Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Habe mir wohl etwas eingefangen....

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.10.2014, 19:16   #1
stojan87
 
Habe mir wohl etwas eingefangen.... - Standard

Habe mir wohl etwas eingefangen....



Malewarebytes Anti-Maleware und Avast free Antivirus haben Befall bei mir gemeldet.
Ich habe versucht alles zu entfernen, das Ergebnis ist jedoch nicht zufrieden stellend.

Ich wäre froh wenn mir jemand helfen könnte alles aufzuspüren und zu entfernen,
so dass mein System wieder komplett virenfrei ist.

Mit freundlichen Grüssen
stojan

Alt 16.10.2014, 20:34   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Habe mir wohl etwas eingefangen.... - Standard

Habe mir wohl etwas eingefangen....



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 16.10.2014, 20:52   #3
stojan87
 
Habe mir wohl etwas eingefangen.... - Standard

Habe mir wohl etwas eingefangen....




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by mile (administrator) on WOHNZIMMER on 16-10-2014 20:41:53
Running from C:\Users\mile\Downloads
Loaded Profile: mile (Available profiles: mile & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
() C:\Program Files (x86)\PHotkey\KeyboardMonitorTool.exe
() C:\Program Files (x86)\PHotkey\Dolbyosd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(BitTorrent, Inc.) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-30] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\Run: [Steam] => D:\Deus Ex\Steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-08-30] (Electronic Arts)
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\Run: [BitTorrent Sync] => C:\Program Files (x86)\BitTorrent Sync\BTSync.exe [3025512 2014-08-03] (BitTorrent, Inc.)
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\MountPoints2: {7259114e-fefa-11e3-82b7-a088694b1bb1} - "G:\Setup.exe" 
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\MountPoints2: {ea412ba8-1b09-11e4-82bc-a088694b1bb1} - "F:\Launch.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1411297458&from=ild&uid=HGSTXHTS545050A7E680_TM8514GL0VBLYP0VBLYPX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {0DED61CF-1520-4CCC-A1CC-673981B1D725} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: TheHDvid-Codec V10 -> {11111111-1111-1111-1111-110611331115} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO-x32: TheHDvid-Codec V10 -> {11111111-1111-1111-1111-110611331115} -> C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bho.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: about:home
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\user.js
FF SearchPlugin: C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: zonealarm.com - C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\Extensions\ffxtlbr@zonealarm.com [2014-09-30]
FF Extension: Adblock Plus - C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-30]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-06]
CHR Extension: (Google Docs) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-06]
CHR Extension: (Google Drive) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-06]
CHR Extension: (YouTube) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-06]
CHR Extension: (TheHDvid-Codec V10) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-06]
CHR Extension: (Google-Suche) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-06]
CHR Extension: (Google Tabellen) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-06]
CHR Extension: (avast! Online Security) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-06]
CHR Extension: (Google Wallet) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-06]
CHR Extension: (Google Mail) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-30] (AVAST Software)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
S2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 PGFNEXSrv; C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe [136192 2014-03-04] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-20] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-30] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-08-03] (Disc Soft Ltd)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-01-22] (Intel Corporation)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2014-06-10] (Kaspersky Lab)
U5 klif; C:\Windows\System32\Drivers\klif.sys [490080 2014-06-10] (Kaspersky Lab ZAO)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3609568 2013-12-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                           )
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [32024 2013-10-04] (Intel Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450456 2014-07-23] (Check Point Software Technologies Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\UBIOS\amifldrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 20:41 - 2014-10-16 20:42 - 00020298 _____ () C:\Users\mile\Downloads\FRST.txt
2014-10-16 20:41 - 2014-10-16 20:41 - 00000000 ____D () C:\FRST
2014-10-16 20:39 - 2014-10-16 20:40 - 02112000 _____ (Farbar) C:\Users\mile\Downloads\FRST64.exe
2014-10-16 14:13 - 2014-10-16 14:13 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WOHNZIMMER-Microsoft-Windows-8.1-(64-bit).dat
2014-10-16 14:13 - 2014-10-16 14:13 - 00000000 ____D () C:\RegBackup
2014-10-16 13:26 - 2014-10-16 13:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 13:26 - 2014-10-16 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-16 13:26 - 2014-10-16 13:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-16 13:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-16 13:26 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-16 11:59 - 2014-10-16 13:26 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-16 11:59 - 2014-10-16 13:26 - 00000000 ____D () C:\Users\mile\AppData\Roaming\Malwarebytes
2014-10-16 11:59 - 2014-10-16 13:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 11:59 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-16 10:25 - 2014-10-16 10:27 - 00000000 ____D () C:\Users\mile\Downloads\Tweaking.com - Windows Repair
2014-10-16 10:19 - 2014-10-16 10:25 - 03836936 _____ (Piriform Ltd) C:\Users\mile\Downloads\ccsetup418_slim.exe
2014-10-14 16:03 - 2014-10-14 16:03 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-10-14 16:03 - 2014-10-14 16:03 - 00000000 ____D () C:\Users\mile\AppData\Local\SWTORPerf
2014-10-14 16:02 - 2014-10-14 16:02 - 00019636 _____ () C:\Users\mile\Documents\Install STAR WARS The Old Republic.log
2014-10-14 16:02 - 2014-10-14 16:02 - 00000664 _____ () C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2014-10-14 16:02 - 2014-10-14 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2014-10-14 15:48 - 2014-10-14 16:01 - 29720272 _____ () C:\Users\mile\Downloads\SWTOR_setup.exe
2014-10-06 20:28 - 2014-10-06 20:28 - 00002236 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-10-06 20:28 - 2014-10-06 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-10-06 20:24 - 2014-10-16 20:37 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-06 20:24 - 2014-10-06 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-06 20:19 - 2014-10-16 20:37 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-06 20:19 - 2014-10-16 19:25 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-06 20:19 - 2014-10-06 20:28 - 00000000 ____D () C:\Users\mile\AppData\Local\Google
2014-10-06 20:19 - 2014-10-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-06 20:19 - 2014-10-06 20:19 - 00895120 _____ (Google Inc.) C:\Users\mile\Downloads\googleupdatesetup.exe
2014-10-06 20:19 - 2014-10-06 20:19 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-06 20:19 - 2014-10-06 20:19 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-05 18:25 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\mile\AppData\Local\Daedalic Entertainment
2014-10-05 12:03 - 2014-10-05 19:49 - 00015563 _____ () C:\Users\mile\Desktop\schreiben huk-coburg.odt
2014-09-30 20:22 - 2014-09-30 20:23 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-09-30 20:22 - 2014-09-30 20:22 - 00000778 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-09-30 20:22 - 2014-09-30 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-09-30 20:22 - 2014-06-10 15:44 - 07717984 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-09-30 20:22 - 2014-06-10 15:44 - 00490080 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-30 20:22 - 2014-06-10 15:44 - 00092768 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-30 20:21 - 2014-09-30 20:22 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-09-30 20:21 - 2014-09-30 20:21 - 00000000 ____D () C:\Users\mile\AppData\Roaming\Check Point Software Technologies LTD
2014-09-30 20:21 - 2014-09-30 20:21 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD
2014-09-30 20:20 - 2014-09-30 20:20 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-09-30 19:01 - 2014-09-30 19:01 - 00001986 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-30 19:01 - 2014-09-30 19:01 - 00000000 ____D () C:\Users\mile\AppData\Roaming\AVAST Software
2014-09-30 19:01 - 2014-09-30 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-30 19:00 - 2014-09-30 19:01 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-30 19:00 - 2014-09-30 19:00 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-30 19:00 - 2014-09-30 19:00 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-30 19:00 - 2014-09-30 19:00 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-30 18:59 - 2014-09-30 18:59 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-30 18:57 - 2014-09-30 18:59 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-27 13:06 - 2014-10-05 19:58 - 00000000 ____D () C:\Users\mile\Desktop\Scans
2014-09-25 09:18 - 2014-09-25 09:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 18:26 - 2014-09-24 18:26 - 00003370 _____ () C:\Windows\System32\Tasks\{FBB99986-60A2-44C0-8CD6-DA48B0EE34D4}
2014-09-24 15:29 - 2014-09-24 15:29 - 00000000 ____D () C:\Users\mile\Documents\Telltale Games
2014-09-24 15:29 - 2014-09-24 15:29 - 00000000 ____D () C:\ProgramData\REVOLT
2014-09-22 21:56 - 2014-09-22 21:56 - 00000000 ____D () C:\ProgramData\Stardock
2014-09-21 13:06 - 2014-09-21 13:06 - 00000000 ____D () C:\Users\mile\AppData\Roaming\WebExtend
2014-09-21 13:05 - 2014-09-21 13:05 - 00004028 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-21 13:03 - 2014-10-16 14:12 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-21 13:03 - 2014-09-21 13:03 - 00000000 ____D () C:\Users\mile\AppData\Local\globalUpdate

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 20:42 - 2014-06-05 19:31 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2381112249-3170544233-3973733542-1001
2014-10-16 20:37 - 2014-08-03 17:27 - 00000000 ____D () C:\Users\mile\AppData\Roaming\BitTorrent Sync
2014-10-16 20:37 - 2014-06-05 19:30 - 00000000 __RDO () C:\Users\mile\OneDrive
2014-10-16 20:37 - 2014-03-07 19:28 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-10-16 20:05 - 2014-06-06 17:44 - 00000000 ____D () C:\Users\mile\AppData\Roaming\BitTorrent
2014-10-16 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-16 19:19 - 2014-06-13 20:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-16 19:02 - 2013-09-13 09:46 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-10-16 18:51 - 2014-06-05 19:31 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{128FAF8D-90C1-459B-9C03-C8E1F17A72A5}
2014-10-16 15:05 - 2014-02-27 17:28 - 00751874 _____ () C:\Windows\system32\perfh007.dat
2014-10-16 15:05 - 2014-02-27 17:28 - 00155350 _____ () C:\Windows\system32\perfc007.dat
2014-10-16 15:05 - 2013-09-12 13:00 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 15:01 - 2013-09-12 12:53 - 00132112 _____ () C:\Windows\PFRO.log
2014-10-16 15:01 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 15:01 - 2013-08-22 16:44 - 00381112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 15:00 - 2014-06-05 18:53 - 01802953 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 15:00 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-10-16 14:59 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-16 14:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-16 14:33 - 2014-07-20 11:33 - 00074240 ___SH () C:\Users\mile\Desktop\Thumbs.db
2014-10-16 14:32 - 2013-08-22 15:25 - 00000128 _____ () C:\Windows\win.ini
2014-10-15 10:03 - 2014-03-19 14:32 - 00000000 ____D () C:\Program Files (x86)\PHotkey
2014-10-14 16:02 - 2014-06-21 09:04 - 00000000 _____ () C:\END
2014-10-08 14:35 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\tracing
2014-10-05 13:03 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-02 12:37 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-30 19:26 - 2014-06-08 17:23 - 00001155 _____ () C:\Users\mile\Desktop\Mozillla Firefox.lnk
2014-09-30 19:26 - 2014-06-08 17:23 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-30 18:40 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-29 21:12 - 2014-06-08 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-22 21:56 - 2014-06-28 10:33 - 00000000 ____D () C:\Users\mile\Documents\My Games
2014-09-22 21:54 - 2013-09-13 09:14 - 00398922 _____ () C:\Windows\DirectX.log
2014-09-22 21:53 - 2014-03-17 04:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-21 13:04 - 2014-06-05 19:25 - 00001680 _____ () C:\Users\mile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-21 13:04 - 2014-03-07 19:34 - 00002667 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2014-09-21 13:04 - 2014-03-07 19:34 - 00002659 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2014-09-18 16:39 - 2014-09-04 11:16 - 00000000 ____D () C:\Users\mile\AppData\Roaming\HpUpdate
2014-09-16 22:30 - 2014-08-02 20:40 - 00001207 _____ () C:\Windows\setupact.log
2014-09-16 22:28 - 2013-08-22 22:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\setup
2014-09-16 22:28 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\oobe

Some content of TEMP:
====================
C:\Users\mile\AppData\Local\Temp\BRSVC_14373562_hlp.exe
C:\Users\mile\AppData\Local\Temp\_isFA16.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-13 16:15

==================== End Of Log ============================
         
--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by mile at 2014-10-16 20:43:50
Running from C:\Users\mile\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.3.109 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Home Cinema 10 (x32 Version: 10.3025 - CyberLink Corp.) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.0.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3807_46074 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 4 (x32 Version: 4.0.4317.0 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.3202 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (Version: 11.0.0.3714 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.5426.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.0.3725a - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2527 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2527 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (x32 Version: 5.0.3318.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{6D7FCC52-8DDA-441C-849A-4BB7C7E3BF2E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM-x32\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel(R) PRO/Wireless Driver (Version: 16.08.0000.1031 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3366 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1050 - Intel Corporation) Hidden
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.14 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eff1d9d1-41fa-49ef-a986-082bfe49c293}) (Version: 16.8.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.00 - Electronic Arts, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0101 - Pegatron Corporation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{E1949FF0-9835-41AC-81E4-E6D9CDCBE49E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
ZoneAlarm Antivirus (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKCU\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar  (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-10-2014 17:01:20 Removed Medieval II Total War

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-10-16 14:33 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01D9FC2B-65FA-47A9-9151-BB3A4CDF1ED2} - System32\Tasks\Lenovo\sysrun-29800 => C:\Users\ADMINI~1\AppData\Local\Temp\sysrun-29800.cmd <==== ATTENTION
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CD66C91-6B50-4394-A2CA-97F4480BCF1F} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {1145EDD0-FE43-4493-9DAA-23D730B2F70B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21744C6E-6B83-4166-8F25-4251ED905CA7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {26BDF6EE-04EB-4327-852A-32214EA4B1C0} - System32\Tasks\Lenovo\sysrun-20011 => C:\Users\mile\AppData\Local\Temp\sysrun-20011.cmd <==== ATTENTION
Task: {2BE9E703-6413-4390-BC08-E31AD0E0985C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {40FEA8A6-21F2-4181-AA9F-EC0A18021966} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {4406570E-9362-4E51-8E09-16D72D0B4649} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-30] (AVAST Software)
Task: {4642F576-7AF3-4B79-BC5C-B60AE1CA3E71} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-12] (Microsoft Corporation)
Task: {4954CC36-222B-41F7-9183-479B0DD893E7} - System32\Tasks\Lenovo\sysrun-14492 => C:\Users\ADMINI~1\AppData\Local\Temp\sysrun-14492.cmd <==== ATTENTION
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4DB5C0CA-A5D7-4D69-9B11-D128C887520B} - System32\Tasks\Lenovo\sysrun-29100 => C:\Users\mile\AppData\Local\Temp\sysrun-29100.cmd <==== ATTENTION
Task: {55E964B8-DB4A-4DD5-8681-C30229948D84} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {57E69D00-4563-4990-B292-B4B27F9CF994} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-09-09] (Dolby Laboratories Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6EFE1CBC-D85A-45AA-B3B9-D54C8390AC44} - System32\Tasks\Lenovo\sysrun-15256 => C:\Users\ADMINI~1\AppData\Local\Temp\sysrun-15256.cmd <==== ATTENTION
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7DE691AD-7C7C-46C5-9E1D-A6164ECA5C5D} - System32\Tasks\Lenovo\sysrun-24769 => C:\Users\ADMINI~1\AppData\Local\Temp\sysrun-24769.cmd <==== ATTENTION
Task: {820F46D4-D0BC-4808-941F-0A02AA4A897A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {984E3980-0718-4A77-9B34-3CD856F575D9} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {ADD56166-00FD-4DFD-9482-036D259A7D3E} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {BC8CE08F-8386-4D9C-8D4E-B6CCE8411325} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E29D9353-9844-405B-9D5E-F4B6E5747776} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EBB951BA-B4D4-4076-A35A-33416A5FA260} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {FA71E760-D2CA-47AE-8E2A-E0ACE66580C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-24 05:51 - 2014-03-04 18:58 - 00136192 _____ () C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe
2014-07-20 20:36 - 2014-07-20 20:58 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-27 18:13 - 2013-03-06 16:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-03-24 05:51 - 2014-03-14 18:41 - 02219520 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2014-03-24 05:51 - 2010-01-12 19:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2014-09-10 11:12 - 2014-09-10 11:12 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-03-24 05:51 - 2010-12-17 16:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2014-03-24 05:51 - 2010-01-12 19:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2013-09-09 15:13 - 2013-09-09 15:13 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-03-24 05:51 - 2014-03-22 15:09 - 02381312 _____ () C:\Program Files (x86)\PHotkey\KeyboardMonitorTool.exe
2014-03-24 05:51 - 2014-03-18 23:54 - 05644800 _____ () C:\Program Files (x86)\PHotkey\Dolbyosd.exe
2014-09-30 19:00 - 2014-09-30 19:00 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-16 10:26 - 2014-10-16 10:26 - 02874368 _____ () C:\Program Files\AVAST Software\Avast\defs\14101506\algo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-24 05:51 - 2009-12-18 17:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2014-03-24 05:51 - 2013-09-18 01:23 - 00108032 _____ () C:\Program Files (x86)\PHotkey\PGFNEX.dll
2014-09-25 09:18 - 2014-09-25 09:18 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-27 18:12 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-09-30 19:00 - 2014-09-30 19:00 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\mile\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKCU\...\StartupApproved\Run: => "EADM"
HKCU\...\StartupApproved\Run: => "Steam"

========================= Accounts: ==========================

Administrator (S-1-5-21-2381112249-3170544233-3973733542-500 - Administrator - Disabled)
Gast (S-1-5-21-2381112249-3170544233-3973733542-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2381112249-3170544233-3973733542-1003 - Limited - Enabled)
mile (S-1-5-21-2381112249-3170544233-3973733542-1001 - Administrator - Enabled) => C:\Users\mile

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2014 06:48:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CLMSServer.exe, Version: 2.0.0.8731, Zeitstempel: 0x4d9440c5
Name des fehlerhaften Moduls: CLMediaServer.dll, Version: 2.0.0.8731, Zeitstempel: 0x4d94405f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000111e8
ID des fehlerhaften Prozesses: 0x5c0
Startzeit der fehlerhaften Anwendung: 0xCLMSServer.exe0
Pfad der fehlerhaften Anwendung: CLMSServer.exe1
Pfad des fehlerhaften Moduls: CLMSServer.exe2
Berichtskennung: CLMSServer.exe3
Vollständiger Name des fehlerhaften Pakets: CLMSServer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CLMSServer.exe5

Error: (10/16/2014 02:51:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WOHNZIMMER)
Description: Bei der Aktivierung der App „winstore_cw5n1h2txyewy!Windows.Store“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageModificationEvent" zu registrieren, deren Zielklasse "MSFT_StorageModificationEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageDepartureEvent" zu registrieren, deren Zielklasse "MSFT_StorageDepartureEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageArrivalEvent" zu registrieren, deren Zielklasse "MSFT_StorageArrivalEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageAlertEvent" zu registrieren, deren Zielklasse "MSFT_StorageAlertEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from MSFT_StorageModificationEvent" zu registrieren, deren Zielklasse "MSFT_StorageModificationEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from MSFT_StorageDepartureEvent" zu registrieren, deren Zielklasse "MSFT_StorageDepartureEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from MSFT_StorageArrivalEvent" zu registrieren, deren Zielklasse "MSFT_StorageArrivalEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from MSFT_StorageAlertEvent" zu registrieren, deren Zielklasse "MSFT_StorageAlertEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.


System errors:
=============
Error: (10/16/2014 06:49:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 10 MS Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/16/2014 03:01:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (10/16/2014 03:00:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062

Error: (10/16/2014 03:00:35 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (10/16/2014 03:00:34 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (10/16/2014 02:43:14 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (10/16/2014 02:43:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (10/16/2014 02:33:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (10/16/2014 02:31:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (10/16/2014 02:30:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5


Microsoft Office Sessions:
=========================
Error: (10/16/2014 06:48:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CLMSServer.exe2.0.0.87314d9440c5CLMediaServer.dll2.0.0.87314d94405fc0000005000111e85c001cfe9414b20bd7aC:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exeC:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMediaServer.dll5302c973-5554-11e4-82db-a088694b1bb1

Error: (10/16/2014 02:51:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WOHNZIMMER)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927151

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: StorageWMIselect * from MSFT_StorageModificationEventMSFT_StorageModificationEvent//./root/Microsoft/Windows/Storage

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: StorageWMIselect * from MSFT_StorageDepartureEventMSFT_StorageDepartureEvent//./root/Microsoft/Windows/Storage

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: StorageWMIselect * from MSFT_StorageArrivalEventMSFT_StorageArrivalEvent//./root/Microsoft/Windows/Storage

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: StorageWMIselect * from MSFT_StorageAlertEventMSFT_StorageAlertEvent//./root/Microsoft/Windows/Storage

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: select * from MSFT_StorageModificationEventMSFT_StorageModificationEvent//./root/Microsoft/Windows/Storage

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: select * from MSFT_StorageDepartureEventMSFT_StorageDepartureEvent//./root/Microsoft/Windows/Storage

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: select * from MSFT_StorageArrivalEventMSFT_StorageArrivalEvent//./root/Microsoft/Windows/Storage

Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: select * from MSFT_StorageAlertEventMSFT_StorageAlertEvent//./root/Microsoft/Windows/Storage


CodeIntegrity Errors:
===================================
  Date: 2014-10-16 15:01:32.040
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz
Percentage of memory in use: 47%
Total physical RAM: 3986.59 MB
Available physical RAM: 2108.49 MB
Total Pagefile: 4690.59 MB
Available Pagefile: 2690.04 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:56.53 GB) (Free:13.69 GB) NTFS
Drive d: (Data) (Fixed) (Total:405 GB) (Free:369.66 GB) NTFS
Drive e: (Recover) (Fixed) (Total:60.76 GB) (Free:45.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 357EA403)
Partition 1: (Not Active) - (Size=405 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 58.3 GB) (Disk ID: A53D5356)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 17.10.2014, 20:13   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Habe mir wohl etwas eingefangen.... - Standard

Habe mir wohl etwas eingefangen....



MBAM updaten, neu scannen, Funde löschen.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.10.2014, 09:32   #5
stojan87
 
Habe mir wohl etwas eingefangen.... - Standard

Habe mir wohl etwas eingefangen....



Code:
ATTFilter
# AdwCleaner v4.000 - Bericht erstellt am 18/10/2014 um 09:14:02
# DB v2014-10-17.9
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : mile - WOHNZIMMER
# Gestartet von : C:\Users\mile\Downloads\AdwCleaner_4.000.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Users\mile\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\mile\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\mile\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\mile\AppData\Roaming\WebExtend
Ordner Gelöscht : C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\Extensions\ffxtlbr@zonealarm.com
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\searchplugins\zonealarm.xml
Datei Gelöscht : C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\user.js

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
Verknüpfung Desinfiziert : C:\Users\mile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\mile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332215}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655335515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666336615}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644334415}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331115}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332215}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655335515}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666336615}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331115}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17278

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v32.0.3 (x86 de)

[ih8apug2.default] - Zeile gelöscht : user_pref("extensions.a43f13f31cec74ac7ad4a18dfdaeae120gmailcom63315.63315.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[ih8apug2.default] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[ih8apug2.default] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v37.0.2062.124


*************************

AdwCleaner[R0].txt - [11313 octets] - [18/10/2014 09:08:55]
AdwCleaner[S0].txt - [11135 octets] - [18/10/2014 09:14:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11196 octets] ##########
         

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 8.1 x64
Ran by mile on 18.10.2014 at  9:19:21,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\mile\AppData\Roaming\mozilla\firefox\profiles\ih8apug2.default\prefs.js

user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=59d7a05182ae49d28a8bf185232a6b82&tu=10G9z00GB1D30q0&sku=&ts
Emptied folder: C:\Users\mile\AppData\Roaming\mozilla\firefox\profiles\ih8apug2.default\minidumps [25 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.10.2014 at  9:27:21,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by mile (administrator) on WOHNZIMMER on 18-10-2014 09:29:45
Running from C:\Users\mile\Downloads
Loaded Profile: mile (Available profiles: mile & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\PHotkey\KeyboardMonitorTool.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\PHotkey\Dolbyosd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-30] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\Run: [Steam] => D:\Deus Ex\Steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-08-30] (Electronic Arts)
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\Run: [BitTorrent Sync] => C:\Program Files (x86)\BitTorrent Sync\BTSync.exe [3025512 2014-08-03] (BitTorrent, Inc.)
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\MountPoints2: {7259114e-fefa-11e3-82b7-a088694b1bb1} - "G:\Setup.exe" 
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\MountPoints2: {ea412ba8-1b09-11e4-82bc-a088694b1bb1} - "F:\Launch.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {0DED61CF-1520-4CCC-A1CC-673981B1D725} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: about:home
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-30]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-06]
CHR Extension: (Google Docs) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-06]
CHR Extension: (Google Drive) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-06]
CHR Extension: (YouTube) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-06]
CHR Extension: (TheHDvid-Codec V10) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-06]
CHR Extension: (Google-Suche) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-06]
CHR Extension: (Google Tabellen) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-06]
CHR Extension: (avast! Online Security) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-06]
CHR Extension: (Google Wallet) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-06]
CHR Extension: (Google Mail) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-30] (AVAST Software)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 PGFNEXSrv; C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe [136192 2014-03-04] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-20] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-30] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-30] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-08-03] (Disc Soft Ltd)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-01-22] (Intel Corporation)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2014-06-10] (Kaspersky Lab)
U5 klif; C:\Windows\System32\Drivers\klif.sys [490080 2014-06-10] (Kaspersky Lab ZAO)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3609568 2013-12-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                           )
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [32024 2013-10-04] (Intel Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450456 2014-07-23] (Check Point Software Technologies Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\UBIOS\amifldrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 09:27 - 2014-10-18 09:27 - 00001841 _____ () C:\Users\mile\Desktop\JRT.txt
2014-10-18 09:19 - 2014-10-18 09:19 - 00000000 ____D () C:\Windows\ERUNT
2014-10-18 09:17 - 2014-10-18 09:18 - 01705698 _____ (Thisisu) C:\Users\mile\Downloads\JRT.exe
2014-10-18 09:16 - 2014-10-18 09:16 - 00011309 _____ () C:\Users\mile\Desktop\AdwCleaner[S0].txt
2014-10-18 09:08 - 2014-10-18 09:14 - 00000000 ____D () C:\AdwCleaner
2014-10-18 02:16 - 2014-10-18 02:16 - 01976320 _____ () C:\Users\mile\Downloads\AdwCleaner_4.000.exe
2014-10-16 20:43 - 2014-10-16 20:44 - 00034921 _____ () C:\Users\mile\Downloads\Addition.txt
2014-10-16 20:41 - 2014-10-18 09:29 - 00018205 _____ () C:\Users\mile\Downloads\FRST.txt
2014-10-16 20:41 - 2014-10-18 09:29 - 00000000 ____D () C:\FRST
2014-10-16 20:39 - 2014-10-16 20:40 - 02112000 _____ (Farbar) C:\Users\mile\Downloads\FRST64.exe
2014-10-16 14:13 - 2014-10-16 14:13 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WOHNZIMMER-Microsoft-Windows-8.1-(64-bit).dat
2014-10-16 14:13 - 2014-10-16 14:13 - 00000000 ____D () C:\RegBackup
2014-10-16 13:26 - 2014-10-16 13:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 13:26 - 2014-10-16 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-16 13:26 - 2014-10-16 13:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-16 13:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-16 13:26 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-16 11:59 - 2014-10-16 13:26 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-16 11:59 - 2014-10-16 13:26 - 00000000 ____D () C:\Users\mile\AppData\Roaming\Malwarebytes
2014-10-16 11:59 - 2014-10-16 13:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 11:59 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-16 10:25 - 2014-10-16 10:27 - 00000000 ____D () C:\Users\mile\Downloads\Tweaking.com - Windows Repair
2014-10-16 10:19 - 2014-10-16 10:25 - 03836936 _____ (Piriform Ltd) C:\Users\mile\Downloads\ccsetup418_slim.exe
2014-10-14 16:03 - 2014-10-14 16:03 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-10-14 16:03 - 2014-10-14 16:03 - 00000000 ____D () C:\Users\mile\AppData\Local\SWTORPerf
2014-10-14 16:02 - 2014-10-14 16:02 - 00019636 _____ () C:\Users\mile\Documents\Install STAR WARS The Old Republic.log
2014-10-14 16:02 - 2014-10-14 16:02 - 00000664 _____ () C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2014-10-14 16:02 - 2014-10-14 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2014-10-14 15:48 - 2014-10-14 16:01 - 29720272 _____ () C:\Users\mile\Downloads\SWTOR_setup.exe
2014-10-06 20:28 - 2014-10-06 20:28 - 00002236 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-10-06 20:28 - 2014-10-06 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-10-06 20:24 - 2014-10-18 09:17 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-06 20:24 - 2014-10-06 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-06 20:19 - 2014-10-18 09:30 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-06 20:19 - 2014-10-18 09:30 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-06 20:19 - 2014-10-18 09:25 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-06 20:19 - 2014-10-18 09:25 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-06 20:19 - 2014-10-06 20:28 - 00000000 ____D () C:\Users\mile\AppData\Local\Google
2014-10-06 20:19 - 2014-10-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-06 20:19 - 2014-10-06 20:19 - 00895120 _____ (Google Inc.) C:\Users\mile\Downloads\googleupdatesetup.exe
2014-10-05 18:25 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\mile\AppData\Local\Daedalic Entertainment
2014-10-05 12:03 - 2014-10-05 19:49 - 00015563 _____ () C:\Users\mile\Desktop\schreiben huk-coburg.odt
2014-09-30 20:22 - 2014-09-30 20:23 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-09-30 20:22 - 2014-09-30 20:22 - 00000778 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-09-30 20:22 - 2014-09-30 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-09-30 20:22 - 2014-06-10 15:44 - 07717984 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-09-30 20:22 - 2014-06-10 15:44 - 00490080 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-30 20:22 - 2014-06-10 15:44 - 00092768 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-30 20:21 - 2014-09-30 20:22 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-09-30 20:21 - 2014-09-30 20:21 - 00000000 ____D () C:\Users\mile\AppData\Roaming\Check Point Software Technologies LTD
2014-09-30 20:21 - 2014-09-30 20:21 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD
2014-09-30 20:20 - 2014-09-30 20:20 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-09-30 19:01 - 2014-09-30 19:01 - 00001986 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-30 19:01 - 2014-09-30 19:01 - 00000000 ____D () C:\Users\mile\AppData\Roaming\AVAST Software
2014-09-30 19:01 - 2014-09-30 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-30 19:00 - 2014-09-30 19:01 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-30 19:00 - 2014-09-30 19:00 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-30 19:00 - 2014-09-30 19:00 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-30 19:00 - 2014-09-30 19:00 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-30 18:59 - 2014-09-30 18:59 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-30 18:57 - 2014-09-30 18:59 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-27 13:06 - 2014-10-05 19:58 - 00000000 ____D () C:\Users\mile\Desktop\Scans
2014-09-25 09:18 - 2014-09-25 09:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 18:26 - 2014-09-24 18:26 - 00003370 _____ () C:\Windows\System32\Tasks\{FBB99986-60A2-44C0-8CD6-DA48B0EE34D4}
2014-09-24 15:29 - 2014-09-24 15:29 - 00000000 ____D () C:\Users\mile\Documents\Telltale Games
2014-09-24 15:29 - 2014-09-24 15:29 - 00000000 ____D () C:\ProgramData\REVOLT
2014-09-22 21:56 - 2014-09-22 21:56 - 00000000 ____D () C:\ProgramData\Stardock

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 09:27 - 2014-06-05 19:31 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2381112249-3170544233-3973733542-1001
2014-10-18 09:20 - 2014-02-27 17:28 - 00751874 _____ () C:\Windows\system32\perfh007.dat
2014-10-18 09:20 - 2014-02-27 17:28 - 00155350 _____ () C:\Windows\system32\perfc007.dat
2014-10-18 09:20 - 2013-09-12 13:00 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-18 09:19 - 2014-06-13 20:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-18 09:18 - 2014-08-03 17:27 - 00000000 ____D () C:\Users\mile\AppData\Roaming\BitTorrent Sync
2014-10-18 09:16 - 2014-03-07 19:28 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-10-18 09:16 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-18 09:15 - 2014-06-05 19:30 - 00000000 __RDO () C:\Users\mile\OneDrive
2014-10-18 09:15 - 2013-09-12 12:53 - 00132900 _____ () C:\Windows\PFRO.log
2014-10-18 09:15 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-18 09:15 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-10-18 09:14 - 2014-06-05 19:25 - 00001009 _____ () C:\Users\mile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-18 09:14 - 2014-06-05 18:53 - 01107061 _____ () C:\Windows\WindowsUpdate.log
2014-10-18 09:14 - 2014-03-07 19:34 - 00001124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2014-10-18 09:14 - 2014-03-07 19:34 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2014-10-18 09:09 - 2014-06-05 19:31 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{128FAF8D-90C1-459B-9C03-C8E1F17A72A5}
2014-10-18 09:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-16 23:15 - 2014-06-06 17:44 - 00000000 ____D () C:\Users\mile\AppData\Roaming\BitTorrent
2014-10-16 19:02 - 2013-09-13 09:46 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-10-16 15:01 - 2013-08-22 16:44 - 00381112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 14:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-16 14:33 - 2014-07-20 11:33 - 00074240 ___SH () C:\Users\mile\Desktop\Thumbs.db
2014-10-16 14:32 - 2013-08-22 15:25 - 00000128 _____ () C:\Windows\win.ini
2014-10-15 10:03 - 2014-03-19 14:32 - 00000000 ____D () C:\Program Files (x86)\PHotkey
2014-10-08 14:35 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\tracing
2014-10-05 13:03 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-02 12:37 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-30 19:26 - 2014-06-08 17:23 - 00001155 _____ () C:\Users\mile\Desktop\Mozillla Firefox.lnk
2014-09-30 19:26 - 2014-06-08 17:23 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-30 18:40 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-29 21:12 - 2014-06-08 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-22 21:56 - 2014-06-28 10:33 - 00000000 ____D () C:\Users\mile\Documents\My Games
2014-09-22 21:54 - 2013-09-13 09:14 - 00398922 _____ () C:\Windows\DirectX.log
2014-09-22 21:53 - 2014-03-17 04:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-18 16:39 - 2014-09-04 11:16 - 00000000 ____D () C:\Users\mile\AppData\Roaming\HpUpdate

Some content of TEMP:
====================
C:\Users\mile\AppData\Local\Temp\BRSVC_14373562_hlp.exe
C:\Users\mile\AppData\Local\Temp\Quarantine.exe
C:\Users\mile\AppData\Local\Temp\sqlite3.dll
C:\Users\mile\AppData\Local\Temp\_isFA16.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-13 16:15

==================== End Of Log ============================
         
--- --- ---


Alt 18.10.2014, 17:12   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Habe mir wohl etwas eingefangen.... - Standard

Habe mir wohl etwas eingefangen....




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Habe mir wohl etwas eingefangen....

Alt 18.10.2014, 19:02   #7
stojan87
 
Habe mir wohl etwas eingefangen.... - Standard

Habe mir wohl etwas eingefangen....



Danke. Muss die letzten beiden Schritte noch ausführen. (Eset Online Scanner und Security Check)

Meine Internetgeschwindigkeit ist seit einiger Zeit leider sehr langsam.
Da hat sich noch nichts geändert :-(

Der Eset Online-Scanner meldet jetzt zum dritten mal Unerwarteter Fehler 2002 beim Herunterladen der Signaturendatenbank.

Geändert von stojan87 (18.10.2014 um 19:02 Uhr)

Alt 19.10.2014, 09:51   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Habe mir wohl etwas eingefangen.... - Standard

Habe mir wohl etwas eingefangen....



Lass ESET weg und mach nen Vollscan mit deinem AV Programm.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Habe mir wohl etwas eingefangen....
antivirus, avast, avast free antivirus, befall, entferne, entfernen, ergebnis, free, komplett, malewarebytes, malewarebytes anti-maleware, stelle, system, versuch, versucht, virenfrei



Ähnliche Themen: Habe mir wohl etwas eingefangen....


  1. Ich glaube ich habe mir etwas unerwünschtes eingefangen
    Plagegeister aller Art und deren Bekämpfung - 28.10.2013 (7)
  2. Programmfenster und Desktop Flackern.. Habe ich mir etwas eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (3)
  3. Habe mir wohl was eingefangen und bekomme es nicht in den Griff
    Log-Analyse und Auswertung - 14.06.2013 (27)
  4. Habe mir wohl was eingefangen! wssetup.exe Perion Network Ltd.
    Plagegeister aller Art und deren Bekämpfung - 06.06.2013 (15)
  5. Trojaner.Agent: Ich habe mir wohl etwas eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (34)
  6. Eine wohl etwas ungewöhnliche Anfrage
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (1)
  7. http://siloviki.de/sell/petrush.html - habe ich hier etwas eingefangen und wenn ja, was tun?
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (1)
  8. Habe mir etwas eingefangen, anbei HIJACK
    Diskussionsforum - 11.05.2010 (1)
  9. Habe ich mir etwas eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 27.12.2009 (2)
  10. Habe mir wohl was eingefangen
    Log-Analyse und Auswertung - 06.01.2009 (15)
  11. habe wohl trojaner eingefangen
    Log-Analyse und Auswertung - 24.10.2008 (6)
  12. Was habe ich mir wohl eingefangen?
    Log-Analyse und Auswertung - 04.05.2008 (5)
  13. Hmm scheint wohl doch etwas häftig
    Mülltonne - 11.12.2007 (0)
  14. Hilfe ich habe mir etwas eingefangen
    Log-Analyse und Auswertung - 08.06.2005 (3)
  15. Hilfe ich habe mir etwas eingefangen
    Mülltonne - 08.06.2005 (1)
  16. Verdacht, daß ich mir etwas eingefangen habe...
    Log-Analyse und Auswertung - 12.12.2004 (19)
  17. Hife habe mir wohl einen trojaner eingefangen
    Log-Analyse und Auswertung - 18.10.2004 (5)

Zum Thema Habe mir wohl etwas eingefangen.... - Malewarebytes Anti-Maleware und Avast free Antivirus haben Befall bei mir gemeldet. Ich habe versucht alles zu entfernen, das Ergebnis ist jedoch nicht zufrieden stellend. Ich wäre froh wenn mir jemand - Habe mir wohl etwas eingefangen.......
Archiv
Du betrachtest: Habe mir wohl etwas eingefangen.... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.