01:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-02 02:29 - 2015-02-02 02:29 - 02060888 _____ () C:\Users\Admin\Downloads\winrar-x64-520d.exe
2015-02-02 02:29 - 2015-02-02 02:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WinRAR
2015-02-02 02:29 - 2015-02-02 02:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 02:29 - 2015-02-02 02:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 02:29 - 2015-02-02 02:29 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-02 02:28 - 2015-02-02 02:28 - 01026453 _____ () C:\Users\Admin\Downloads\Champions_27.01.2015_14_57_36.rar
2015-02-01 02:40 - 2015-02-01 02:40 - 00096607 _____ () C:\Users\Admin\Downloads\two-office-hardcore-testers-tags-totallyundressed-312324_700_0.jpeg
2015-02-01 02:40 - 2015-02-01 02:40 - 00069135 _____ () C:\Users\Admin\Downloads\two-office-hard-sex-testers-tags-312337_700_0.jpeg
2015-02-01 02:40 - 2015-02-01 02:40 - 00055402 _____ () C:\Users\Admin\Downloads\two-office-hardcore-testers-tags-totallyundressed-312342_700_0.jpeg
2015-02-01 02:40 - 2015-02-01 02:40 - 00053054 _____ () C:\Users\Admin\Downloads\two-office-hardcore-testers-tags-totallyundressed-312322_700_0.jpeg
2015-02-01 02:04 - 2015-02-04 17:05 - 00000000 ____D () C:\Users\Admin\Downloads\sng
2015-01-29 17:56 - 2015-01-29 17:56 - 00039332 _____ () C:\Users\Admin\Downloads\media.media.b868980e-64c8-4c6d-a637-ed88e2c204d3.normalized.jpeg
2015-01-23 18:18 - 2015-01-23 18:18 - 00268259 _____ () C:\Users\Admin\Downloads\komine-tsubasa-cen-lolicon-shotacon-mom-98606_700_0.jpeg
2015-01-23 18:17 - 2015-01-23 18:17 - 00174200 _____ () C:\Users\Admin\Downloads\tags-1280x1024-bdsm-bestiality-blush-bondage-113258.jpeg
2015-01-23 06:57 - 2015-01-09 23:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-23 06:55 - 2015-01-13 05:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-23 06:55 - 2015-01-13 05:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 06:55 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-22 18:52 - 2015-01-22 18:52 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-22 18:52 - 2015-01-22 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlyRO
2015-01-22 18:52 - 2015-01-22 18:52 - 00000000 ____D () C:\Games
2015-01-22 18:51 - 2015-01-22 18:51 - 18364482 _____ (OnlyRO.com ) C:\Users\Admin\Downloads\OnlyRO.exe
2015-01-22 01:23 - 2015-01-22 01:23 - 00331804 _____ () C:\Users\Admin\Downloads\8e8983dc.jpg~original
2015-01-22 01:23 - 2015-01-22 01:23 - 00301654 _____ () C:\Users\Admin\Downloads\75f1d263.jpg~original
2015-01-22 01:22 - 2015-01-22 01:22 - 00350902 _____ () C:\Users\Admin\Downloads\32831b6d.jpg~original
2015-01-18 14:55 - 2015-01-18 14:55 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-01-18 14:23 - 2015-01-18 18:43 - 00000000 ____D () C:\Users\Admin\Downloads\Neuer Ordner
2015-01-18 14:23 - 2015-01-18 14:24 - 00000000 ____D () C:\Users\Admin\Downloads\Neuer Ordner (2)
2015-01-18 01:46 - 2015-01-18 01:46 - 00000000 ____D () C:\Users\Admin\AppData\Local\Macromedia
2015-01-18 01:43 - 2015-02-11 19:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 01:43 - 2015-02-05 01:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-18 01:43 - 2015-02-05 01:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 01:43 - 2015-02-05 01:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-18 01:43 - 2015-01-18 01:43 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-18 01:43 - 2015-01-18 01:43 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-14 18:46 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 18:46 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 18:46 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 18:46 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 18:46 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 18:46 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 20:00 - 2014-12-02 20:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-11 20:00 - 2014-11-25 20:52 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 20:00 - 2009-07-14 05:45 - 00036112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 20:00 - 2009-07-14 05:45 - 00036112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 19:56 - 2014-03-27 14:25 - 01099121 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 19:53 - 2014-11-25 20:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 19:52 - 2014-03-28 08:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-11 19:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 19:12 - 2014-12-07 04:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 07:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 07:17 - 2014-12-01 20:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HoldemManager
2015-02-11 07:16 - 2014-12-01 20:50 - 00000000 ____D () C:\Program Files (x86)\Holdem Manager 2
2015-02-11 07:16 - 2014-11-25 20:53 - 00000000 ____D () C:\Users\Admin\Desktop\Neuer Ordner
2015-02-11 06:56 - 2014-11-25 21:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\PokerStars.EU
2015-02-11 06:12 - 2014-12-07 04:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-11 03:24 - 2014-12-13 01:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 03:24 - 2014-11-25 19:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 03:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 03:23 - 2014-03-28 11:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SoftGrid Client
2015-02-11 03:06 - 2014-03-28 08:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:01 - 2014-03-28 08:54 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 20:01 - 2014-03-28 09:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-02-09 16:13 - 2014-12-04 19:31 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-09 12:53 - 2014-11-27 16:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-08 14:03 - 2014-03-27 23:13 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2015-02-08 14:03 - 2014-03-27 23:13 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2015-02-08 14:03 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 02:54 - 2009-07-14 06:08 - 00026586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-08 02:48 - 2014-12-01 20:50 - 00000000 ____D () C:\Users\postgres
2015-02-08 02:48 - 2014-03-27 14:26 - 00000000 ____D () C:\Users\Admin
2015-02-08 02:47 - 2014-11-28 20:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView
2015-02-08 02:47 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-08 02:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-07 11:55 - 2014-11-25 20:52 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 11:55 - 2014-11-25 20:52 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 01:12 - 2014-11-30 20:05 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-23 06:57 - 2015-01-07 01:25 - 00000000 ____D () C:\TEMP
2015-01-23 06:57 - 2014-03-28 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-22 16:41 - 2014-11-30 20:08 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2015-01-18 01:46 - 2014-12-06 23:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-01-17 17:06 - 2014-11-30 14:48 - 00028877 _____ () C:\Users\Admin\Documents\Jennifear's MTT Push%2FFold Charts.xlsx
2015-01-16 07:41 - 2014-10-02 18:11 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-16 07:41 - 2014-10-02 18:11 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-16 07:41 - 2014-03-28 08:24 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-16 07:41 - 2014-03-28 08:24 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-14 19:28 - 2014-12-14 23:03 - 00006656 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-13 05:15 - 2014-03-28 08:18 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll

==================== Files in the root of some directories =======

2014-12-14 23:03 - 2015-01-14 19:28 - 0006656 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 06:05

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by Admin at 2015-02-11 20:05:39
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.6129.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OnlyRO (HKLM-x32\...\{47EDDAFC-C71F-4F26-BBDC-D4D8629B2688}_is1) (Version:  - OnlyRO.com)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
RICOH_Media_Driver_v2.22.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.22.18.01 - RICOH)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
SitNGo Wizard (HKLM-x32\...\SitNGoWizard) (Version:  - In The Money LLC)
Skiller Pro Driver (HKLM-x32\...\{54C8FBB3-B992-43CB-8F0A-E26228013F88}) (Version: 1.0 - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
Tournament Indicator 2.2.5 (HKLM-x32\...\Tournament Indicator_is1) (Version:  - hxxp://www.TournamentIndicator.com)
TP-LINK TL-WN821N Driver (HKLM-x32\...\{26B52E5B-1620-4676-9B46-B6C56B8105CE}) (Version: 1.2.1 - TP-LINK)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

07-02-2015 22:34:48 Installed Java 7 Update 51 (64-bit)
11-02-2015 02:03:44 Windows Update
11-02-2015 03:00:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B499B33-812A-42D8-96F2-53E4BDA68083} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {15E60113-C68E-4D01-A1FB-485772EC5C94} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {19C3820F-2251-42EA-8923-D222D5E75AF7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2630139D-E392-49D5-AE40-6A1B104A9227} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {6A964508-99A9-429F-8870-2465037DE218} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {B8E8D1EF-9BF5-4F38-B05B-C40F070507FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.)
Task: {EE67241D-F366-4188-850C-2A2DC7432AC1} - System32\Tasks\{6E27A0AE-8F92-4AE0-920B-476CEB25AD61} => pcalua.exe -a D:\Software\setup.exe -d D:\Software
Task: {F9991ECF-A100-492C-9FCF-23FE8ACB1B02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-28 08:20 - 2015-01-10 00:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-11-25 19:51 - 2013-10-29 13:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2014-11-25 19:59 - 2014-02-26 14:45 - 00475136 _____ () C:\Program Files (x86)\Skiller Pro\Monitor.EXE
2014-11-25 19:51 - 2012-12-11 11:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2014-12-01 20:49 - 2014-02-18 09:11 - 00172032 _____ () c:\postgreSQL\bin\LIBPQ.dll
2014-12-01 20:50 - 2012-08-14 14:19 - 00999424 _____ () c:\postgreSQL\bin\libxml2.dll
2014-11-25 19:51 - 2013-01-15 17:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2014-11-25 19:59 - 2014-09-03 15:58 - 00057344 _____ () C:\Program Files (x86)\Skiller Pro\lan.dll
2014-11-25 19:59 - 2012-08-14 22:41 - 00061440 _____ () C:\Program Files (x86)\Skiller Pro\hiddriver.dll
2014-11-25 19:51 - 2013-11-05 16:31 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
2015-02-06 20:59 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 20:59 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 20:59 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Accounts: =============================

Admin (S-1-5-21-3980298719-2773488239-3045808690-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3980298719-2773488239-3045808690-500 - Administrator - Disabled)
Gast (S-1-5-21-3980298719-2773488239-3045808690-501 - Limited - Disabled)
postgres (S-1-5-21-3980298719-2773488239-3045808690-1004 - Limited - Enabled) => C:\Users\postgres

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-21 04:49:08.418
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-21 04:49:08.417
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-21 04:49:08.416
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-21 04:49:08.365
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-13 03:30:03.961
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-13 03:30:03.952
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-13 03:28:06.393
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-13 03:28:06.330
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 8173.55 MB
Available physical RAM: 5873.39 MB
Total Pagefile: 16345.3 MB
Available Pagefile: 13449.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:802.89 GB) NTFS
Drive e: (Iomega ScreenPlay HD) (Fixed) (Total:931.51 GB) (Free:874.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2CC7C6E0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: D02E5EE4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 12.02.2015 06:51

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

LauraThal 13.02.2015 00:18
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2a94d71fcadd4d4f9387cf2c7cd05792
# engine=22443
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-12 10:53:42
# local_time=2015-02-12 11:53:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 100377 27854304 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 175411472 0 0
# scanned=227867
# found=1
# cleaned=1
# scan_time=2989
sh=10E8C7322FDF6971C35B4225DCC48DC5C5B217AD ft=1 fh=6d31ca6a8afe9e7c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)"
Code:
Results of screen317's Security Check version 0.99.96 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Kaspersky Internet Security 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
  Java 64-bit 8 Update 31 
 Adobe Flash Player 16.0.0.305 
 Adobe Reader XI 
 Mozilla Firefox (35.0)
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent```````` 
 Kaspersky Lab Kaspersky Internet Security 15.0.0 avp.exe 
 Kaspersky Lab Kaspersky Internet Security 15.0.0 x64 wmi64.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Admin (administrator) on ADMIN-PC on 13-02-2015 00:14:58
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin & postgres (Available profiles: Admin & postgres)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
() C:\Program Files (x86)\Skiller Pro\Monitor.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Admin\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [Skiller Pro] => C:\Program Files (x86)\Skiller Pro\Monitor.exe [475136 2014-02-26] ()
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3980298719-2773488239-3045808690-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2dbkfjlb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: YouTube™ Flash® Player - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2dbkfjlb.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2015-01-18]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2dbkfjlb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-02]

Chrome:
=======
CHR HomePage: Profile 5 -> hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=4d4ba0460630431ca180d06365bd86d2&tu=10G9z00Bf1C01g0&sku=&tstsId=&ver=&
CHR StartupUrls: Profile 5 -> "hxxp://google.de/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-01]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-01]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-01]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-01]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-01]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-12-02] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-12-02] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-05-14] (Realtek Semiconductor Corporation                          )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 00:08 - 2015-02-13 00:08 - 00001090 _____ () C:\Windows\PFRO.log
2015-02-12 22:58 - 2015-02-12 22:58 - 00852594 _____ () C:\Users\Admin\Downloads\SecurityCheck.exe
2015-02-12 22:57 - 2015-02-12 22:58 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe
2015-02-12 19:21 - 2015-02-12 19:21 - 00049038 _____ () C:\Users\Admin\Downloads\yazidi.jpeg
2015-02-11 20:03 - 2015-02-11 20:03 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2015-02-11 19:54 - 2015-02-11 19:54 - 01388274 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2015-02-11 19:49 - 2015-02-11 19:51 - 00000000 ____D () C:\AdwCleaner
2015-02-11 19:40 - 2015-02-11 19:40 - 02112512 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.110.exe
2015-02-11 19:32 - 2015-02-11 19:32 - 00001204 _____ () C:\Users\Admin\Documents\malware.txt
2015-02-11 15:22 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 15:22 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 15:22 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 15:22 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 15:21 - 2015-02-11 20:06 - 00018391 _____ () C:\Users\Admin\Downloads\Addition.txt
2015-02-11 15:17 - 2015-02-13 00:16 - 00017780 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-02-11 15:16 - 2015-02-13 00:15 - 00000000 ____D () C:\FRST
2015-02-11 15:16 - 2015-02-11 20:03 - 02134016 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-02-11 02:14 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 02:14 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 02:14 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 02:14 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 02:14 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 02:14 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 02:14 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 02:14 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 02:14 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 02:14 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 02:14 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 02:14 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 02:14 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 02:14 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 02:14 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 02:14 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 02:14 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 02:14 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 02:14 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 02:14 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 02:14 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 02:14 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 02:14 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 02:14 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 02:14 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 02:14 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 02:14 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 02:14 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 02:14 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 02:14 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 02:14 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 02:14 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 02:14 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 02:14 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 02:14 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 02:14 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 02:14 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 02:14 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 02:13 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 02:13 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 02:13 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 02:13 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 02:13 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 02:13 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 02:13 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 02:13 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 02:13 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 02:13 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 02:13 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 02:13 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 02:13 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 02:13 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 02:13 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 02:13 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 02:13 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 02:13 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 02:13 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 02:13 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 02:13 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 02:13 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 02:13 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 02:13 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 02:13 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 02:13 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 02:13 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 02:13 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 02:13 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 02:13 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 02:13 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 02:13 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 02:13 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 02:13 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 02:13 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 02:13 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 02:13 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 02:13 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 02:13 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 02:13 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 02:13 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 02:13 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 02:13 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 02:13 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 02:13 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 02:13 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 02:13 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 02:13 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 02:13 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 02:13 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 02:13 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 02:13 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 02:13 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 02:13 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 02:13 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 02:13 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 02:13 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 02:12 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 23:33 - 2015-02-10 23:33 - 00042282 _____ () C:\Users\Admin\Downloads\bild40742_v-tlarge169_w-600_zc-be147c57.jpg-version=19366
2015-02-10 17:39 - 2015-02-11 03:26 - 00271440 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-10 03:07 - 2015-02-13 00:09 - 00000952 _____ () C:\Windows\setupact.log
2015-02-10 03:07 - 2015-02-10 03:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-09 20:43 - 2015-02-09 20:43 - 00060056 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-09 16:13 - 2015-02-09 16:13 - 05325208 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup502.exe
2015-02-09 02:23 - 2015-02-09 02:23 - 00065237 _____ () C:\Users\Admin\Downloads\537775ebf04a.jpeg
2015-02-08 02:40 - 2015-02-08 02:40 - 00262144 _____ () C:\Windows\system32\config\elam
2015-02-07 22:35 - 2015-02-07 22:35 - 00000000 ____D () C:\Program Files\Java
2015-02-07 22:34 - 2015-02-07 22:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\HoldemResources
2015-02-07 22:33 - 2015-02-07 22:33 - 74773785 _____ (HoldemResources) C:\Users\Admin\Downloads\holdemresources_release_x86_64_win-setup.exe
2015-02-07 22:24 - 2015-02-11 07:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\In The Money
2015-02-07 22:24 - 2015-02-07 22:24 - 09288947 _____ () C:\Users\Admin\Downloads\SitNGoWizardSetup_1_0_2_075.exe
2015-02-07 22:24 - 2015-02-07 22:24 - 00000000 ____D () C:\Users\Admin\AppData\Local\SitNGo_Wizard_Software_LL
2015-02-07 22:24 - 2015-02-07 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SitNGo Wizard
2015-02-07 22:24 - 2015-02-07 22:24 - 00000000 ____D () C:\Program Files (x86)\In The Money
2015-02-05 21:54 - 2015-02-05 21:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-04 17:03 - 2015-02-04 17:03 - 01754039 _____ () C:\Users\Admin\Downloads\Anhänge_20150204.zip
2015-02-04 17:03 - 2015-02-04 17:03 - 00000000 ____D () C:\Users\Admin\Downloads\Anhänge_20150204
2015-02-04 01:12 - 2015-02-04 01:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-04 01:12 - 2015-02-04 01:12 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-04 01:12 - 2015-02-04 01:12 - 00000000 ____D () C:\Program Files\iTunes
2015-02-04 01:12 - 2015-02-04 01:12 - 00000000 ____D () C:\Program Files\iPod
2015-02-04 01:12 - 2015-02-04 01:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-02 02:29 - 2015-02-02 02:29 - 02060888 _____ () C:\Users\Admin\Downloads\winrar-x64-520d.exe
2015-02-02 02:29 - 2015-02-02 02:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WinRAR
2015-02-02 02:29 - 2015-02-02 02:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 02:29 - 2015-02-02 02:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 02:29 - 2015-02-02 02:29 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-02 02:28 - 2015-02-02 02:28 - 01026453 _____ () C:\Users\Admin\Downloads\Champions_27.01.2015_14_57_36.rar
2015-02-01 02:40 - 2015-02-01 02:40 - 00096607 _____ () C:\Users\Admin\Downloads\two-office-hardcore-testers-tags-totallyundressed-312324_700_0.jpeg
2015-02-01 02:40 - 2015-02-01 02:40 - 00069135 _____ () C:\Users\Admin\Downloads\two-office-hard-sex-testers-tags-312337_700_0.jpeg
2015-02-01 02:40 - 2015-02-01 02:40 - 00055402 _____ () C:\Users\Admin\Downloads\two-office-hardcore-testers-tags-totallyundressed-312342_700_0.jpeg
2015-02-01 02:40 - 2015-02-01 02:40 - 00053054 _____ () C:\Users\Admin\Downloads\two-office-hardcore-testers-tags-totallyundressed-312322_700_0.jpeg
2015-02-01 02:04 - 2015-02-04 17:05 - 00000000 ____D () C:\Users\Admin\Downloads\sng
2015-01-29 17:56 - 2015-01-29 17:56 - 00039332 _____ () C:\Users\Admin\Downloads\media.media.b868980e-64c8-4c6d-a637-ed88e2c204d3.normalized.jpeg
2015-01-23 18:18 - 2015-01-23 18:18 - 00268259 _____ () C:\Users\Admin\Downloads\komine-tsubasa-cen-lolicon-shotacon-mom-98606_700_0.jpeg
2015-01-23 18:17 - 2015-01-23 18:17 - 00174200 _____ () C:\Users\Admin\Downloads\tags-1280x1024-bdsm-bestiality-blush-bondage-113258.jpeg
2015-01-23 06:57 - 2015-01-09 23:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-23 06:55 - 2015-01-13 05:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-23 06:55 - 2015-01-13 05:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 06:55 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-23 06:55 - 2015-01-10 09:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-22 18:52 - 2015-01-22 18:52 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-22 18:52 - 2015-01-22 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlyRO
2015-01-22 18:52 - 2015-01-22 18:52 - 00000000 ____D () C:\Games
2015-01-22 18:51 - 2015-01-22 18:51 - 18364482 _____ (OnlyRO.com ) C:\Users\Admin\Downloads\OnlyRO.exe
2015-01-22 01:23 - 2015-01-22 01:23 - 00331804 _____ () C:\Users\Admin\Downloads\8e8983dc.jpg~original
2015-01-22 01:23 - 2015-01-22 01:23 - 00301654 _____ () C:\Users\Admin\Downloads\75f1d263.jpg~original
2015-01-22 01:22 - 2015-01-22 01:22 - 00350902 _____ () C:\Users\Admin\Downloads\32831b6d.jpg~original
2015-01-18 14:55 - 2015-01-18 14:55 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-01-18 14:23 - 2015-01-18 18:43 - 00000000 ____D () C:\Users\Admin\Downloads\Neuer Ordner
2015-01-18 14:23 - 2015-01-18 14:24 - 00000000 ____D () C:\Users\Admin\Downloads\Neuer Ordner (2)
2015-01-18 01:46 - 2015-01-18 01:46 - 00000000 ____D () C:\Users\Admin\AppData\Local\Macromedia
2015-01-18 01:43 - 2015-02-12 23:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 01:43 - 2015-02-05 01:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-18 01:43 - 2015-02-05 01:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 01:43 - 2015-02-05 01:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-18 01:43 - 2015-01-18 01:43 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-18 01:43 - 2015-01-18 01:43 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-14 18:46 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 18:46 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 18:46 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 18:46 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 18:46 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 18:46 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 00:13 - 2014-12-02 20:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-13 00:12 - 2014-03-27 14:25 - 01191586 _____ () C:\Windows\WindowsUpdate.log
2015-02-13 00:11 - 2009-07-14 05:45 - 00036112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-13 00:11 - 2009-07-14 05:45 - 00036112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-13 00:09 - 2014-11-25 20:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-13 00:09 - 2014-03-28 08:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-13 00:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 00:07 - 2014-03-28 11:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SoftGrid Client
2015-02-13 00:00 - 2014-11-25 20:52 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 19:27 - 2014-12-07 04:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-12 18:46 - 2014-11-25 20:53 - 00000000 ____D () C:\Users\Admin\Desktop\Neuer Ordner
2015-02-12 18:32 - 2014-12-01 20:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HoldemManager
2015-02-12 18:23 - 2014-11-25 21:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\PokerStars.EU
2015-02-11 19:12 - 2014-12-07 04:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 07:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 07:16 - 2014-12-01 20:50 - 00000000 ____D () C:\Program Files (x86)\Holdem Manager 2
2015-02-11 03:24 - 2014-12-13 01:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 03:24 - 2014-11-25 19:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 03:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 03:06 - 2014-03-28 08:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:01 - 2014-03-28 08:54 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 20:01 - 2014-03-28 09:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-02-09 16:13 - 2014-12-04 19:31 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-09 12:53 - 2014-11-27 16:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-08 14:03 - 2014-03-27 23:13 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2015-02-08 14:03 - 2014-03-27 23:13 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2015-02-08 14:03 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 02:54 - 2009-07-14 06:08 - 00026838 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-08 02:48 - 2014-12-01 20:50 - 00000000 ____D () C:\Users\postgres
2015-02-08 02:48 - 2014-03-27 14:26 - 00000000 ____D () C:\Users\Admin
2015-02-08 02:47 - 2014-11-28 20:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView
2015-02-08 02:47 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-08 02:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-07 11:55 - 2014-11-25 20:52 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 11:55 - 2014-11-25 20:52 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 01:12 - 2014-11-30 20:05 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-23 06:57 - 2015-01-07 01:25 - 00000000 ____D () C:\TEMP
2015-01-23 06:57 - 2014-03-28 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-22 16:41 - 2014-11-30 20:08 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2015-01-18 01:46 - 2014-12-06 23:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-01-17 17:06 - 2014-11-30 14:48 - 00028877 _____ () C:\Users\Admin\Documents\Jennifear's MTT Push%2FFold Charts.xlsx
2015-01-16 07:41 - 2014-10-02 18:11 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-16 07:41 - 2014-10-02 18:11 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-16 07:41 - 2014-03-28 08:24 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-16 07:41 - 2014-03-28 08:24 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-14 19:28 - 2014-12-14 23:03 - 00006656 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2014-12-14 23:03 - 2015-01-14 19:28 - 0006656 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 06:05

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by Admin at 2015-02-13 00:16:49
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.6129.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OnlyRO (HKLM-x32\...\{47EDDAFC-C71F-4F26-BBDC-D4D8629B2688}_is1) (Version:  - OnlyRO.com)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
RICOH_Media_Driver_v2.22.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.22.18.01 - RICOH)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
SitNGo Wizard (HKLM-x32\...\SitNGoWizard) (Version:  - In The Money LLC)
Skiller Pro Driver (HKLM-x32\...\{54C8FBB3-B992-43CB-8F0A-E26228013F88}) (Version: 1.0 - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
Tournament Indicator 2.2.5 (HKLM-x32\...\Tournament Indicator_is1) (Version:  - hxxp://www.TournamentIndicator.com)
TP-LINK TL-WN821N Driver (HKLM-x32\...\{26B52E5B-1620-4676-9B46-B6C56B8105CE}) (Version: 1.2.1 - TP-LINK)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

07-02-2015 22:34:48 Installed Java 7 Update 51 (64-bit)
11-02-2015 02:03:44 Windows Update
11-02-2015 03:00:25 Windows Update
12-02-2015 03:00:31 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B499B33-812A-42D8-96F2-53E4BDA68083} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {15E60113-C68E-4D01-A1FB-485772EC5C94} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {19C3820F-2251-42EA-8923-D222D5E75AF7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2630139D-E392-49D5-AE40-6A1B104A9227} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {6A964508-99A9-429F-8870-2465037DE218} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {B8E8D1EF-9BF5-4F38-B05B-C40F070507FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.)
Task: {EE67241D-F366-4188-850C-2A2DC7432AC1} - System32\Tasks\{6E27A0AE-8F92-4AE0-920B-476CEB25AD61} => pcalua.exe -a D:\Software\setup.exe -d D:\Software
Task: {F9991ECF-A100-492C-9FCF-23FE8ACB1B02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-28 08:20 - 2015-01-10 00:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-11-25 19:51 - 2013-10-29 13:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2014-11-25 19:59 - 2014-02-26 14:45 - 00475136 _____ () C:\Program Files (x86)\Skiller Pro\Monitor.EXE
2014-11-25 19:51 - 2012-12-11 11:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2015-02-12 22:58 - 2015-02-12 22:58 - 00852594 _____ () C:\Users\Admin\Downloads\SecurityCheck.exe
2014-12-01 20:49 - 2014-02-18 09:11 - 00172032 _____ () c:\postgreSQL\bin\LIBPQ.dll
2014-11-25 19:51 - 2013-01-15 17:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2014-11-25 19:59 - 2014-09-03 15:58 - 00057344 _____ () C:\Program Files (x86)\Skiller Pro\lan.dll
2014-11-25 19:59 - 2012-08-14 22:41 - 00061440 _____ () C:\Program Files (x86)\Skiller Pro\hiddriver.dll
2014-11-25 19:51 - 2013-11-05 16:31 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
2014-12-01 20:50 - 2012-08-14 14:19 - 00999424 _____ () c:\postgreSQL\bin\libxml2.dll
2015-02-06 20:59 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 20:59 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 20:59 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-02-06 20:59 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3980298719-2773488239-3045808690-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Accounts: =============================

Admin (S-1-5-21-3980298719-2773488239-3045808690-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3980298719-2773488239-3045808690-500 - Administrator - Disabled)
Gast (S-1-5-21-3980298719-2773488239-3045808690-501 - Limited - Disabled)
postgres (S-1-5-21-3980298719-2773488239-3045808690-1004 - Limited - Enabled) => C:\Users\postgres

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2015 00:10:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2015 00:09:16 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-13 00:09:16 CETFATAL:  the database system is starting up

Error: (02/13/2015 00:05:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/13/2015 00:03:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/12/2015 03:03:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11263

Error: (02/12/2015 03:03:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11263

Error: (02/12/2015 03:03:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/12/2015 03:03:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10249

Error: (02/12/2015 03:03:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10249

Error: (02/12/2015 03:03:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/12/2015 03:00:17 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (02/13/2015 00:10:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2015 00:09:16 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-02-13 00:09:16 CETFATAL:  the database system is starting up

Error: (02/13/2015 00:05:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu.exe

Error: (02/13/2015 00:03:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/12/2015 03:03:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11263

Error: (02/12/2015 03:03:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11263

Error: (02/12/2015 03:03:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/12/2015 03:03:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10249

Error: (02/12/2015 03:03:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10249

Error: (02/12/2015 03:03:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2015-02-12 01:38:52.862
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-12 01:38:52.853
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-12 01:35:57.760
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-12 01:35:57.733
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-21 04:49:08.418
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-21 04:49:08.417
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-21 04:49:08.416
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-21 04:49:08.365
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-13 03:30:03.961
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-13 03:30:03.952
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 31%
Total physical RAM: 8173.55 MB
Available physical RAM: 5619.2 MB
Total Pagefile: 16345.3 MB
Available Pagefile: 13164.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:801.44 GB) NTFS
Drive d: (R. Rumble 2005) (CDROM) (Total:4.31 GB) (Free:0 GB) UDF
Drive e: (Iomega ScreenPlay HD) (Fixed) (Total:931.51 GB) (Free:874.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2CC7C6E0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: D02E5EE4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 13.02.2015 17:20
hi,

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



LauraThal 13.02.2015 18:22
Code:
Farbar Service Scanner Version: 17-01-2015
Ran by Admin (administrator) on 13-02-2015 at 18:22:07
Running from "C:\Users\Admin\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

schrauber 14.02.2015 11:50
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

LauraThal 14.02.2015 19:33
Vielen lieben dank :))

Eine Frage hätte ich noch..kann man sich unseren Laptop auch mal ansehen?
Vor paar Tagen lief der fast gar nicht..nachdem ich Ccleaner benutzt habe, gehts es jetzt besser aber ich wollte mal wissen ob du da auch nicht noch was drauf ist

schrauber 15.02.2015 08:40
Poste mal FRST Logs von dem Gerät :)

LauraThal 15.02.2015 13:11

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015
Ran by LordDrygin (administrator) on LORDDRYGIN-PC on 15-02-2015 13:08:45
Running from C:\Users\LordDrygin\Downloads
Loaded Profiles: LordDrygin (Available profiles: LordDrygin & postgres)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe
(Farbar) C:\Users\LordDrygin\Downloads\FRST (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243352 2014-12-09] (COMODO)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-817323750-2849227344-2509689014-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-817323750-2849227344-2509689014-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2015-02-03] (SUPERAntiSpyware)
HKU\S-1-5-21-817323750-2849227344-2509689014-1000\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-09] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-817323750-2849227344-2509689014-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-817323750-2849227344-2509689014-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll (AdTrustMedia)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9142A077-4E62-4396-9E04-485F96D7E296}: [NameServer] 156.154.70.25,156.154.71.25

FireFox:
========
FF ProfilePath: C:\Users\LordDrygin\AppData\Roaming\Mozilla\Firefox\Profiles\f3xusbjb.default
FF NetworkProxy: "autoconfig_url", "chrome://viewtubes/content/viewtubes_false.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\LordDrygin\AppData\Roaming\Mozilla\Firefox\Profiles\f3xusbjb.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\LordDrygin\AppData\Roaming\Mozilla\Firefox\Profiles\f3xusbjb.default\searchplugins\google-maps.xml
FF Extension: WOT - C:\Users\LordDrygin\AppData\Roaming\Mozilla\Firefox\Profiles\f3xusbjb.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-27]
FF Extension: FoxClocks - C:\Users\LordDrygin\AppData\Roaming\Mozilla\Firefox\Profiles\f3xusbjb.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2014-07-03]
FF Extension: Cliqz Beta - C:\Users\LordDrygin\AppData\Roaming\Mozilla\Firefox\Profiles\f3xusbjb.default\Extensions\cliqz@cliqz.com.xpi [2014-06-29]
FF Extension: Viewtubes - C:\Users\LordDrygin\AppData\Roaming\Mozilla\Firefox\Profiles\f3xusbjb.default\Extensions\FF_AddOn@viewtubes.de.xpi [2014-07-13]
FF Extension: The Addon Bar (restored) - C:\Users\LordDrygin\AppData\Roaming\Mozilla\Firefox\Profiles\f3xusbjb.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-07-03]
FF Extension: NoScript - C:\Users\LordDrygin\AppData\Roaming\Mozilla\Firefox\Profiles\f3xusbjb.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-09]
FF Extension: Adblock Plus - C:\Users\LordDrygin\AppData\Roaming\Mozilla\Firefox\Profiles\f3xusbjb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-09]
FF HKU\S-1-5-21-817323750-2849227344-2509689014-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\LordDrygin\AppData\Roaming\Mozilla\Firefox\Profiles\f3xusbjb.default\extensions\cliqz@cliqz.com

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\LordDrygin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\LordDrygin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-13]
CHR Extension: (Google Drive) - C:\Users\LordDrygin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LordDrygin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-23]
CHR Extension: (YouTube) - C:\Users\LordDrygin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-13]
CHR Extension: (Google-Suche) - C:\Users\LordDrygin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-13]
CHR Extension: (AdBlock) - C:\Users\LordDrygin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\LordDrygin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-13]
CHR Extension: (Google Mail) - C:\Users\LordDrygin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-13]
CHR HKU\S-1-5-21-817323750-2849227344-2509689014-1000\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Users\LordDrygin\AppData\Local\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-04-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2015-01-26] (SUPERAntiSpyware.com)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2014-12-09] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2014-12-09] (COMODO)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2014-01-25] (Intel Corporation)
S4 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 b57xdbd; C:\Windows\System32\DRIVERS\b57xdbd.sys [60968 2011-11-04] (Broadcom Corporation)
R3 b57xdmp; C:\Windows\System32\DRIVERS\b57xdmp.sys [17960 2011-11-04] (Broadcom Corporation)
R3 bScsiMSx; C:\Windows\System32\DRIVERS\bScsiMSx.sys [43560 2011-09-02] (Broadcom Corporation)
R3 bScsiSDx; C:\Windows\System32\DRIVERS\bScsiSDx.sys [47104 2012-05-03] (Broadcom Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [617536 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2014-12-09] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2014-12-09] (COMODO)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [40736 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [29728 2013-12-06] (Visicom Media Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [25376 2013-09-05] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\LORDDR~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 13:08 - 2015-02-15 13:09 - 00013207 _____ () C:\Users\LordDrygin\Downloads\FRST.txt
2015-02-15 13:08 - 2015-02-15 13:08 - 01125888 _____ (Farbar) C:\Users\LordDrygin\Downloads\FRST (1).exe
2015-02-15 07:44 - 2015-02-15 07:44 - 00064024 _____ () C:\Users\LordDrygin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-15 07:42 - 2015-02-15 07:42 - 00286616 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-15 07:42 - 2015-02-15 07:42 - 00000056 _____ () C:\Windows\setupact.log
2015-02-15 07:42 - 2015-02-15 07:42 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-15 07:40 - 2015-02-15 07:40 - 00000594 _____ () C:\Windows\PFRO.log
2015-02-13 20:59 - 2015-02-13 20:59 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-13 20:59 - 2015-02-13 20:59 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-13 20:59 - 2015-02-13 20:59 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-13 20:59 - 2015-02-13 20:59 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-13 20:59 - 2015-02-13 20:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-13 20:59 - 2015-02-13 20:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-13 20:59 - 2015-02-13 20:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-13 20:59 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-13 20:57 - 2015-02-13 20:57 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-13 20:57 - 2015-02-13 20:57 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-13 20:57 - 2015-02-13 20:57 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-13 20:57 - 2015-02-13 20:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-13 20:57 - 2015-02-13 20:57 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-13 20:57 - 2015-02-13 20:57 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-13 20:57 - 2015-02-13 20:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-13 20:57 - 2015-02-13 20:57 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-13 20:57 - 2015-02-13 20:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-13 20:57 - 2015-02-13 20:57 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-13 20:57 - 2015-02-13 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-13 20:57 - 2015-02-13 20:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-13 20:57 - 2015-02-13 20:57 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-13 20:57 - 2015-02-13 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-13 20:57 - 2015-02-13 20:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-13 20:56 - 2015-02-13 20:56 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-13 20:56 - 2015-02-13 20:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-13 20:54 - 2015-02-13 20:54 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-13 20:54 - 2015-02-13 20:54 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-13 20:54 - 2015-02-13 20:54 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-13 20:54 - 2015-02-13 20:54 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-13 20:54 - 2015-02-13 20:54 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-01-26 01:32 - 2015-01-26 01:32 - 00000000 ____D () C:\Users\LordDrygin\AppData\Roaming\SUPERAntiSpyware.com
2015-01-26 01:31 - 2015-02-15 07:44 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-26 01:31 - 2015-02-09 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-26 01:31 - 2015-01-26 01:31 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-26 01:29 - 2015-01-26 01:29 - 20794952 _____ (SUPERAntiSpyware) C:\Users\LordDrygin\Downloads\SUPERAntiSpyware6.0.1168.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 13:08 - 2014-04-19 20:51 - 00031260 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-02-15 13:08 - 2014-04-19 12:37 - 00000000 ____D () C:\FRST
2015-02-15 13:01 - 2014-04-19 20:35 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-02-15 12:48 - 2014-03-08 07:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 12:42 - 2014-05-05 16:23 - 01241604 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 12:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-15 07:48 - 2009-07-14 05:34 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 07:48 - 2009-07-14 05:34 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 07:42 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 07:40 - 2014-12-12 06:07 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-15 07:40 - 2014-05-06 19:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-15 07:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-14 02:19 - 2014-03-08 07:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-14 02:15 - 2014-03-08 07:42 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-13 22:20 - 2014-04-27 01:03 - 00000000 ____D () C:\Users\LordDrygin\Desktop\Sicherheitsprogramme
2015-02-13 22:04 - 2014-09-21 00:14 - 00000000 ____D () C:\Program Files\AVG
2015-02-13 22:04 - 2014-03-09 18:03 - 00000000 ____D () C:\ProgramData\AVG
2015-02-13 22:03 - 2014-09-21 00:13 - 00000000 ____D () C:\Users\LordDrygin\AppData\Local\AvgSetupLog
2015-02-13 21:56 - 2009-07-14 05:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-05 02:48 - 2014-03-08 07:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 02:48 - 2014-03-08 07:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 01:39 - 2014-03-09 11:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-04 03:10 - 2014-09-19 16:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== Files in the root of some directories =======

2014-09-19 22:14 - 2014-09-19 22:18 - 0006656 _____ () C:\Users\LordDrygin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\LordDrygin\AppData\Local\temp\DseShExt-x86.dll
C:\Users\LordDrygin\AppData\Local\temp\SDShelEx-win32.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-15 12:26

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-02-2015
Ran by LordDrygin at 2015-02-15 13:09:49
Running from C:\Users\LordDrygin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PokerStars.eu (HKLM\...\PokerStars.eu) (Version:  - PokerStars.eu)
PrivDog (HKLM\...\PrivDog) (Version: 2.1.0.22 - privdog.com)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smite (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2268.2 - Hi-Rez Studios)
South Park™: The Stick of Truth™ (HKLM\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinRAR 5.10 beta 2 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-10-2014 02:56:02 Geplanter Prüfpunkt
06-11-2014 05:23:59 Geplanter Prüfpunkt
13-11-2014 17:40:27 Geplanter Prüfpunkt
14-11-2014 02:21:18 Windows Update
20-11-2014 03:00:28 Windows Update
04-12-2014 06:51:57 Geplanter Prüfpunkt
11-12-2014 06:55:24 Windows Update
22-12-2014 17:53:25 Windows Update
10-01-2015 11:35:01 Geplanter Prüfpunkt
15-01-2015 06:15:08 Windows Update
04-02-2015 04:09:57 Geplanter Prüfpunkt
13-02-2015 21:54:38 AVG PC TuneUp 2015 wird entfernt
13-02-2015 22:01:09 AVG PC TuneUp 2015 (de-DE) wird entfernt
14-02-2015 02:12:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-04-19 20:05 - 2014-06-28 04:35 - 00449906 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        localhost
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06A5F8A7-2453-454C-B7AE-08F7A0ED1D72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-13] (Google Inc.)
Task: {2A0498B1-B679-4B3B-AE75-13B113772E82} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {2E183E14-5121-49B9-A75C-1EB84E2C3039} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {3FC1A8A7-2360-4E8B-864F-6A79FCA00318} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {5074CC04-88A4-41C9-AEDB-57D0B27A288C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {5C8452CA-ECB7-4540-BA8D-7FE00E890306} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6490426E-B091-4550-977B-FDC5A60C3859} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {7951DC62-5F45-4988-873D-013AAF461805} - System32\Tasks\{1E340A69-A807-4988-A911-D15C4F74B41C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?source=lightinstaller&amp;page=tsPlugin
Task: {88B9492F-CE75-4367-A32E-D26F56783511} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8F66A61E-D877-40D2-A084-D32D1D085C18} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {90396E75-7BBC-4191-BA6C-7074800841D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {960E127B-976C-4D06-B0B2-F1196996DEFC} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {C0ADD48E-1FAF-4050-8E7F-EBEF9169F89C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-13] (Google Inc.)
Task: {DA299E99-5E4F-4F86-AC5B-8096E5B01E47} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {E55AA914-1C7C-426A-B94B-9423837E8934} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E8BE5C4F-E9FD-433A-91BB-DCAE3DC6D89F} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-09 12:09 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-09 12:09 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-09 12:09 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-04-15 17:39 - 2013-04-15 17:39 - 00070352 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-11-25 19:41 - 2014-11-14 22:15 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
2014-11-25 19:41 - 2014-11-14 22:15 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\libegl.dll
2014-11-25 19:41 - 2014-11-14 22:15 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-25 19:41 - 2014-11-14 22:15 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
2014-11-25 19:41 - 2014-11-14 22:15 - 14910280 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\LordDrygin\Downloads\bbbf.jpg:$CmdZnID
AlternateDataStreams: C:\Users\LordDrygin\Downloads\FRST (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\LordDrygin\Downloads\FRST (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\LordDrygin\Downloads\grhr.jpg:$CmdZnID
AlternateDataStreams: C:\Users\LordDrygin\Downloads\hfhf.jpg:$CmdZnID
AlternateDataStreams: C:\Users\LordDrygin\Downloads\Microsoft Word-Dokument (neu).docx:$CmdZnID
AlternateDataStreams: C:\Users\LordDrygin\Downloads\SUPERAntiSpyware6.0.1168.exe:$CmdTcID
AlternateDataStreams: C:\Users\LordDrygin\Downloads\SUPERAntiSpyware6.0.1168.exe:$CmdZnID
AlternateDataStreams: C:\Users\LordDrygin\Downloads\utiti.jpg:$CmdZnID
AlternateDataStreams: C:\Users\LordDrygin\Downloads\Workshops 2015 (1).doc:$CmdZnID
AlternateDataStreams: C:\Users\LordDrygin\Downloads\Workshops 2015.doc:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-817323750-2849227344-2509689014-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 156.154.70.25 - 156.154.71.25

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-817323750-2849227344-2509689014-500 - Administrator - Disabled)
Gast (S-1-5-21-817323750-2849227344-2509689014-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-817323750-2849227344-2509689014-1002 - Limited - Enabled)
LordDrygin (S-1-5-21-817323750-2849227344-2509689014-1000 - Administrator - Enabled) => C:\Users\LordDrygin
postgres (S-1-5-21-817323750-2849227344-2509689014-1005 - Limited - Enabled) => C:\Users\postgres

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/15/2015 00:33:20 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (02/15/2015 00:33:07 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (02/15/2015 00:32:46 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (02/15/2015 00:31:13 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (02/15/2015 00:31:10 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (02/15/2015 00:31:07 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (02/15/2015 07:43:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/15/2015 07:43:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (02/15/2015 07:43:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/15/2015 07:43:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 62%
Total physical RAM: 2388.36 MB
Available physical RAM: 894.07 MB
Total Pagefile: 4775 MB
Available Pagefile: 2776.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.46 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:275.41 GB) (Free:142.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:22.66 GB) (Free:12.3 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 19F509E3)
Partition 1: (Not Active) - (Size=22.7 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=275.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 15.02.2015 19:19
Da haben wir Arbeit :)


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

LauraThal 16.02.2015 09:20
echt?
danke aufjedenfall!!
Code:
ComboFix 15-02-13.02 - LordDrygin 16.02.2015  9:06.1.8 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.2388.1453 [GMT 1:00]
ausgeführt von:: c:\users\LordDrygin\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {F0BC89B2-8937-0933-021B-B17D981F2A71}
FW: COMODO Firewall *Enabled* {C8870897-C358-086B-2944-184866CC6D0A}
SP: Comodo Defense+ *Enabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-01-16 bis 2015-02-16  ))))))))))))))))))))))))))))))
.
.
2015-02-16 08:10 . 2015-02-16 08:10        --------        d-----w-        c:\users\LordDrygin\AppData\Local\temp
2015-02-16 08:10 . 2015-02-16 08:10        --------        d-----w-        c:\users\Public\AppData\Local\temp
2015-02-16 08:10 . 2015-02-16 08:10        --------        d-----w-        c:\users\postgres\AppData\Local\temp
2015-02-16 08:10 . 2015-02-16 08:10        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-02-15 06:52 . 2015-02-15 06:52        620032        ----a-w-        c:\windows\system32\jscript9diag.dll
2015-02-15 06:52 . 2015-02-15 06:52        4300800        ----a-w-        c:\windows\system32\jscript9.dll
2015-02-13 19:57 . 2015-02-13 19:57        2380288        ----a-w-        c:\windows\system32\win32k.sys
2015-02-13 19:56 . 2015-02-13 19:56        571904        ----a-w-        c:\windows\system32\oleaut32.dll
2015-02-13 19:54 . 2015-02-13 19:54        179200        ----a-w-        c:\windows\system32\wintrust.dll
2015-02-13 19:54 . 2015-02-13 19:54        143872        ----a-w-        c:\windows\system32\cryptsvc.dll
2015-02-13 19:54 . 2015-02-13 19:54        1174528        ----a-w-        c:\windows\system32\crypt32.dll
2015-02-13 19:54 . 2015-02-13 19:54        308224        ----a-w-        c:\windows\system32\scesrv.dll
2015-02-13 19:54 . 2015-02-13 19:54        1230336        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2015-02-03 05:13 . 2015-02-04 02:10        73840        ----a-w-        c:\program files\Mozilla Firefox\wow_helper.exe
2015-01-26 00:32 . 2015-01-26 00:32        --------        d-----w-        c:\users\LordDrygin\AppData\Roaming\SUPERAntiSpyware.com
2015-01-26 00:31 . 2015-02-15 19:24        --------        d-----w-        c:\program files\SUPERAntiSpyware
2015-01-26 00:31 . 2015-01-26 00:31        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 01:48 . 2014-03-08 06:11        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 01:48 . 2014-03-08 06:11        701616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-12-19 02:43 . 2015-01-14 05:14        164864        ----a-w-        c:\windows\system32\profsvc.dll
2014-12-19 01:34 . 2015-01-14 05:14        116224        ----a-w-        c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 05:14        74240        ----a-w-        c:\windows\system32\TSWbPrxy.exe
2014-12-09 00:20 . 2014-03-25 18:22        91200        ----a-w-        c:\windows\system32\drivers\inspect.sys
2014-12-09 00:20 . 2014-03-25 18:22        41248        ----a-w-        c:\windows\system32\drivers\cmdhlp.sys
2014-12-09 00:20 . 2014-03-25 18:22        617536        ----a-w-        c:\windows\system32\drivers\cmdguard.sys
2014-12-09 00:20 . 2014-03-25 18:22        17088        ----a-w-        c:\windows\system32\drivers\cmderd.sys
2014-12-09 00:20 . 2014-03-25 18:22        352272        ----a-w-        c:\windows\system32\guard32.dll
2014-12-09 00:20 . 2014-03-25 18:22        33520        ----a-w-        c:\windows\system32\cmdcsr.dll
2014-12-09 00:20 . 2014-03-25 18:22        286424        ----a-w-        c:\windows\system32\cmdvrt32.dll
2014-12-09 00:20 . 2014-03-25 18:22        40664        ----a-w-        c:\windows\system32\cmdkbd32.dll
2014-12-07 12:50 . 2014-09-21 20:35        114904        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-06 03:50 . 2015-01-14 05:14        242688        ----a-w-        c:\windows\system32\nlasvc.dll
2014-11-21 05:14 . 2014-09-21 20:34        51928        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-09-21 20:34        75480        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-09-21 20:34        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-02-03 6699800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-12-09 1243352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-03-09 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Logitech Download Assistant"=c:\windows\system32\rundll32.exe c:\windows\System32\LogiLDA.dll,LogiFetch
"HotKeysCmds"="c:\windows\system32\hkcmd.exe"
"IgfxTray"="c:\windows\system32\igfxtray.exe"
"Persistence"="c:\windows\system32\igfxpers.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"COMODO Internet Security"=c:\program files\COMODO\COMODO Internet Security\cistray.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"PrivDogService"="c:\program files\AdTrustMedia\PrivDog\2.1.0.22\trustedadssvc.exe"
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
"AvgUi"="c:\program files\AVG\Framework\Common\avguix.exe" /fmw.trayonly
.
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-12-09 1664216]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-13 102912]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2013-11-27 40736]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-12-06 29728]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [2014-08-22 9216]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-09-05 25376]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2014-12-09 17088]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2014-12-09 617536]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2014-12-09 41248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2015-01-26 142648]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-11-04 60968]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-11-04 17960]
S3 bScsiMSx;bScsiMSx;c:\windows\system32\DRIVERS\bScsiMSx.sys [2011-09-02 43560]
S3 bScsiSDx;bScsiSDx;c:\windows\system32\DRIVERS\bScsiSDx.sys [2012-05-03 47104]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2012-01-18 370728]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-25 18:39        1087304        ----a-w-        c:\program files\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-08 01:48]
.
2014-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-13 17:13]
.
2014-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-13 17:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files\PokerStars.EU\PokerStarsUpdate.exe
TCP: Interfaces\{9142A077-4E62-4396-9E04-485F96D7E296}: NameServer = 156.154.70.25,156.154.71.25
FF - ProfilePath - c:\users\LordDrygin\AppData\Roaming\Mozilla\Firefox\Profiles\f3xusbjb.default\
FF - prefs.js: network.proxy.type - 2
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-817323750-2849227344-2509689014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-817323750-2849227344-2509689014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Zeit der Fertigstellung: 2015-02-16  09:12:27
ComboFix-quarantined-files.txt  2015-02-16 08:12
.
Vor Suchlauf: 33 Verzeichnis(se), 150.134.145.024 Bytes frei
Nach Suchlauf: 36 Verzeichnis(se), 150.065.250.304 Bytes frei
.
- - End Of File - - E5872AC0D30951EA9261170129478BB5
A36C5E4F47E84449FF07ED3517B43A31


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:10 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131