Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.11.2014, 16:19   #1
Hoshi82
 
Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint



Habe vor 3 Tagen beide Viren gehabt und mit Maleware und MS Essential zig mal gescannt. Sogar mit MS Defender Offline BootCD erstellt und gescannt. Danach schien alles gut und keine Meldung, bis vor 30min wieder die Beiden Viren aufgetaucht sind. Den Backdoor konnt ich bennenen, wie der Trojaner genau hieß weiß ich nicht mehr, weil ich aus Schreck direkt die Datei gelöscht habe. Auf jeden Fall erstellt er einen Ordner unter Benutzer/Appdata/Local und dann mit dem Namen Abcsworks. Da ist dan eine Datei drin die irgendwas mit Tmp....exe heißt. Die nistet sich auch in den Autostart von Windows ein, wie ich mit msconfig feststellen konnte.
Was machen die und vorallem, wie werde ich die wieder los?

edit:
Habe den Dateinamen gefunden. tmpE82C.exe, wobei sich die letzten vier Zeichen immer ändern...
Die tauchen auch immer in C:\ProgramData\Microsoft\Secure\Icons\temp auf.

Geändert von Hoshi82 (16.11.2014 um 16:27 Uhr)

Alt 16.11.2014, 17:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 16.11.2014, 17:31   #3
Hoshi82
 
Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 02
Ran by Hoshi (administrator) on HOSHI-PC on 16-11-2014 17:26:07
Running from C:\Users\Hoshi\Desktop
Loaded Profile: Hoshi (Available profiles: Hoshi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(LogMeIn Inc.) D:\Programme\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Programme\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(LogMeIn Inc.) D:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Programme\LogMeIn Hamachi\LMIGuardianSvc.exe
() D:\Programme\Logitech\Webcam\Logitech WebCam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Skype Technologies S.A.) D:\Programme\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) D:\Games\Steam\Steam.exe
(Valve Corporation) D:\Games\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Games\Steam\bin\steamwebhelper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-28] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => D:\Programme\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => D:\Programme\Logitech\Webcam\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-11-16] (AVAST Software)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\MountPoints2: {7d065e4c-ac74-11e3-b6cb-806e6f6e6963} - F:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
BootExecute: autocheck autochk * aswBoot.exe /M:14dae1ee8 /wow /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x08EF7E644940CF01
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "autoconfig_url", "hxxp://63.149.98.54/"
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.gopher", ""
FF NetworkProxy: "backup.gopher_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "185.49.15.25"
FF NetworkProxy: "ftp_port", 7808
FF NetworkProxy: "gopher", "83.231.136.9"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "185.49.15.25"
FF NetworkProxy: "http_port", 7808
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "185.49.15.25"
FF NetworkProxy: "socks_port", 7808
FF NetworkProxy: "ssl", "185.49.15.25"
FF NetworkProxy: "ssl_port", 7808
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1299527896-1211748070-1707534253-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hoshi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\searchplugins\winamp-search.xml
FF Extension: Разпознаване на устройство Logitech - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\DeviceDetection@logitech.com [2014-03-15]
FF Extension: CamSpace plugin for Firefox - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\firefox-plugin@camspace.com [2014-03-15]
FF Extension: Better Battlelog (BBLog) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\jid1-qQSMEVsYTOjgYA@jetpack [2014-11-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-03-15]
FF Extension: ChatZilla - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2014-10-04]
FF Extension: DownloadHelper - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-03-15]
FF Extension: MEGA - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\firefox@mega.co.nz.xpi [2014-08-03]
FF Extension: FireNes - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\firenes@facundo.zaldo.xpi [2014-03-15]
FF Extension: Personas Plus - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\personas@christopher.beard.xpi [2014-03-15]
FF Extension: Stealthy - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\stealthyextension@gmail.com.xpi [2014-03-15]
FF Extension: Adblock Plus - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-15]
FF Extension: Greasemonkey - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-16]
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-16]
FF Extension: No Name - {B64D9B05-48E1-4CEB-BF58-E0643994E900} [Not Found]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-11-13] (Adobe Systems Incorporated) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-16] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-16] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-19] () [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
R2 Hamachi2Svc; D:\Programme\LogMeIn Hamachi\hamachi-2.exe [2530128 2014-11-03] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [1900400 2014-11-09] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-09-14] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-10-24] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-16] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-16] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-16] ()
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-20] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-11-16] (Avast Software)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 17:26 - 2014-11-16 17:26 - 00020991 _____ () C:\Users\Hoshi\Desktop\FRST.txt
2014-11-16 17:26 - 2014-11-16 17:26 - 00000000 ____D () C:\FRST
2014-11-16 17:25 - 2014-11-16 17:25 - 02117120 _____ (Farbar) C:\Users\Hoshi\Desktop\FRST64.exe
2014-11-16 16:26 - 2014-11-16 16:27 - 00000247 _____ () C:\Windows\system32\2014-11-16-15-26-37.096-aswFe.exe-9064.log
2014-11-16 16:17 - 2014-11-16 16:17 - 00000197 _____ () C:\Windows\system32\2014-11-16-15-17-36.037-AvastVBoxSVC.exe-6292.log
2014-11-16 16:15 - 2014-11-16 16:16 - 00000247 _____ () C:\Windows\system32\2014-11-16-15-15-26.018-aswFe.exe-6888.log
2014-11-16 16:13 - 2014-11-16 16:17 - 00000197 _____ () C:\Windows\system32\2014-11-16-15-13-24.029-AvastVBoxSVC.exe-1804.log
2014-11-16 16:11 - 2014-11-16 16:13 - 00000247 _____ () C:\Windows\system32\2014-11-16-15-11-40.002-aswFe.exe-8476.log
2014-11-16 16:10 - 2014-11-16 16:10 - 00000247 _____ () C:\Windows\system32\2014-11-16-15-10-04.094-aswFe.exe-9160.log
2014-11-16 16:10 - 2014-11-16 16:10 - 00000197 _____ () C:\Windows\system32\2014-11-16-15-10-04.011-AvastVBoxSVC.exe-7228.log
2014-11-16 16:09 - 2014-11-16 16:09 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 01049920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1416150558415
2014-11-16 16:09 - 2014-11-16 16:09 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-16 16:09 - 2014-11-16 16:09 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00082768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.1416150558415
2014-11-16 16:09 - 2014-11-16 16:09 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-16 16:09 - 2014-11-16 16:09 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-16 16:09 - 2014-11-16 16:09 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-16 16:09 - 2014-11-16 16:09 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-16 16:09 - 2014-11-16 16:09 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-16 16:09 - 2014-11-16 16:09 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\AVAST Software
2014-11-16 16:09 - 2014-11-16 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-16 16:08 - 2014-11-16 16:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-16 16:08 - 2014-11-16 16:08 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-16 16:02 - 2014-11-16 16:06 - 131078000 _____ (AVAST Software) C:\Users\Hoshi\Downloads\avast_free_antivirus_setup.exe
2014-11-16 11:49 - 2014-11-16 11:49 - 00020544 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-11-16 11:49 - 2014-11-16 11:49 - 00000010 _____ () C:\Windows\GSetup.ini
2014-11-15 01:52 - 2014-11-15 01:52 - 61935616 _____ () C:\Windows\system32\config\SOFTWARE4383c0db
2014-11-14 21:27 - 2014-11-14 21:27 - 00007823 _____ () C:\Users\Hoshi\Desktop\Maximus Arcade Registration Code.eml
2014-11-14 17:44 - 2014-11-14 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XML Viewer
2014-11-14 16:56 - 2014-11-14 16:56 - 00000000 ____D () C:\Windows\pss
2014-11-13 18:09 - 2014-11-13 18:09 - 00017513 _____ () C:\Windows\DirectX.log
2014-11-13 16:41 - 2014-11-16 15:53 - 00003676 _____ () C:\Windows\PFRO.log
2014-11-13 16:41 - 2014-11-16 15:53 - 00000538 _____ () C:\Windows\setupact.log
2014-11-13 16:41 - 2014-11-13 16:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-13 04:39 - 2014-11-15 01:38 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-11-12 19:19 - 2014-11-12 19:19 - 00896504 _____ (Microsoft Corporation) C:\Users\Hoshi\Downloads\mssstool64.exe
2014-11-11 20:32 - 2014-11-11 20:52 - 00000000 ____D () C:\ProgramData\Screaming Bee
2014-11-11 20:29 - 2014-11-16 16:56 - 00659898 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 19:53 - 2014-11-10 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 18:57 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-11-08 18:57 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-11-08 18:57 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-11-08 18:57 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-11-08 18:57 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-11-05 08:53 - 2014-11-05 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-11-01 17:04 - 2014-11-01 17:04 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-11-01 13:45 - 2014-11-01 13:45 - 00051204 _____ () C:\Users\Hoshi\Documents\cc_20141101_134505.reg
2014-10-31 17:44 - 2014-10-31 17:44 - 00000300 _____ () C:\Windows\game.ini
2014-10-31 17:39 - 2014-10-31 17:39 - 00000000 __SHD () C:\Windows\ftpcache
2014-10-31 15:31 - 2014-10-31 15:32 - 00000000 ____D () C:\Users\Hoshi\Desktop\BF Vietnam
2014-10-31 15:30 - 2014-10-31 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Vietnam
2014-10-31 12:27 - 2014-10-31 12:27 - 00774825 _____ () C:\Users\Hoshi\Downloads\steamcmd.zip
2014-10-29 17:36 - 2014-10-29 17:36 - 00000000 ____D () C:\Users\Hoshi\Documents\UnrealTournament
2014-10-25 08:58 - 2014-10-25 08:58 - 00135380 _____ () C:\Users\Hoshi\Documents\cc_20141025_095844.reg
2014-10-24 19:09 - 2014-10-24 19:09 - 01402920 _____ () C:\Users\Hoshi\Downloads\battlelog-web-plugins_2.5.1_149(1).exe
2014-10-21 15:43 - 2014-10-21 15:46 - 00000000 ____D () C:\Users\Hoshi\Documents\Assassin's Creed IV Black Flag
2014-10-20 18:23 - 2014-10-20 18:23 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\Rebellion
2014-10-20 18:17 - 2014-10-20 18:21 - 00000000 ____D () C:\Program Files (x86)\GalaxyClient
2014-10-20 18:17 - 2014-10-20 18:17 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\CrashRpt
2014-10-20 18:17 - 2014-10-20 18:17 - 00000000 ____D () C:\ProgramData\GalaxyClient
2014-10-19 17:13 - 2014-10-19 17:13 - 00004096 _____ () C:\Windows\d3dx.dat
2014-10-19 16:13 - 2014-10-19 16:13 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\WingsSaveData
2014-10-17 20:28 - 2014-10-17 20:28 - 01315331 _____ (Flawless Widescreen ) C:\Users\Hoshi\Downloads\fws_setup_x64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 17:10 - 2014-03-15 14:32 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\Skype
2014-11-16 16:57 - 2014-05-03 10:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-16 16:03 - 2014-06-26 17:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 16:01 - 2009-07-14 05:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-16 16:01 - 2009-07-14 05:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-16 16:00 - 2011-04-12 08:43 - 00711068 _____ () C:\Windows\system32\perfh007.dat
2014-11-16 16:00 - 2011-04-12 08:43 - 00155002 _____ () C:\Windows\system32\perfc007.dat
2014-11-16 16:00 - 2009-07-14 06:13 - 01653236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 15:53 - 2014-06-16 18:19 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-11-16 15:53 - 2014-03-15 15:19 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\LogMeIn Hamachi
2014-11-16 15:53 - 2014-03-15 13:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-16 15:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-16 15:52 - 2014-03-15 14:20 - 00000000 ____D () C:\ProgramData\Origin
2014-11-16 15:47 - 2014-03-15 15:33 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\UseNeXT
2014-11-16 12:47 - 2014-05-17 18:23 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-11-16 12:47 - 2014-03-15 15:03 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-11-16 12:46 - 2014-03-15 15:03 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-11-15 22:00 - 2014-08-01 21:49 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\FirestormOS_x64
2014-11-15 19:43 - 2014-08-28 18:45 - 00000224 _____ () C:\Users\Hoshi\BullseyeCoverageError.txt
2014-11-15 18:58 - 2014-03-19 19:22 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\vlc
2014-11-15 18:32 - 2014-04-16 21:43 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\Winamp
2014-11-14 18:24 - 2014-03-15 13:09 - 00000000 ____D () C:\Users\Hoshi
2014-11-14 17:48 - 2014-03-15 14:44 - 00000000 ___RD () C:\Users\Hoshi\Desktop\Games
2014-11-14 17:15 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-14 17:08 - 2014-05-11 09:47 - 00000000 ____D () C:\Windows\ulead.dat
2014-11-13 18:57 - 2014-03-15 14:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-13 18:57 - 2014-03-15 14:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 20:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web
2014-11-11 20:28 - 2014-03-19 17:23 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\uTorrent
2014-11-11 20:24 - 2014-06-26 17:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-11 20:24 - 2014-03-15 13:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-10 16:45 - 2014-03-15 14:32 - 00000000 ____D () C:\ProgramData\Skype
2014-11-08 18:52 - 2014-03-17 18:49 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\THQ
2014-11-07 15:21 - 2009-07-14 05:45 - 04996840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-05 20:48 - 2014-03-20 17:26 - 00000000 ____D () C:\Users\Hoshi\Documents\My Games
2014-11-05 08:53 - 2014-06-26 10:44 - 00000651 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-11-02 14:46 - 2014-05-11 11:10 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-02 09:26 - 2014-09-01 17:36 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\Adobe
2014-11-01 14:01 - 2014-03-16 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-11-01 13:45 - 2014-04-20 00:03 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\DAEMON Tools Lite
2014-11-01 01:08 - 2014-03-26 16:05 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-11-01 00:46 - 2014-05-03 12:53 - 00000000 ____D () C:\Users\Hoshi\Documents\Euro Truck Simulator 2
2014-10-31 17:45 - 2014-03-15 13:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-31 15:42 - 2014-04-20 00:08 - 00001225 _____ () C:\Windows\eReg.dat
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 13:33 - 2014-04-13 19:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-29 13:33 - 2014-04-13 19:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-26 13:45 - 2014-04-13 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-25 08:58 - 2014-03-15 20:03 - 00000000 ____D () C:\Windows\Panther
2014-10-24 19:15 - 2014-03-15 15:03 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-24 19:09 - 2014-03-15 15:03 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-10-24 16:23 - 2014-08-01 21:49 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\Firestorm_x64
2014-10-20 18:18 - 2014-03-15 15:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-19 11:51 - 2014-03-16 10:13 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\GOG.com

Some content of TEMP:
====================
C:\Users\Hoshi\AppData\Local\Temp\BullseyeCoverage-2-x86.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 13:32

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2014 02
Ran by Hoshi at 2014-11-16 17:26:23
Running from C:\Users\Hoshi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{151974E9-9B16-47DC-8B57-5684A1E42127}) (Version: 12.1.1.151 - Adobe Systems, Inc)
Alan Wake's American Nightmare (HKLM-x32\...\Steam App 202750) (Version:  - Remedy Entertainment)
Alien Shooter 2 Conscription (HKLM-x32\...\Steam App 211010) (Version:  - Sigma Team Inc.)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
Aliens vs Predator Classic 2000 (HKLM-x32\...\1207665883_is1) (Version: 2.0.0.21 - GOG.com)
Aliens: Colonial Marines (HKLM-x32\...\Steam App 49540) (Version:  - Gearbox Software)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Anna - Extended Edition (HKLM-x32\...\Steam App 217690) (Version:  - Dreampainters)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Bad Mojo Redux (HKLM-x32\...\Steam App 255960) (Version:  - Pulse Entertainment)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.15221 - Electronic Arts)
Battlefield Vietnam(TM) (HKLM-x32\...\{E35B3C63-E958-4E31-A178-95D22024109A}) (Version:  - )
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Bridge Constructor Medieval (HKLM-x32\...\Steam App 319850) (Version:  - ClockStone)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Juarez Gunslinger (HKLM-x32\...\Steam App 204450) (Version:  - Techland)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Castlevania: Lords of Shadow - Ultimate Edition (HKLM-x32\...\Steam App 234080) (Version:  - MercurySteam - Climax Studios)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Crusader No Remorse (HKLM-x32\...\Crusader No Remorse_is1) (Version:  - GOG.com)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Daylight (HKLM-x32\...\Steam App 230840) (Version:  - Zombie Studios)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version:  - Techland)
Defiance (HKLM-x32\...\Glyph Defiance) (Version:  - Trion Worlds, Inc.)
DeliPlayer (HKLM-x32\...\DeliPlayer2) (Version:  - )
Depths of Fear :: Knossos (HKLM-x32\...\Steam App 252570) (Version:  - Dirigo Games)
Desura (HKLM-x32\...\Desura) (Version: 100.57 - Desura)
Desura: CDF Ghostship (HKLM-x32\...\Desura_92470645882912) (Version: Alpha - shaunwilliams948)
Desura: Into the Dark (HKLM-x32\...\Desura_68886980460576) (Version: Full - Homegrown Games - a HRMC label)
Desura: The Mask Reveals Disgusting Face (HKLM-x32\...\Desura_126087354908704) (Version: Full - EZeddy)
DiRT 2 (HKLM-x32\...\Steam App 12840) (Version:  - Codemasters Racing Studio)
DivX Pro 6.8.0 VFW (HKLM-x32\...\divx650vfw_is1) (Version: 6.8.0.14 - )
DmC Devil May Cry (HKLM-x32\...\Steam App 220440) (Version:  - Ninja Theory)
DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version:  - id Software)
DreadOut (HKLM-x32\...\Steam App 269790) (Version:  - Digital Happiness)
Dream (HKLM-x32\...\Steam App 229580) (Version:  - HyperSloth)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DuckTales Remastered (HKLM-x32\...\Steam App 237630) (Version:  - WayForward)
Easy CD-DA Extractor Free 2010 (HKLM-x32\...\Easy CD-DA Extractor Free 2010) (Version: 2010.6 - Poikosoft)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
F.E.A.R. 2: Project Origin (HKLM-x32\...\Steam App 16450) (Version:  - Monolith)
F.E.A.R. 3 (HKLM-x32\...\Steam App 21100) (Version:  - Day 1 Studios)
FEAR (HKLM-x32\...\{2B653229-9854-4989-B780-D978F5F13EAB}) (Version: 1.00.0000 - Vivendi Universal Games, Inc.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42398 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{5b0b9787-398d-46f9-ab2c-4f0ad6671f84}) (Version: 4.6.42398 - Phoenix Firestorm Project Inc)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.16.327 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Galaxy Client (HKLM-x32\...\{D6D1DA54-531F-4FA0-B683-CE66ACE3543F}_is1) (Version: 0.1.0.456 - GOG.com)
Ghostbusters: The Video Game (HKLM-x32\...\Steam App 9870) (Version:  - Terminal Reality)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
gogprivateer2 (HKLM\...\{fabae1d6-0cd1-4944-9078-0ac253a089bb}.sdb) (Version:  - )
Gone Home (HKLM-x32\...\Steam App 232430) (Version:  - The Fullbright Company)
Gunpoint (HKLM-x32\...\Steam App 206190) (Version:  - Suspicious Developments)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Haunted Memories (HKLM-x32\...\Steam App 241640) (Version:  - MadMan Theory Games)
HeidiSQL (HKLM\...\HeidiSQL_is1) (Version:  - Ansgar Becker)
Hotline Miami (HKLM-x32\...\GOGPACKHOTLINEMIAMI_is1) (Version: 2.1.0.6 - GOG.com)
ICQ 8.2 (build 6901) (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\ICQ) (Version: 8.2.6901.0 - ICQ)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
In Verbis Virtus (HKLM-x32\...\Steam App 242840) (Version:  - Indomitus Games)
Insane 2 (HKLM-x32\...\Steam App 35320) (Version:  - Targem Games)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jets'n'Guns Gold (HKLM-x32\...\Steam App 262260) (Version:  - Rake in Grass)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
Logitech Gaming Software 8.52 (HKLM\...\Logitech Gaming Software) (Version: 8.52.15 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.266 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.266 - LogMeIn, Inc.) Hidden
Long Night (HKLM-x32\...\Steam App 270590) (Version:  - )
MAGIX Common Components 1 (HKLM-x32\...\{7A8B2204-574B-42A2-A3DC-52AE142D197F}) (Version: 1.2.0.0 - MAGIX AG)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Fonts Package 2 (x32 Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{2497E82C-98AE-494E-B155-52623C230EC6}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 (HKLM-x32\...\Steam App 265420) (Version:  - MAGIX Software GmbH)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\Steam App 235460) (Version:  - PlatinumGames)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version:  - NetherRealm Studios)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Need for Speed™ The Run (HKLM-x32\...\{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}) (Version: 1.1.0.0 - Electronic Arts)
Nero Burning ROM 2014 (HKLM-x32\...\{AB51F94A-8AA0-4F96-81B1-0446BA681083}) (Version: 15.0.02700 - Nero AG)
Neverending Nightmares (HKLM-x32\...\Steam App 253330) (Version:  - Infinitap Games)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version:  - Bugbear)
Nosferatu: The Wrath of Malachi (HKLM-x32\...\Steam App 283290) (Version:  - Idol FX)
NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version:  - Zen Studios)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Prey (HKLM-x32\...\Steam App 3970) (Version:  - Humanhead Studios)
Privateer 2 - The Darkening (HKLM-x32\...\GOGPACKPRIVATEER2_is1) (Version: 2.1.0.5 - GOG.com)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
PunkBuster for Battlefield Vietnam (HKLM-x32\...\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realms of the Haunting (HKLM-x32\...\Realms of the Haunting_is1) (Version:  - GOG.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.7.19.0 - Red Giant, LLC)
Resident Evil Revelations / Biohazard Revelations UE (HKLM-x32\...\Steam App 222480) (Version:  - Capcom)
Rise of the Triad (HKLM-x32\...\Steam App 217140) (Version:  - Interceptor Entertainment)
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version:  - Volition)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
Sherlock Holmes: The Awakened - Remastered (HKLM-x32\...\Steam App 11140) (Version:  - Frogwares)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
SlimDX Redistributable (June 2010) (HKLM-x32\...\{354D00E0-C7C9-4BC1-BC12-08C4977AA827}) (Version: 2.0.10.43 - SlimDX Group)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version:  - Sumo Digital)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - Yager)
Star Trek (HKLM-x32\...\Steam App 203250) (Version:  - Digital Extremes)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version:  - Raven Software)
Star Wars: The Force Unleashed Ultimate Sith Edition (HKLM-x32\...\Steam App 32430) (Version:  - LucasArts)
STAR WARS® - X-Wing (1998) (HKLM-x32\...\1207666393_is1) (Version: 2.0.0.5 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.445.23476 - SteelSeries)
Super Street Fighter IV: Arcade Edition (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
Surface Tension Uncut 2.0 Final (HKLM-x32\...\Surface Tension Uncut) (Version: 2.0 Final - Text FAMGUY1)
Syndicate™ (HKLM-x32\...\{FA602928-EB59-449c-B9F7-1FBE1291B63D}) (Version: 1.0.0.1 - Electronic Arts)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version:  - Test3 Projects)
Tesla Effect -  A Tex Murphy Adventure (HKLM-x32\...\GOGPACKTEXMURPHYTESLAEFFECT_is1) (Version: 2.0.0.9 - GOG.com)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Evil Within (HKLM-x32\...\Steam App 268050) (Version:  - Tango Gameworks)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Room (HKLM-x32\...\Steam App 288160) (Version:  - Fireproof Games)
The Vanishing of Ethan Carter (HKLM-x32\...\1207665373_is1) (Version: 2.0.0.2 - GOG.com)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - Telltale Games)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
Thrustmaster Force Feedback Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tony Hawk's Pro Skater HD (HKLM-x32\...\Steam App 207210) (Version:  - Robomodo)
Total Immersion D'Fusion @Home Web Plug-In (HKLM-x32\...\D'Fusion @Home Web Plug-In) (Version:  - Total Immersion)
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant)
Trapcode Suite 64-bit (Version: 12.1.3 - Red Giant) Hidden
Ulead MediaStudio Pro 8.0 (HKLM-x32\...\{A6E71574-2126-4E95-816E-32B2411C94BA}) (Version: 8.0 - Ulead Systems, Inc.)
Unity Web Player (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-04a2fb3b-c3ef-41cb-b2de-b39f7291bbd6) (Version:  - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
Vampire: The Masquerade - Bloodlines (HKLM-x32\...\Steam App 2600) (Version:  - Troika Games)
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
Visual Basic 5.0 (C:\Windows\system32\) (HKLM-x32\...\ST5UNST #2) (Version:  - )
Visual Basic 5.0 (HKLM-x32\...\ST5UNST #1) (Version:  - )
Vita 2 (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Vita Drum Engine (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Vita Electric Piano (Version: 1.0.2.0 - MAGIX Software GmbH) Hidden
Vita Power Guitar (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version:  - Relic)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Wing Commander IV (HKLM-x32\...\GOGPACKWC4_is1) (Version: 2.0.0.17 - GOG.com)
Wings Remastered Demo, Cinemaware (HKLM-x32\...\Cinemaware Wings Remastered Demo) (Version: "1.1.1" - "Cinemaware")
Wings!™ Remastered (HKLM-x32\...\1207666423_is1) (Version: 2.0.0.1 - GOG.com)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Xml Viewer (HKLM-x32\...\{F58E04CD-6E76-43C8-AAF1-482225C2910E}) (Version: 3 - MindFusion Limited)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-11-2014 08:03:19 Windows Update
08-11-2014 09:48:53 Windows Update
08-11-2014 17:57:40 DirectX wurde installiert
11-11-2014 19:20:37 Windows Update
11-11-2014 19:32:17 Installed MorphVOX Pro
11-11-2014 19:34:45 Installed MorphVOX Effects Rack
11-11-2014 19:52:35 Removed MorphVOX Effects Rack
11-11-2014 19:52:43 Removed MorphVOX Pro
13-11-2014 17:09:06 DirectX wurde installiert
14-11-2014 16:43:57 Installed Xml Viewer
14-11-2014 20:40:45 Windows Update
16-11-2014 15:08:48 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C03DC06-9067-4DB0-83A7-B4704E03849A} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {520A4ED2-9B29-4873-B2CA-FEA9273674C4} - \{4DD1B416-1A2D-4675-A6D6-8083878E9DE3} No Task File <==== ATTENTION
Task: {5A02CE66-BC6C-4B59-9F0E-0AE5D87FE243} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-16] (AVAST Software)
Task: {674D3F7E-07C8-42A4-AD10-F21331870E05} - \Red Giant Link No Task File <==== ATTENTION
Task: {7819626C-4A4B-452C-ADED-4B651CFDE459} - \CCleanerSkipUAC No Task File <==== ATTENTION
Task: {A1F0DA50-907F-453C-8DBC-12CB76447D32} - \Security Center Update - 1769741681 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-15 13:35 - 2014-09-13 22:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-11 20:22 - 2014-11-11 20:22 - 03507200 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-11-11 20:22 - 2014-11-11 20:22 - 02688512 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-03-15 15:03 - 2014-10-24 19:15 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-10-14 12:36 - 2009-10-14 12:36 - 02793304 _____ () D:\Programme\Logitech\Webcam\Logitech WebCam Software\LWS.exe
2009-10-14 12:34 - 2009-10-14 12:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-11-16 16:09 - 2014-11-16 16:09 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-16 16:09 - 2014-11-16 16:09 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-03-15 13:20 - 2013-09-03 16:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-16 16:10 - 2014-11-16 16:10 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14111600\algo.dll
2014-11-16 16:09 - 2014-11-16 16:09 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-11-16 16:09 - 2014-11-16 16:09 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-10 19:53 - 2014-11-10 19:53 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-22 08:39 - 2014-11-11 19:48 - 01171456 _____ () D:\Games\Steam\libavcodec-56.dll
2014-08-22 08:39 - 2014-11-11 19:48 - 00442368 _____ () D:\Games\Steam\libavutil-54.dll
2014-08-22 08:39 - 2014-11-11 19:48 - 00332800 _____ () D:\Games\Steam\libavresample-2.dll
2014-03-15 14:22 - 2014-11-11 19:47 - 00774656 _____ () D:\Games\Steam\SDL2.dll
2014-05-22 15:47 - 2014-11-12 02:04 - 02227904 _____ () D:\Games\Steam\video.dll
2014-08-22 08:39 - 2014-11-11 19:48 - 00403968 _____ () D:\Games\Steam\libavformat-56.dll
2014-08-22 08:39 - 2014-11-11 19:48 - 00485888 _____ () D:\Games\Steam\libswscale-3.dll
2014-03-15 14:22 - 2014-11-12 02:04 - 00690880 _____ () D:\Games\Steam\bin\chromehtml.DLL
2014-03-15 14:22 - 2014-11-11 19:48 - 34589888 _____ () D:\Games\Steam\bin\libcef.dll
2014-07-24 19:21 - 2014-11-11 19:48 - 00837824 _____ () D:\Games\Steam\bin\ffmpegsumo.dll
2014-11-13 18:57 - 2014-11-13 18:57 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:98353363
AlternateDataStreams: C:\Users\Hoshi\Desktop\Maximus Arcade Registration Code.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk => C:\Windows\pss\Killer Network Manager.lnk.CommonStartup

========================= Accounts: ==========================

Administrator (S-1-5-21-1299527896-1211748070-1707534253-500 - Administrator - Disabled)
Gast (S-1-5-21-1299527896-1211748070-1707534253-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1299527896-1211748070-1707534253-1002 - Limited - Enabled)
Hoshi (S-1-5-21-1299527896-1211748070-1707534253-1000 - Administrator - Enabled) => C:\Users\Hoshi

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2014 04:17:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary pgxpeyck.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (11/16/2014 04:17:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary pgxpeyck.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (11/16/2014 04:13:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary pgxpeyck.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (11/16/2014 04:13:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary pgxpeyck.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (11/16/2014 04:09:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary pgxpeyck.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (11/16/2014 04:09:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary pgxpeyck.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (11/16/2014 04:08:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary pgxpeyck.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (11/16/2014 03:55:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 10:04:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 09:23:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/16/2014 11:48:56 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (11/16/2014 11:48:56 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (11/16/2014 11:48:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (11/15/2014 10:10:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (11/15/2014 10:10:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (11/15/2014 10:10:28 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (11/15/2014 03:18:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/14/2014 09:53:21 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.

Error: (11/14/2014 09:53:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.

Error: (11/14/2014 07:19:14 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.


Microsoft Office Sessions:
=========================
Error: (11/16/2014 04:17:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary pgxpeyck.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (11/16/2014 04:17:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary pgxpeyck.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (11/16/2014 04:13:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary pgxpeyck.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (11/16/2014 04:13:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary pgxpeyck.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (11/16/2014 04:09:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary pgxpeyck.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (11/16/2014 04:09:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary pgxpeyck.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (11/16/2014 04:08:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary pgxpeyck.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (11/16/2014 03:55:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 10:04:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 09:23:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 22%
Total physical RAM: 16314.71 MB
Available physical RAM: 12577.19 MB
Total Pagefile: 32627.6 MB
Available Pagefile: 28831.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:146.87 GB) NTFS
Drive d: () (Fixed) (Total:1464.84 GB) (Free:437.95 GB) NTFS
Drive e: () (Fixed) (Total:398.17 GB) (Free:222.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 7D0DF0DC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7D0DF0CB)
Partition 1: (Not Active) - (Size=1464.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=398.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 17.11.2014, 09:17   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint



hi,


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.11.2014, 17:09   #5
Hoshi82
 
Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint



Code:
ATTFilter
ComboFix 14-11-15.01 - Hoshi 17.11.2014  16:55:43.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.16315.14329 [GMT 1:00]
ausgeführt von:: c:\users\Hoshi\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\UA000012.DLL
c:\windows\UA000019.DLL
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-17 bis 2014-11-17  ))))))))))))))))))))))))))))))
.
.
2014-11-17 15:58 . 2014-11-17 15:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-16 16:26 . 2014-11-16 16:26	--------	d-----w-	C:\FRST
2014-11-16 15:08 . 2014-11-16 15:08	--------	d-----w-	c:\program files\AVAST Software
2014-11-16 15:08 . 2014-11-16 15:08	--------	d-----w-	c:\programdata\AVAST Software
2014-11-16 10:49 . 2014-11-16 10:49	20544	----a-w-	c:\windows\gdrv.sys
2014-11-16 08:32 . 2014-09-17 11:38	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC50F7B7-F60F-41FD-A12C-733AC79EEBAB}\gapaengine.dll
2014-11-16 08:32 . 2014-10-14 19:59	11627712	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4E6DBA1-4A0F-4DE9-B1A2-A82FE2FB2478}\mpengine.dll
2014-11-14 20:40 . 2014-10-14 19:59	11627712	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-13 03:39 . 2014-11-15 00:38	--------	d-----w-	c:\windows\Microsoft Antimalware
2014-11-11 19:32 . 2014-11-11 19:52	--------	d-----w-	c:\programdata\Screaming Bee
2014-11-11 19:22 . 2014-11-11 19:22	2688512	----a-w-	c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-11-08 17:57 . 2008-07-12 07:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2014-11-08 17:57 . 2008-07-12 07:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2014-11-08 17:57 . 2008-07-12 07:18	540688	----a-w-	c:\windows\system32\d3dx10_39.dll
2014-11-08 17:57 . 2008-07-12 07:18	1942552	----a-w-	c:\windows\system32\D3DCompiler_39.dll
2014-11-08 17:57 . 2008-07-12 07:18	4992520	----a-w-	c:\windows\system32\D3DX9_39.dll
2014-10-31 16:39 . 2014-10-31 16:39	--------	d-sh--w-	c:\windows\ftpcache
2014-10-31 14:29 . 2001-09-05 03:18	225280	------w-	c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-10-31 14:29 . 2001-09-05 03:14	176128	------w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-10-31 14:29 . 2001-09-05 03:18	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-10-31 14:29 . 2001-09-05 03:13	32768	------w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-10-20 17:23 . 2014-10-20 17:23	--------	d-----w-	c:\users\Hoshi\AppData\Local\Rebellion
2014-10-20 17:17 . 2014-10-20 17:17	--------	d-----w-	c:\users\Hoshi\AppData\Local\CrashRpt
2014-10-20 17:17 . 2014-10-20 17:21	--------	d-----w-	c:\program files (x86)\GalaxyClient
2014-10-20 17:17 . 2014-10-20 17:17	--------	d-----w-	c:\programdata\GalaxyClient
2014-10-19 15:13 . 2014-10-19 15:13	--------	d-----w-	c:\users\Hoshi\AppData\Roaming\WingsSaveData
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-16 15:03 . 2014-06-26 16:59	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-16 11:47 . 2014-05-17 17:23	348928	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2014-11-16 11:47 . 2014-03-15 14:03	348928	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2014-11-16 11:46 . 2014-03-15 14:03	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2014-11-13 17:57 . 2014-03-15 13:16	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-13 17:57 . 2014-03-15 13:16	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-30 11:25 . 2010-11-21 03:27	275080	------w-	c:\windows\system32\MpSigStub.exe
2014-10-24 18:15 . 2014-03-15 14:03	76152	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2014-10-15 16:32 . 2014-08-05 14:06	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-01 10:11 . 2014-06-26 16:59	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-10-01 10:11 . 2014-06-26 16:59	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 10:11 . 2014-03-15 13:53	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-09-17 11:38 . 2014-03-20 15:32	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-17 04:51 . 2014-10-15 18:33	31520	----a-w-	c:\windows\system32\nvhdap64.dll
2014-09-17 04:51 . 2014-10-15 18:33	197408	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2014-09-17 04:51 . 2014-03-15 12:34	1538880	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2014-09-14 08:33 . 2014-09-14 08:33	76152	----a-w-	c:\windows\system32\PnkBstrA.exe
2014-09-13 23:48 . 2014-10-15 18:33	957584	----a-w-	c:\windows\system32\NvIFR64.dll
2014-09-13 23:48 . 2014-10-15 18:33	925896	----a-w-	c:\windows\system32\NvFBC64.dll
2014-09-13 23:48 . 2014-10-15 18:33	919240	----a-w-	c:\windows\SysWow64\NvIFR.dll
2014-09-13 23:48 . 2014-10-15 18:33	894096	----a-w-	c:\windows\SysWow64\NvFBC.dll
2014-09-13 23:48 . 2014-10-15 18:33	867528	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2014-09-13 23:48 . 2014-10-15 18:33	501064	----a-w-	c:\windows\system32\nvEncodeAPI64.dll
2014-09-13 23:48 . 2014-10-15 18:33	4287296	----a-w-	c:\windows\system32\nvcuvid.dll
2014-09-13 23:48 . 2014-10-15 18:33	417096	----a-w-	c:\windows\SysWow64\nvEncodeAPI.dll
2014-09-13 23:48 . 2014-10-15 18:33	4008592	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2014-09-13 23:48 . 2014-10-15 18:33	393024	----a-w-	c:\windows\system32\NvIFROpenGL.dll
2014-09-13 23:48 . 2014-10-15 18:33	352016	----a-w-	c:\windows\system32\nvoglshim64.dll
2014-09-13 23:48 . 2014-10-15 18:33	348304	----a-w-	c:\windows\SysWow64\NvIFROpenGL.dll
2014-09-13 23:48 . 2014-10-15 18:33	303600	----a-w-	c:\windows\SysWow64\nvoglshim32.dll
2014-09-13 23:48 . 2014-10-15 18:33	24552592	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2014-09-13 23:48 . 2014-10-15 18:33	20589536	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-09-13 23:48 . 2014-10-15 18:33	19954520	----a-w-	c:\windows\system32\nvd3dumx.dll
2014-09-13 23:48 . 2014-10-15 18:33	1876296	----a-w-	c:\windows\system32\nvdispco6434411.dll
2014-09-13 23:48 . 2014-10-15 18:33	174856	----a-w-	c:\windows\system32\nvinitx.dll
2014-09-13 23:48 . 2014-10-15 18:33	156840	----a-w-	c:\windows\SysWow64\nvinit.dll
2014-09-13 23:48 . 2014-10-15 18:33	1539272	----a-w-	c:\windows\system32\nvdispgenco6434411.dll
2014-09-13 23:48 . 2014-10-15 18:33	14026304	----a-w-	c:\windows\system32\nvopencl.dll
2014-09-13 23:48 . 2014-10-15 18:33	13939272	----a-w-	c:\windows\system32\nvcuda.dll
2014-09-13 23:48 . 2014-10-15 18:33	13157696	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2014-09-13 23:48 . 2014-10-15 18:33	11392576	----a-w-	c:\windows\SysWow64\nvopencl.dll
2014-09-13 23:48 . 2014-10-15 18:33	11330776	----a-w-	c:\windows\SysWow64\nvcuda.dll
2014-09-13 23:48 . 2014-10-15 18:33	20922512	----a-w-	c:\windows\system32\nvcompiler.dll
2014-09-13 23:48 . 2014-10-15 18:33	17259664	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2014-09-13 23:48 . 2014-05-27 15:02	18106152	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2014-09-13 23:48 . 2014-05-27 15:02	2838424	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-09-13 23:48 . 2014-03-15 12:35	73872	----a-w-	c:\windows\system32\OpenCL.dll
2014-09-13 23:48 . 2014-03-15 12:35	60560	----a-w-	c:\windows\SysWow64\OpenCL.dll
2014-09-13 23:48 . 2014-03-15 12:34	984424	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-09-13 23:48 . 2014-03-15 12:34	3223120	----a-w-	c:\windows\system32\nvapi64.dll
2014-09-13 23:48 . 2014-03-15 12:34	31887680	----a-w-	c:\windows\system32\nvoglv64.dll
2014-09-13 23:48 . 2014-03-15 12:34	16875856	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-09-13 21:53 . 2014-03-15 12:35	6890696	----a-w-	c:\windows\system32\nvcpl.dll
2014-09-13 21:53 . 2014-03-15 12:35	3529872	----a-w-	c:\windows\system32\nvsvc64.dll
2014-09-13 21:53 . 2014-03-15 12:35	934216	----a-w-	c:\windows\system32\nvvsvc.exe
2014-09-13 21:53 . 2014-03-15 12:35	62608	----a-w-	c:\windows\system32\nvshext.dll
2014-09-13 21:53 . 2014-03-15 12:35	385168	----a-w-	c:\windows\system32\nvmctray.dll
2014-09-13 21:53 . 2014-03-15 12:35	2557640	----a-w-	c:\windows\system32\nvsvcr.dll
2014-09-13 20:13 . 2014-10-15 18:33	613696	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-09-12 17:20 . 2014-06-15 18:54	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2014-09-12 17:20 . 2014-06-15 18:54	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2014-09-11 15:37 . 2014-03-15 12:35	3961833	----a-w-	c:\windows\system32\nvcoproc.bin
2014-08-23 18:56 . 2014-08-23 18:56	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2014-08-20 14:36 . 2009-08-18 10:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-08-20 14:32 . 2009-08-18 09:24	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-11 292848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="d:\programme\QuickTime\QTTask.exe" [2014-01-17 421888]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"LogitechQuickCamRibbon"="d:\programme\Logitech\Webcam\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"LogMeIn Hamachi Ui"="d:\programme\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-11-03 3835728]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-16 5223016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
R2 SkypeUpdate;Skype Updater;d:\programme\Skype\Updater\Updater.exe;d:\programme\Skype\Updater\Updater.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 GalaxyService;GalaxyService;c:\program files (x86)\GalaxyClient\GalaxyService.exe;c:\program files (x86)\GalaxyClient\GalaxyService.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;d:\games\Origin\OriginClientService.exe;d:\games\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programme\LogMeIn Hamachi\hamachi-2.exe;d:\programme\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 Qualcomm Atheros Killer Service V2;Qualcomm Atheros Killer Service V2;c:\program files\Qualcomm Atheros\Network Manager\KillerService.exe;c:\program files\Qualcomm Atheros\Network Manager\KillerService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15 17:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-16 15:09	860984	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1SecureIconsProvider]
@="{FC9D8189-520A-4417-AED7-9EAC810C6FBA}"
[HKEY_CLASSES_ROOT\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}]
2014-11-11 19:22	3507200	----a-w-	c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-02-27 8294680]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.ftp - 185.49.15.25
FF - prefs.js: network.proxy.ftp_port - 7808
FF - prefs.js: network.proxy.gopher - 83.231.136.9
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 185.49.15.25
FF - prefs.js: network.proxy.http_port - 7808
FF - prefs.js: network.proxy.socks - 185.49.15.25
FF - prefs.js: network.proxy.socks_port - 7808
FF - prefs.js: network.proxy.ssl - 185.49.15.25
FF - prefs.js: network.proxy.ssl_port - 7808
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 1970-05-29 12:38; {B0D94882-1B07-3812-ACC7-3C1D8BA4BDE9}; - 
FF - ExtSQL: !HIDDEN! 2009-06-24 17:29; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}"=hex:51,66,7a,6c,4c,1d,38,12,27,28,80,
   ea,f2,9b,77,08,dc,cc,8d,48,4c,7b,c9,f2
.
[HKEY_USERS\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:16,f3,55,54,e4,cb,e2,0a,0b,87,14,f1,eb,2b,38,36,f3,50,8b,d3,17,f5,10,
   01,23,2d,92,49,b2,dc,7a,3c,27,4e,c2,30,c4,ca,bf,cf,4b,1f,b3,b7,eb,4a,d5,7e,\
"??"=hex:c2,85,14,78,f8,c8,dd,0b,12,34,1d,c2,66,55,76,49
.
[HKEY_USERS\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\SecuROM\License information*]
"datasecu"=hex:3f,01,d2,c0,b2,05,55,28,c1,2e,26,82,dd,65,7f,08,9a,ff,e3,fa,46,
   88,97,65,3a,ce,c5,0d,8a,f7,5e,21,0c,da,05,3c,30,4c,47,65,16,eb,c8,a6,52,85,\
"rkeysecu"=hex:03,f3,fe,7f,86,81,4c,e4,a8,67,f8,0c,e9,b6,18,c6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-17  16:59:57
ComboFix-quarantined-files.txt  2014-11-17 15:59
.
Vor Suchlauf: 6 Verzeichnis(se), 157.646.168.064 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 157.609.947.136 Bytes frei
.
- - End Of File - - 5DAB7124EBC82C4830DD1B120739E4DE
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 18.11.2014, 10:27   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint

Alt 18.11.2014, 15:58   #7
Hoshi82
 
Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint



Malewarebytes Anti-Maleware:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.11.2014
Suchlauf-Zeit: 15:27:31
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.18.04
Rootkit Datenbank: v2014.11.12.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Hoshi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 339724
Verstrichene Zeit: 3 Min, 52 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Adwcleaner:
Code:
ATTFilter
# AdwCleaner v4.101 - Bericht erstellt am 18/11/2014 um 15:33:28
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-16.1 [Live]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Hoshi - HOSHI-PC
# Gestartet von : C:\Users\Hoshi\Desktop\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Hoshi\AppData\Local\CrashRpt
[!] Ordner Gelöscht : C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\m8b22v9u.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\m8b22v9u.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\searchplugins\winamp-search.xml
Datei Gelöscht : C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\m8b22v9u.default\searchplugins\winamp-search.xml

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Tencent

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16921


-\\ Mozilla Firefox v33.1 (x86 de)


*************************

AdwCleaner[R0].txt - [1823 octets] - [18/11/2014 15:32:27]
AdwCleaner[S0].txt - [1698 octets] - [18/11/2014 15:33:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1758 octets] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Ultimate x64
Ran by Hoshi on 18.11.2014 at 15:36:05,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Hoshi\AppData\Roaming\mozilla\firefox\profiles\71ts16td.default\prefs.js

user_pref("extensions.personas.lastselected2", "{\"id\":\"44495\",\"name\":\"Generation Fame\",\"accentcolor\":\"#663300\",\"textcolor\":\"#fce8c3\",\"header\":\"hxxp://getper
user_pref("lightweightThemes.usedThemes", "[{\"id\":\"5918\",\"name\":\"Dark Fox\",\"headerURL\":\"hxxps://addons.mozilla.org/_files/18066/1232849758499.jpg?1241572934\",\"foo
user_pref("shoutcast_toolbar.search.searchtype", "web");
Emptied folder: C:\Users\Hoshi\AppData\Roaming\mozilla\firefox\profiles\71ts16td.default\minidumps [475 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.11.2014 at 15:37:53,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 02
Ran by Hoshi (administrator) on HOSHI-PC on 18-11-2014 15:38:19
Running from C:\Users\Hoshi\Desktop
Loaded Profile: Hoshi (Available profiles: Hoshi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() D:\Programme\Logitech\Webcam\Logitech WebCam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) D:\Programme\LogMeIn Hamachi\hamachi-2.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(LogMeIn Inc.) D:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn, Inc.) D:\Programme\LogMeIn Hamachi\LMIGuardianSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(LogMeIn, Inc.) D:\Programme\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\ProgramData\Microsoft\Secure\Icons\temp\tmp94A0.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-28] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => D:\Programme\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => D:\Programme\Logitech\Webcam\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-11-16] (AVAST Software)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [{889D17A3-3D91-C90C-B33B-19FBCD6A8EDF}] => C:\ProgramData\Microsoft\Secure\Icons\temp\tmp94A0.exe [141928 2014-11-18] () <===== ATTENTION
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [Abcworks] => C:\Users\Hoshi\AppData\Local\Abcworks\tmp94A0.exe [141928 2014-11-18] ()
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [YXPack] => regsvr32.exe C:\Users\Hoshi\AppData\Local\YXPack\dialogCommonCtr.dll <===== ATTENTION
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x08EF7E644940CF01
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "autoconfig_url", "hxxp://63.149.98.54/"
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.gopher", ""
FF NetworkProxy: "backup.gopher_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "185.49.15.25"
FF NetworkProxy: "ftp_port", 7808
FF NetworkProxy: "gopher", "83.231.136.9"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "185.49.15.25"
FF NetworkProxy: "http_port", 7808
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "185.49.15.25"
FF NetworkProxy: "socks_port", 7808
FF NetworkProxy: "ssl", "185.49.15.25"
FF NetworkProxy: "ssl_port", 7808
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1299527896-1211748070-1707534253-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hoshi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Разпознаване на устройство Logitech - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\DeviceDetection@logitech.com [2014-03-15]
FF Extension: CamSpace plugin for Firefox - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\firefox-plugin@camspace.com [2014-03-15]
FF Extension: Better Battlelog (BBLog) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\jid1-qQSMEVsYTOjgYA@jetpack [2014-11-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-03-15]
FF Extension: ChatZilla - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2014-10-04]
FF Extension: DownloadHelper - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-03-15]
FF Extension: MEGA - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\firefox@mega.co.nz.xpi [2014-08-03]
FF Extension: FireNes - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\firenes@facundo.zaldo.xpi [2014-03-15]
FF Extension: Personas Plus - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\personas@christopher.beard.xpi [2014-03-15]
FF Extension: Stealthy - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\stealthyextension@gmail.com.xpi [2014-03-15]
FF Extension: Adblock Plus - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-15]
FF Extension: Greasemonkey - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-16]
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-16]
FF Extension: No Name - {B64D9B05-48E1-4CEB-BF58-E0643994E900} [Not Found]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-11-13] (Adobe Systems Incorporated) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-16] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-16] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-19] () [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
R2 Hamachi2Svc; D:\Programme\LogMeIn Hamachi\hamachi-2.exe [2530128 2014-11-03] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [1900400 2014-11-09] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-09-14] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-10-24] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-16] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-16] ()
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-20] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-11-16] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 15:38 - 2014-11-18 15:38 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\YXPack
2014-11-18 15:38 - 2014-11-18 15:38 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\Abcworks
2014-11-18 15:37 - 2014-11-18 15:37 - 00001291 _____ () C:\Users\Hoshi\Desktop\JRT.txt
2014-11-18 15:36 - 2014-11-18 15:36 - 00000000 ____D () C:\Windows\ERUNT
2014-11-18 15:32 - 2014-11-18 15:33 - 00000000 ____D () C:\AdwCleaner
2014-11-18 15:31 - 2014-11-18 15:31 - 00001199 _____ () C:\Users\Hoshi\Desktop\mbam.txt
2014-11-18 15:28 - 2014-11-18 15:28 - 02140160 _____ () C:\Users\Hoshi\Desktop\AdwCleaner_4.101.exe
2014-11-18 15:28 - 2014-11-18 15:28 - 01707532 _____ (Thisisu) C:\Users\Hoshi\Desktop\JRT.exe
2014-11-17 18:48 - 2014-11-17 21:06 - 00001216 _____ () C:\Windows\Sidplay2w.ini
2014-11-17 17:47 - 2014-11-17 17:47 - 00000101 _____ () C:\Users\Public\Desktop\FarCry 4.url
2014-11-17 16:59 - 2014-11-17 16:59 - 00028403 _____ () C:\ComboFix.txt
2014-11-17 16:54 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-17 16:54 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-17 16:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-17 16:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-17 16:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-17 16:54 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-17 16:54 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-17 16:54 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-17 16:51 - 2014-11-17 16:59 - 00000000 ____D () C:\Qoobox
2014-11-17 16:47 - 2014-11-17 16:59 - 00000000 ____D () C:\Windows\erdnt
2014-11-17 16:42 - 2014-11-17 16:42 - 05598504 ____R (Swearware) C:\Users\Hoshi\Desktop\ComboFix.exe
2014-11-17 16:40 - 2014-11-17 16:40 - 00113904 _____ () C:\Users\Hoshi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-16 17:26 - 2014-11-18 15:38 - 00020632 _____ () C:\Users\Hoshi\Desktop\FRST.txt
2014-11-16 17:26 - 2014-11-18 15:38 - 00000000 ____D () C:\FRST
2014-11-16 17:26 - 2014-11-16 17:30 - 00041423 _____ () C:\Users\Hoshi\Desktop\Addition.txt
2014-11-16 17:25 - 2014-11-16 17:25 - 02117120 _____ (Farbar) C:\Users\Hoshi\Desktop\FRST64.exe
2014-11-16 16:26 - 2014-11-16 16:27 - 00000247 _____ () C:\Windows\system32\2014-11-16-15-26-37.096-aswFe.exe-9064.log
2014-11-16 16:17 - 2014-11-16 16:17 - 00000197 _____ () C:\Windows\system32\2014-11-16-15-17-36.037-AvastVBoxSVC.exe-6292.log
2014-11-16 16:15 - 2014-11-16 16:16 - 00000247 _____ () C:\Windows\system32\2014-11-16-15-15-26.018-aswFe.exe-6888.log
2014-11-16 16:13 - 2014-11-16 16:17 - 00000197 _____ () C:\Windows\system32\2014-11-16-15-13-24.029-AvastVBoxSVC.exe-1804.log
2014-11-16 16:11 - 2014-11-16 16:13 - 00000247 _____ () C:\Windows\system32\2014-11-16-15-11-40.002-aswFe.exe-8476.log
2014-11-16 16:10 - 2014-11-16 16:10 - 00000247 _____ () C:\Windows\system32\2014-11-16-15-10-04.094-aswFe.exe-9160.log
2014-11-16 16:10 - 2014-11-16 16:10 - 00000197 _____ () C:\Windows\system32\2014-11-16-15-10-04.011-AvastVBoxSVC.exe-7228.log
2014-11-16 16:09 - 2014-11-16 16:09 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-16 16:09 - 2014-11-16 16:09 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-16 16:09 - 2014-11-16 16:09 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-16 16:09 - 2014-11-16 16:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-16 16:09 - 2014-11-16 16:09 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-16 16:09 - 2014-11-16 16:09 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-16 16:09 - 2014-11-16 16:09 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-16 16:09 - 2014-11-16 16:09 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\AVAST Software
2014-11-16 16:09 - 2014-11-16 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-16 16:08 - 2014-11-16 16:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-16 16:08 - 2014-11-16 16:08 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-16 16:02 - 2014-11-16 16:06 - 131078000 _____ (AVAST Software) C:\Users\Hoshi\Downloads\avast_free_antivirus_setup.exe
2014-11-16 11:49 - 2014-11-16 11:49 - 00020544 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-11-16 11:49 - 2014-11-16 11:49 - 00000010 _____ () C:\Windows\GSetup.ini
2014-11-15 01:52 - 2014-11-15 01:52 - 61935616 _____ () C:\Windows\system32\config\SOFTWARE4383c0db
2014-11-14 21:27 - 2014-11-14 21:27 - 00007823 _____ () C:\Users\Hoshi\Desktop\Maximus Arcade Registration Code.eml
2014-11-14 17:44 - 2014-11-14 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XML Viewer
2014-11-14 16:56 - 2014-11-14 16:56 - 00000000 ____D () C:\Windows\pss
2014-11-13 18:09 - 2014-11-17 17:49 - 00035026 _____ () C:\Windows\DirectX.log
2014-11-13 16:41 - 2014-11-18 15:34 - 00006896 _____ () C:\Windows\PFRO.log
2014-11-13 16:41 - 2014-11-18 15:34 - 00000818 _____ () C:\Windows\setupact.log
2014-11-13 16:41 - 2014-11-13 16:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-13 04:39 - 2014-11-15 01:38 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-11-12 19:19 - 2014-11-12 19:19 - 00896504 _____ (Microsoft Corporation) C:\Users\Hoshi\Downloads\mssstool64.exe
2014-11-11 20:32 - 2014-11-11 20:52 - 00000000 ____D () C:\ProgramData\Screaming Bee
2014-11-11 20:29 - 2014-11-18 15:37 - 00875842 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 19:53 - 2014-11-10 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 18:57 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-11-08 18:57 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-11-08 18:57 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-11-08 18:57 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-11-08 18:57 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-11-05 08:53 - 2014-11-05 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-11-01 17:04 - 2014-11-01 17:04 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-11-01 13:45 - 2014-11-01 13:45 - 00051204 _____ () C:\Users\Hoshi\Documents\cc_20141101_134505.reg
2014-10-31 17:44 - 2014-10-31 17:44 - 00000300 _____ () C:\Windows\game.ini
2014-10-31 17:39 - 2014-10-31 17:39 - 00000000 __SHD () C:\Windows\ftpcache
2014-10-31 15:31 - 2014-10-31 15:32 - 00000000 ____D () C:\Users\Hoshi\Desktop\BF Vietnam
2014-10-31 15:30 - 2014-10-31 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Vietnam
2014-10-31 12:27 - 2014-10-31 12:27 - 00774825 _____ () C:\Users\Hoshi\Downloads\steamcmd.zip
2014-10-29 17:36 - 2014-10-29 17:36 - 00000000 ____D () C:\Users\Hoshi\Documents\UnrealTournament
2014-10-25 08:58 - 2014-10-25 08:58 - 00135380 _____ () C:\Users\Hoshi\Documents\cc_20141025_095844.reg
2014-10-24 19:09 - 2014-10-24 19:09 - 01402920 _____ () C:\Users\Hoshi\Downloads\battlelog-web-plugins_2.5.1_149(1).exe
2014-10-21 15:43 - 2014-10-21 15:46 - 00000000 ____D () C:\Users\Hoshi\Documents\Assassin's Creed IV Black Flag
2014-10-20 18:23 - 2014-10-20 18:23 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\Rebellion
2014-10-20 18:17 - 2014-10-20 18:21 - 00000000 ____D () C:\Program Files (x86)\GalaxyClient
2014-10-20 18:17 - 2014-10-20 18:17 - 00000000 ____D () C:\ProgramData\GalaxyClient
2014-10-19 17:13 - 2014-10-19 17:13 - 00004096 _____ () C:\Windows\d3dx.dat
2014-10-19 16:13 - 2014-10-19 16:13 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\WingsSaveData

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 15:34 - 2014-06-16 18:19 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-11-18 15:34 - 2014-03-15 15:19 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\LogMeIn Hamachi
2014-11-18 15:34 - 2014-03-15 13:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-18 15:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-18 15:33 - 2009-07-14 05:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-18 15:33 - 2009-07-14 05:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-18 15:32 - 2011-04-12 08:43 - 00711068 _____ () C:\Windows\system32\perfh007.dat
2014-11-18 15:32 - 2011-04-12 08:43 - 00155002 _____ () C:\Windows\system32\perfc007.dat
2014-11-18 15:32 - 2009-07-14 06:13 - 01653236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-18 15:27 - 2014-06-26 17:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-18 15:26 - 2014-05-03 10:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-17 21:02 - 2014-03-15 14:32 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\Skype
2014-11-17 19:48 - 2014-03-20 17:26 - 00000000 ____D () C:\Users\Hoshi\Documents\My Games
2014-11-17 18:44 - 2014-08-28 18:45 - 00000224 _____ () C:\Users\Hoshi\BullseyeCoverageError.txt
2014-11-17 17:50 - 2014-03-15 14:44 - 00000000 ___RD () C:\Users\Hoshi\Desktop\Games
2014-11-17 17:50 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-17 16:58 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-16 20:46 - 2014-08-01 21:49 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\FirestormOS_x64
2014-11-16 17:56 - 2014-03-19 19:22 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\vlc
2014-11-16 15:52 - 2014-03-15 14:20 - 00000000 ____D () C:\ProgramData\Origin
2014-11-16 15:47 - 2014-03-15 15:33 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\UseNeXT
2014-11-16 12:47 - 2014-05-17 18:23 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-11-16 12:47 - 2014-03-15 15:03 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-11-16 12:46 - 2014-03-15 15:03 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-11-15 18:32 - 2014-04-16 21:43 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\Winamp
2014-11-14 18:24 - 2014-03-15 13:09 - 00000000 ____D () C:\Users\Hoshi
2014-11-14 17:08 - 2014-05-11 09:47 - 00000000 ____D () C:\Windows\ulead.dat
2014-11-13 18:57 - 2014-03-15 14:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-13 18:57 - 2014-03-15 14:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 20:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web
2014-11-11 20:28 - 2014-03-19 17:23 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\uTorrent
2014-11-11 20:24 - 2014-06-26 17:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-11 20:24 - 2014-03-15 13:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-10 16:45 - 2014-03-15 14:32 - 00000000 ____D () C:\ProgramData\Skype
2014-11-08 18:52 - 2014-03-17 18:49 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\THQ
2014-11-07 15:21 - 2009-07-14 05:45 - 04996840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-05 08:53 - 2014-06-26 10:44 - 00000651 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-11-02 14:46 - 2014-05-11 11:10 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-02 09:26 - 2014-09-01 17:36 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\Adobe
2014-11-01 14:01 - 2014-03-16 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-11-01 13:45 - 2014-04-20 00:03 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\DAEMON Tools Lite
2014-11-01 01:08 - 2014-03-26 16:05 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-11-01 00:46 - 2014-05-03 12:53 - 00000000 ____D () C:\Users\Hoshi\Documents\Euro Truck Simulator 2
2014-10-31 17:45 - 2014-03-15 13:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-31 15:42 - 2014-04-20 00:08 - 00001225 _____ () C:\Windows\eReg.dat
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 13:33 - 2014-04-13 19:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-29 13:33 - 2014-04-13 19:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-26 13:45 - 2014-04-13 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-25 08:58 - 2014-03-15 20:03 - 00000000 ____D () C:\Windows\Panther
2014-10-24 19:15 - 2014-03-15 15:03 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-24 19:09 - 2014-03-15 15:03 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-10-24 16:23 - 2014-08-01 21:49 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\Firestorm_x64
2014-10-20 18:18 - 2014-03-15 15:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-19 11:51 - 2014-03-16 10:13 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\GOG.com

Files to move or delete:
====================
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp94A0.exe


Some content of TEMP:
====================
C:\Users\Hoshi\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\Hoshi\AppData\Local\Temp\Quarantine.exe
C:\Users\Hoshi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 13:32

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Diese Meldung habe ich 10 Minuten nachdem ich die Scans gemacht hab bekommen und in msconfig systemstart ist auch wieder diese TMP-Datei drin.





Und dieser abcworks ordner mit der Datei ist auch wieder da.



Und das hier kam grad nach dem Neustart... und eine dll von Steam hat in dem Ordner glaube ich auch nichts zu suchen.



Noch zwei Sachen die im Systemstart waren und ein YXPack Ordner der sich in Local nicht löschen lässt, weil die dll da drin wohl benutzt wird? Die dialogCommonCrt.dll und die SteamAgent.dll


Geändert von Hoshi82 (18.11.2014 um 16:17 Uhr)

Alt 19.11.2014, 14:57   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [{889D17A3-3D91-C90C-B33B-19FBCD6A8EDF}] => C:\ProgramData\Microsoft\Secure\Icons\temp\tmp94A0.exe [141928 2014-11-18] () <===== ATTENTION
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [Abcworks] => C:\Users\Hoshi\AppData\Local\Abcworks\tmp94A0.exe [141928 2014-11-18] ()
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [YXPack] => regsvr32.exe C:\Users\Hoshi\AppData\Local\YXPack\dialogCommonCtr.dll <===== ATTENTION
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
C:\Users\Hoshi\AppData\Local\YXPack
C:\ProgramData\Microsoft\Secure
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.11.2014, 18:39   #9
Hoshi82
 
Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint



Er ist noch mit ESET am scannen, das wird noch eine weile dauern. Eine Frage habe ich nur, laut Anleitung ist ja das "Entdeckte Bedrohungen entfernen" ausgestellt. Er hat aber bereits 6 infizierte Dateien gefunden. Oder passiert das im nächsten Schritt? Bin nur neugierig

So hier die Log-Files:
ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a555eb79e6f71a48814909f21b6493ea
# engine=21167
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-19 05:30:44
# local_time=2014-11-19 06:30:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 87033 90986 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 20252832 39398638 0 0
# scanned=601215
# found=6
# cleaned=0
# scan_time=7478
sh=DDF5AC22E70AD0260DAA46C7B29693E09F335F5D ft=1 fh=c71c00112609ed4d vn="Variante von Win64/Sathurbot.A Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll.xBAD"
sh=9B024A1B84AB0399362824FEF8D199AE8C7ED408 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\prefs.js"
sh=5885A3FE97B8BD4AD10EF12023A52CC28A867F81 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\prefs.js.BAK"
sh=0F650C9511ACF675C2DB7127EEF1734E766B2CE3 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\m8b22v9u.default\prefs.js"
sh=7F160B96B6DD8465ED2E80CB603FE25AC5BAAF30 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\m8b22v9u.default\prefs.js.BAK"
sh=68DE2B75B34BF838C04CE4959504D8A3676D5512 ft=0 fh=0000000000000000 vn="Win32/Boaxxe.BU Trojaner" ac=I fn="C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\m8b22v9u.default\extensions\{B0D94882-1B07-3812-ACC7-3C1D8BA4BDE9}\components\UCMHelperClass.js"
         
SecuCheck
Code:
ATTFilter
  Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
avast! Antivirus                
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Desura: CDF Ghostship   
 Java 7 Update 67  
 Java 8 Update 25  
 Adobe Flash Player 15.0.0.223  
 Adobe Reader XI  
 Mozilla Firefox (33.1) 
 Mozilla Thunderbird (24.6.0) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 02
Ran by Hoshi (administrator) on HOSHI-PC on 19-11-2014 18:37:12
Running from C:\Users\Hoshi\Desktop
Loaded Profile: Hoshi (Available profiles: Hoshi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) D:\Programme\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Programme\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) D:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Programme\LogMeIn Hamachi\LMIGuardianSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
() D:\Programme\Logitech\Webcam\Logitech WebCam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Skype Technologies S.A.) D:\Programme\Skype\Phone\Skype.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Users\Hoshi\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-28] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => D:\Programme\Logitech\Webcam\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-18] (AVAST Software)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x08EF7E644940CF01
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "autoconfig_url", "hxxp://63.149.98.54/"
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.gopher", ""
FF NetworkProxy: "backup.gopher_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "185.49.15.25"
FF NetworkProxy: "ftp_port", 7808
FF NetworkProxy: "gopher", "83.231.136.9"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "185.49.15.25"
FF NetworkProxy: "http_port", 7808
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "185.49.15.25"
FF NetworkProxy: "socks_port", 7808
FF NetworkProxy: "ssl", "185.49.15.25"
FF NetworkProxy: "ssl_port", 7808
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1299527896-1211748070-1707534253-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hoshi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Разпознаване на устройство Logitech - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\DeviceDetection@logitech.com [2014-03-15]
FF Extension: CamSpace plugin for Firefox - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\firefox-plugin@camspace.com [2014-03-15]
FF Extension: Better Battlelog (BBLog) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\jid1-qQSMEVsYTOjgYA@jetpack [2014-11-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-03-15]
FF Extension: ChatZilla - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2014-10-04]
FF Extension: DownloadHelper - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-03-15]
FF Extension: MEGA - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\firefox@mega.co.nz.xpi [2014-08-03]
FF Extension: FireNes - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\firenes@facundo.zaldo.xpi [2014-03-15]
FF Extension: Personas Plus - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\personas@christopher.beard.xpi [2014-03-15]
FF Extension: Stealthy - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\stealthyextension@gmail.com.xpi [2014-03-15]
FF Extension: Adblock Plus - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-15]
FF Extension: Greasemonkey - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\71ts16td.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-18]
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-16]
FF Extension: No Name - {B64D9B05-48E1-4CEB-BF58-E0643994E900} [Not Found]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-11-13] (Adobe Systems Incorporated) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-18] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-18] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-19] () [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
R2 Hamachi2Svc; D:\Programme\LogMeIn Hamachi\hamachi-2.exe [2530128 2014-11-03] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [1900400 2014-11-09] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-09-14] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-10-24] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-18] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-18] ()
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-20] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-18] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 18:36 - 2014-11-19 18:36 - 00001179 _____ () C:\Users\Hoshi\Desktop\checkup.txt
2014-11-19 18:35 - 2014-11-19 18:35 - 00854448 _____ () C:\Users\Hoshi\Desktop\SecurityCheck.exe
2014-11-19 16:21 - 2014-11-19 16:21 - 02347384 _____ (ESET) C:\Users\Hoshi\Desktop\esetsmartinstaller_deu.exe
2014-11-19 16:21 - 2014-11-19 16:21 - 00000197 _____ () C:\Windows\system32\2014-11-19-15-21-34.071-AvastVBoxSVC.exe-3832.log
2014-11-19 16:13 - 2014-11-19 16:13 - 00000197 _____ () C:\Windows\system32\2014-11-19-15-13-42.028-AvastVBoxSVC.exe-4328.log
2014-11-18 18:25 - 2014-11-18 18:25 - 00000247 _____ () C:\Windows\system32\2014-11-18-17-25-02.050-aswFe.exe-5708.log
2014-11-18 18:23 - 2014-11-18 18:24 - 00000247 _____ () C:\Windows\system32\2014-11-18-17-23-21.076-aswFe.exe-6716.log
2014-11-18 18:23 - 2014-11-18 18:23 - 00000197 _____ () C:\Windows\system32\2014-11-18-17-23-20.008-AvastVBoxSVC.exe-6164.log
2014-11-18 18:19 - 2014-11-18 18:19 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-18 18:19 - 2014-11-18 18:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-18 18:19 - 2014-11-18 18:19 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-18 18:18 - 2014-11-18 18:18 - 00000197 _____ () C:\Windows\system32\2014-11-18-17-18-58.063-AvastVBoxSVC.exe-5944.log
2014-11-18 18:16 - 2014-11-18 18:17 - 00000247 _____ () C:\Windows\system32\2014-11-18-17-16-58.027-aswFe.exe-1552.log
2014-11-18 18:15 - 2014-11-18 18:16 - 00000247 _____ () C:\Windows\system32\2014-11-18-17-15-54.017-aswFe.exe-6400.log
2014-11-18 18:15 - 2014-11-18 18:16 - 00000197 _____ () C:\Windows\system32\2014-11-18-17-15-53.019-AvastVBoxSVC.exe-3584.log
2014-11-18 18:15 - 2014-11-18 18:15 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\AVAST Software
2014-11-18 18:14 - 2014-11-18 18:19 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-18 18:14 - 2014-11-18 18:19 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-18 18:14 - 2014-11-18 18:19 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-18 18:14 - 2014-11-18 18:19 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-18 18:14 - 2014-11-18 18:19 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-18 18:14 - 2014-11-18 18:19 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-18 18:14 - 2014-11-18 18:19 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-18 18:14 - 2014-11-18 18:19 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-18 18:14 - 2014-11-18 18:19 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-18 18:14 - 2014-11-18 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-18 18:14 - 2014-11-18 18:14 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-18 18:12 - 2014-11-18 18:12 - 00113904 _____ () C:\Users\Hoshi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-18 18:12 - 2014-11-18 18:12 - 00000197 _____ () C:\Windows\system32\2014-11-18-17-12-16.099-AvastVBoxSVC.exe-4436.log
2014-11-18 15:37 - 2014-11-18 15:37 - 00001291 _____ () C:\Users\Hoshi\Desktop\JRT.txt
2014-11-18 15:36 - 2014-11-18 15:36 - 00000000 ____D () C:\Windows\ERUNT
2014-11-18 15:32 - 2014-11-18 15:33 - 00000000 ____D () C:\AdwCleaner
2014-11-18 15:31 - 2014-11-18 15:31 - 00001199 _____ () C:\Users\Hoshi\Desktop\mbam.txt
2014-11-18 15:28 - 2014-11-18 15:28 - 02140160 _____ () C:\Users\Hoshi\Desktop\AdwCleaner_4.101.exe
2014-11-18 15:28 - 2014-11-18 15:28 - 01707532 _____ (Thisisu) C:\Users\Hoshi\Desktop\JRT.exe
2014-11-17 18:48 - 2014-11-17 21:06 - 00001216 _____ () C:\Windows\Sidplay2w.ini
2014-11-17 17:47 - 2014-11-18 20:58 - 00000174 _____ () C:\Users\Public\Desktop\FarCry 4.url
2014-11-17 16:59 - 2014-11-17 16:59 - 00028403 _____ () C:\ComboFix.txt
2014-11-17 16:54 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-17 16:54 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-17 16:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-17 16:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-17 16:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-17 16:54 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-17 16:54 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-17 16:54 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-17 16:51 - 2014-11-17 16:59 - 00000000 ____D () C:\Qoobox
2014-11-17 16:47 - 2014-11-17 16:59 - 00000000 ____D () C:\Windows\erdnt
2014-11-17 16:42 - 2014-11-17 16:42 - 05598504 ____R (Swearware) C:\Users\Hoshi\Desktop\ComboFix.exe
2014-11-16 17:26 - 2014-11-19 18:37 - 00020145 _____ () C:\Users\Hoshi\Desktop\FRST.txt
2014-11-16 17:26 - 2014-11-19 18:37 - 00000000 ____D () C:\FRST
2014-11-16 17:26 - 2014-11-16 17:30 - 00041423 _____ () C:\Users\Hoshi\Desktop\Addition.txt
2014-11-16 17:25 - 2014-11-16 17:25 - 02117120 _____ (Farbar) C:\Users\Hoshi\Desktop\FRST64.exe
2014-11-16 16:26 - 2014-11-16 16:27 - 00000247 _____ () C:\Windows\system32\2014-11-16-15-26-37.096-aswFe.exe-9064.log
2014-11-16 16:17 - 2014-11-16 16:17 - 00000197 _____ () C:\Windows\system32\2014-11-16-15-17-36.037-AvastVBoxSVC.exe-6292.log
2014-11-16 16:15 - 2014-11-16 16:16 - 00000247 _____ () C:\Windows\system32\2014-11-16-15-15-26.018-aswFe.exe-6888.log
2014-11-16 16:13 - 2014-11-16 16:17 - 00000197 _____ () C:\Windows\system32\2014-11-16-15-13-24.029-AvastVBoxSVC.exe-1804.log
2014-11-16 16:11 - 2014-11-16 16:13 - 00000247 _____ () C:\Windows\system32\2014-11-16-15-11-40.002-aswFe.exe-8476.log
2014-11-16 16:10 - 2014-11-16 16:10 - 00000247 _____ () C:\Windows\system32\2014-11-16-15-10-04.094-aswFe.exe-9160.log
2014-11-16 16:10 - 2014-11-16 16:10 - 00000197 _____ () C:\Windows\system32\2014-11-16-15-10-04.011-AvastVBoxSVC.exe-7228.log
2014-11-16 16:09 - 2014-11-16 16:09 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-16 16:09 - 2014-11-16 16:09 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-16 16:08 - 2014-11-18 18:14 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-16 16:02 - 2014-11-16 16:06 - 131078000 _____ (AVAST Software) C:\Users\Hoshi\Downloads\avast_free_antivirus_setup.exe
2014-11-16 11:49 - 2014-11-16 11:49 - 00020544 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-11-16 11:49 - 2014-11-16 11:49 - 00000010 _____ () C:\Windows\GSetup.ini
2014-11-15 01:52 - 2014-11-15 01:52 - 61935616 _____ () C:\Windows\system32\config\SOFTWARE4383c0db
2014-11-14 21:27 - 2014-11-14 21:27 - 00007823 _____ () C:\Users\Hoshi\Desktop\Maximus Arcade Registration Code.eml
2014-11-14 17:44 - 2014-11-14 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XML Viewer
2014-11-14 16:56 - 2014-11-14 16:56 - 00000000 ____D () C:\Windows\pss
2014-11-13 18:09 - 2014-11-17 17:49 - 00035026 _____ () C:\Windows\DirectX.log
2014-11-13 16:41 - 2014-11-19 16:19 - 00447588 _____ () C:\Windows\PFRO.log
2014-11-13 16:41 - 2014-11-19 16:19 - 00001266 _____ () C:\Windows\setupact.log
2014-11-13 16:41 - 2014-11-13 16:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-13 04:39 - 2014-11-15 01:38 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-11-12 19:19 - 2014-11-12 19:19 - 00896504 _____ (Microsoft Corporation) C:\Users\Hoshi\Downloads\mssstool64.exe
2014-11-11 20:32 - 2014-11-11 20:52 - 00000000 ____D () C:\ProgramData\Screaming Bee
2014-11-11 20:29 - 2014-11-19 16:57 - 01114021 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 19:53 - 2014-11-10 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 18:57 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-11-08 18:57 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-11-08 18:57 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-11-08 18:57 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-11-08 18:57 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-11-05 08:53 - 2014-11-05 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-11-01 17:04 - 2014-11-01 17:04 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-11-01 13:45 - 2014-11-01 13:45 - 00051204 _____ () C:\Users\Hoshi\Documents\cc_20141101_134505.reg
2014-10-31 17:44 - 2014-10-31 17:44 - 00000300 _____ () C:\Windows\game.ini
2014-10-31 17:39 - 2014-10-31 17:39 - 00000000 __SHD () C:\Windows\ftpcache
2014-10-31 15:31 - 2014-10-31 15:32 - 00000000 ____D () C:\Users\Hoshi\Desktop\BF Vietnam
2014-10-31 15:30 - 2014-10-31 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Vietnam
2014-10-31 12:27 - 2014-10-31 12:27 - 00774825 _____ () C:\Users\Hoshi\Downloads\steamcmd.zip
2014-10-29 17:36 - 2014-10-29 17:36 - 00000000 ____D () C:\Users\Hoshi\Documents\UnrealTournament
2014-10-25 08:58 - 2014-10-25 08:58 - 00135380 _____ () C:\Users\Hoshi\Documents\cc_20141025_095844.reg
2014-10-24 19:09 - 2014-10-24 19:09 - 01402920 _____ () C:\Users\Hoshi\Downloads\battlelog-web-plugins_2.5.1_149(1).exe
2014-10-21 15:43 - 2014-10-21 15:46 - 00000000 ____D () C:\Users\Hoshi\Documents\Assassin's Creed IV Black Flag
2014-10-20 18:23 - 2014-10-20 18:23 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\Rebellion
2014-10-20 18:17 - 2014-10-20 18:21 - 00000000 ____D () C:\Program Files (x86)\GalaxyClient
2014-10-20 18:17 - 2014-10-20 18:17 - 00000000 ____D () C:\ProgramData\GalaxyClient

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 18:32 - 2014-03-15 14:32 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\Skype
2014-11-19 17:57 - 2014-05-03 10:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-19 16:26 - 2009-07-14 05:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 16:26 - 2009-07-14 05:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-19 16:25 - 2011-04-12 08:43 - 00711068 _____ () C:\Windows\system32\perfh007.dat
2014-11-19 16:25 - 2011-04-12 08:43 - 00155002 _____ () C:\Windows\system32\perfc007.dat
2014-11-19 16:25 - 2009-07-14 06:13 - 01653236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-19 16:20 - 2014-03-15 15:19 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\LogMeIn Hamachi
2014-11-19 16:19 - 2014-06-16 18:19 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-11-19 16:19 - 2014-03-15 13:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-19 16:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-18 21:00 - 2014-03-19 19:22 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\vlc
2014-11-18 20:40 - 2014-03-15 15:33 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\UseNeXT
2014-11-18 20:05 - 2014-03-15 14:20 - 00000000 ____D () C:\ProgramData\Origin
2014-11-18 20:04 - 2014-08-01 21:49 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\FirestormOS_x64
2014-11-18 19:31 - 2014-08-28 18:45 - 00000224 _____ () C:\Users\Hoshi\BullseyeCoverageError.txt
2014-11-18 18:24 - 2014-05-17 18:23 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-11-18 18:24 - 2014-03-15 15:03 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-11-18 18:23 - 2014-03-15 15:03 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-11-18 18:15 - 2014-03-15 14:44 - 00000000 ___RD () C:\Users\Hoshi\Desktop\Programme
2014-11-18 15:27 - 2014-06-26 17:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-17 19:48 - 2014-03-20 17:26 - 00000000 ____D () C:\Users\Hoshi\Documents\My Games
2014-11-17 17:50 - 2014-03-15 14:44 - 00000000 ___RD () C:\Users\Hoshi\Desktop\Games
2014-11-17 17:50 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-17 16:58 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-15 18:32 - 2014-04-16 21:43 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\Winamp
2014-11-14 18:24 - 2014-03-15 13:09 - 00000000 ____D () C:\Users\Hoshi
2014-11-14 17:08 - 2014-05-11 09:47 - 00000000 ____D () C:\Windows\ulead.dat
2014-11-13 18:57 - 2014-03-15 14:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-13 18:57 - 2014-03-15 14:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 20:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web
2014-11-11 20:28 - 2014-03-19 17:23 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\uTorrent
2014-11-11 20:24 - 2014-06-26 17:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-11 20:24 - 2014-03-15 13:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-10 16:45 - 2014-03-15 14:32 - 00000000 ____D () C:\ProgramData\Skype
2014-11-08 18:52 - 2014-03-17 18:49 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\THQ
2014-11-07 15:21 - 2009-07-14 05:45 - 04996840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-05 08:53 - 2014-06-26 10:44 - 00000651 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-11-02 14:46 - 2014-05-11 11:10 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-02 09:26 - 2014-09-01 17:36 - 00000000 ____D () C:\Users\Hoshi\AppData\Local\Adobe
2014-11-01 14:01 - 2014-03-16 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-11-01 13:45 - 2014-04-20 00:03 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\DAEMON Tools Lite
2014-11-01 01:08 - 2014-03-26 16:05 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-11-01 00:46 - 2014-05-03 12:53 - 00000000 ____D () C:\Users\Hoshi\Documents\Euro Truck Simulator 2
2014-10-31 17:45 - 2014-03-15 13:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-31 15:42 - 2014-04-20 00:08 - 00001225 _____ () C:\Windows\eReg.dat
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 13:33 - 2014-04-13 19:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-29 13:33 - 2014-04-13 19:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-26 13:45 - 2014-04-13 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-25 08:58 - 2014-03-15 20:03 - 00000000 ____D () C:\Windows\Panther
2014-10-24 19:15 - 2014-03-15 15:03 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-24 19:09 - 2014-03-15 15:03 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-10-24 16:23 - 2014-08-01 21:49 - 00000000 ____D () C:\Users\Hoshi\AppData\Roaming\Firestorm_x64
2014-10-20 18:18 - 2014-03-15 15:03 - 00000000 ____D () C:\ProgramData\Package Cache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 13:32

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Geändert von Hoshi82 (19.11.2014 um 18:34 Uhr)

Alt 20.11.2014, 16:27   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint



Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen



Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.11.2014, 17:06   #11
Hoshi82
 
Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint



Ok, hab alles gemacht wie beschrieben und werd jetzt wohl mal abwarten müssen. Also gemeldet haben sich die Viren noch nicht wieder, denke das ist ein gutes Zeichen. Eine Frage hätte ich noch. Was genau hab ich mir da eingefangen und was macht es? Damit ich das evtl nachvollziehen kann und Demjenigen die Löffel langziehen kann , weil ich den PC nicht alleine nutze.

Alt 21.11.2014, 16:12   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint



Richtige Malware, und Adware. Woher ist nicht nachvolziehbar. Melde dich nochmal ob alles gut ist, dann räumen wir noch auf

Auf jeden Fall alle Passwörter ändern!
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.11.2014, 21:30   #13
Hoshi82
 
Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint



Also das hat sich seit 2 Tagen nicht mehr gemeldet. Sieht zumindest aus, das jetzt alles weg ist.

Alt 22.11.2014, 18:24   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.11.2014, 16:39   #15
Hoshi82
 
Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Standard

Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint



Alles bereinigt und noch keine Meldungen gehabt. Scheint alles weg zu sein. Danke nochmals

Antwort

Themen zu Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint
aufgetaucht, autostart, backdoor, datei gelöscht, defender, erscheint, erstell, essen, fehlercode 0x0, fehlercode 28, fehlercode windows, gelöscht, js/securitydisabler.a.gen, maleware, meldung, msconfig, namen, nicht mehr, offline, ordner, trojaner, win32/boaxxe.bu, win32/simda.at, win64/sathurbot.a, windows




Ähnliche Themen: Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint


  1. Bedrohungen in Local\Temp Ordner gefunden - Windows Befehlsprozessor erfragt Erlaubnis
    Plagegeister aller Art und deren Bekämpfung - 10.03.2015 (12)
  2. pop.optinal.globalupdate.a wird von malewarebytes gefunden, aber erscheint immer wieder
    Plagegeister aller Art und deren Bekämpfung - 13.08.2014 (15)
  3. TR Trash Gen wir jede Stunde gefunden und in Quarantäne verschoben. Erscheint immer wieder
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (5)
  4. Virus: Win32.Trojan.Agent.KV5KTJ gefunden in Datei: C:\User\xx\AppData\Local\Temp\is1070216317\798896_Setup.EXE
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (11)
  5. Internet wird immer wieder gebremst ? Backdoor.Agent.DCGen gefunden
    Log-Analyse und Auswertung - 04.02.2013 (15)
  6. Win32.Simda.C simuliert Windows Update
    Log-Analyse und Auswertung - 11.09.2012 (20)
  7. TrojWare.Win32.Simda.C@282510848 Kann mir jemand helfen!
    Log-Analyse und Auswertung - 07.06.2012 (3)
  8. Immer wieder Funde: BDS/Maxplus.B [backdoor] in C:\Users\***\AppData\Local\94ad51d2\U\800000cf.@
    Log-Analyse und Auswertung - 18.04.2012 (13)
  9. Immer wieder Trojaner in \AppData\Local\313845ff\U
    Log-Analyse und Auswertung - 16.03.2012 (5)
  10. Trojaner:Backdoor.Win32.SdBot.nci von Kaspersky gefunden.
    Plagegeister aller Art und deren Bekämpfung - 07.07.2011 (47)
  11. JAVA/Bytverify.I.1 und Backdoor.Win32.IRCBot!IK gefunden
    Plagegeister aller Art und deren Bekämpfung - 06.10.2010 (5)
  12. Gefunden: Backdoor.Win32.Shark.dxa
    Log-Analyse und Auswertung - 07.04.2009 (8)
  13. Backdoor.Win32.Small.or kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 06.07.2007 (9)
  14. backdoor.win32.rbot.gen gefunden
    Log-Analyse und Auswertung - 19.09.2006 (4)
  15. Backdoor.Win32.Cakl.a GEFUNDEN
    Plagegeister aller Art und deren Bekämpfung - 14.05.2006 (9)
  16. Backdoor.Win32.Rbot.gen gefunden in studio.exe
    Log-Analyse und Auswertung - 01.02.2005 (3)
  17. !!!! Backdoor.Win32.Rbot.gen trotz Neuansetzung immer noch da !!!!!
    Plagegeister aller Art und deren Bekämpfung - 16.01.2005 (1)

Zum Thema Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint - Habe vor 3 Tagen beide Viren gehabt und mit Maleware und MS Essential zig mal gescannt. Sogar mit MS Defender Offline BootCD erstellt und gescannt. Danach schien alles gut und - Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint...
Archiv
Du betrachtest: Backdoor: Win32/Simda.at gefunden und Trojaner der immer im Local-Ordner erscheint auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.