Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.11.2014, 11:17   #1
Peach32
 
Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus? - Ausrufezeichen

Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus?



Hallo,
Bin neu in dem Forum und hoofentlich richtig hier.

Hier mein System:
Betriebssystem: Windwos 8.1 und Windows 7 auf der 160GB Festplatte
Festplatten: 1TB und 160GB
Mainboard: Gigabyte GA-990FXA-UD5
Prozessor: AMD 8Kern FX-8350
Grafikkarte: SAPPHIRE HD 7870 GHz Edition OC 2GB GDDR5
Ram: 8GB GEIL
Netzteil: 650WATT
Tastatur: Sharkoon Skiller(geht ja jetzn nicht mehr)
Maus: Gigabyte ECO500

Also gestern habe ich mir auf gameladen.com ein Spiel gekauft, das ich für Steam in der Ukraine aktivieren muss.
Also lade ich mir wie es in der Anleitung steht CyberGhost5 herunt und installiere dieses.
Danach aktiviere ich das Spiel und alles bis jetzt gut.
Als ich nun etwas schreiben möchte, macht meine Tastaur irgendetwas.
Vor wut betätige ich viele Tasten der Tastatur. Erst machte die Taste "5" als ich sie gedrückt habe die Ausgabe "56" und danach öffnete sich wenn ich die Taste "5" betätigt habe der Broweser Firefox.
Zu erst gehe ich von einem Software Problem aus. Also öffne ich den Gerätemanager und deinstalliere die Treiber aller Eingabegeräte, doch das Problem bleibt. Okay, denke ich mir, dann vielleicht die Hardware, sodass ich die Tastatur erntferne und sie an den Laptop meines Vaters anschließe. Wenn ich jetzt die Tastatur betätigte, zeigte der Laptop die selben Probleme. Als mein Vater nun nach HAuse kommt und den Laptop benutzen will, funktionert die Laptopeigene Tastatur auch nicht mehr - Das selbe Problem. Das ist das erste was ich nicht verstehe. Kann ein Virus auf einer Tastaur sein?

Nagut, ich gehe also auf den Dachboden und besorge eine alte Tastatur mit dem alten PS2 Anschluss - Nicht USB - Schließe diese an meinen Desktop an und DAS SELBE PROBLEM. Genervt fahre ich den PC heruter. Als ich ihn kurz darauf wieder Starte - Ohne Internet verbindung ist das Problem nicht verschwunden - also schließe ich wieder alles an - Auch Internet - Und fahre den Pc herunter. Als ich ihn abends wieder starte ist das Problem verschwunden. Doch wenn ich jetzt meine Alte Tatatur anschließe währen der PC an ist, erscheint ein Bluescreen - AUF DEM PC WURDE EIN PROBLEM FESTGESTELLT - irgendwas von wegen "Securety Handle" oder so, oder ich schließe die Tastaur an und es tritt das selbe Problem auf - Die Tastaur spinnt - Wann was passier von den beiden Problemen, weiß ich nicht. Wenn ich die USB Tastatur angeschlossn lasse und dann Boote, kommt entweder das selbe Problem oder der PC steckt im "GIGABYTE" Bootscreen fest.

Das Problem auf dem Laptop ist immer noch nicht verschwunden.

Ich weiß nicht mehr weiter, benötige eure Hilfe.

MfG Peach

Alt 21.11.2014, 13:03   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus? - Standard

Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus?



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 21.11.2014, 13:14   #3
Peach32
 
Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus? - Standard

Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus?



Vielen Dank für die schnelle Antwort
FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by Vincent (administrator) on PEACH-DESKTOP on 21-11-2014 14:06:16
Running from C:\Users\Peach W\Downloads
Loaded Profile: Vincent (Available profiles: Vincent)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-20] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-06-27] (Power Software Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1803264 2012-06-07] (Game Inc.)
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\Run: [uTorrent] => C:\Users\Peach W\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-27] (BitTorrent Inc.)
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\Run: [OfficeSyncProcess] => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-07-17] (Unified Intents AB)
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\Run: [Spotify] => C:\Users\Peach W\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-06-04] (Spotify Ltd)
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\Run: [Spotify Web Helper] => C:\Users\Peach W\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-04] (Spotify Ltd)
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\Run: [Vidalia] => "C:\Program Files (x86)\Vidalia Relay Bundle\Vidalia\vidalia.exe"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\Run: [Google Update] => C:\Users\Peach W\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-29] (Google Inc.)
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\MountPoints2: E - "E:\setup.exe" 
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\MountPoints2: F - "F:\SETUP.EXE" 
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\MountPoints2: G - "G:\OriginInstaller.exe" 
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\MountPoints2: {5ad0f679-ab8e-11e3-bed0-902b34dc353c} - "E:\LGAutoRun.exe" 
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\MountPoints2: {76223eb5-d370-11e2-be70-902b34dc353c} - "E:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\MountPoints2: {76223ebd-d370-11e2-be70-902b34dc353c} - "E:\HTC_Sync_Manager_PC.exe" 
Startup: C:\Users\Peach W\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Peach W\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar19.lnk
ShortcutTarget: Sidebar19.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC379E56A788CCE01
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {DB5D14B0-4EEF-447D-A160-751346C462A5} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {DB5D14B0-4EEF-447D-A160-751346C462A5} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} URL = hxxp://www.basicserve.com/?prt=BASICSERVE111&sp=&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M261C82A3-5095-4530-A058-7D5E086116A6&SearchSource=58&CUI=&UM=6&UP=SPB0F39D54-2D44-4B17-980E-836976BB7090&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001 -> {DB5D14B0-4EEF-447D-A160-751346C462A5} URL = hxxp://www.sm.de/?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Peach W\AppData\Roaming\Mozilla\Firefox\Profiles\a36llbz4.default
FF DefaultSearchUrl: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF NetworkProxy: "ftp", "128.199.216.39"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "gopher", "128.199.216.39"
FF NetworkProxy: "gopher_port", 80
FF NetworkProxy: "http", "128.199.216.39"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "socks", "128.199.216.39"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "128.199.216.39"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> E:\VLC\VideoPlayer\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1575631535-2236727039-3554967969-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Peach W\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1575631535-2236727039-3554967969-1001: @talk.google.com/O1DPlugin -> C:\Users\Peach W\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1575631535-2236727039-3554967969-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Peach W\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1575631535-2236727039-3554967969-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Peach W\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1575631535-2236727039-3554967969-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1575631535-2236727039-3554967969-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Peach W\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Peach W\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Peach W\AppData\Roaming\Mozilla\Firefox\Profiles\a36llbz4.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Users\Peach W\AppData\Roaming\Mozilla\Firefox\Profiles\a36llbz4.default\searchplugins\search_engine.xml
FF SearchPlugin: C:\Users\Peach W\AppData\Roaming\Mozilla\Firefox\Profiles\a36llbz4.default\searchplugins\yahoo-avast.xml
FF Extension: GFACE Experience Plugin - C:\Users\Peach W\AppData\Roaming\Mozilla\Firefox\Profiles\a36llbz4.default\Extensions\cryenginebrowserplugin@crytek.com [2013-11-06]
FF Extension: anonymoX - C:\Users\Peach W\AppData\Roaming\Mozilla\Firefox\Profiles\a36llbz4.default\Extensions\client@anonymox.net.xpi [2014-09-03]
FF Extension: Adblock Plus - C:\Users\Peach W\AppData\Roaming\Mozilla\Firefox\Profiles\a36llbz4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-12-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-15]
FF HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

Chrome: 
=======
CHR Profile: C:\Users\Peach W\AppData\Local\Google\Chrome\User Data\default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-13] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-13] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-13] (Avast Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-14] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-11-08] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-11-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S3 HTCMonitorService; "C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe" [X]
S2 MeDM; C:\WINDOWS\SysWOW64\MeDM.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-13] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-13] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-13] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 GameKB; C:\Windows\system32\drivers\GameKB.sys [27648 2012-05-11] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-08-29] (The OpenVPN Project)
S3 SaiHFF0C; C:\Windows\system32\DRIVERS\SaiHFF0C.sys [171144 2007-05-01] (Saitek)
S3 SaiUFF0C; C:\Windows\system32\DRIVERS\SaiUFF0C.sys [34304 2007-05-01] (Saitek)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-13] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Peach W\AppData\Local\Temp\tmpE59.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 14:06 - 2014-11-21 14:07 - 00021554 _____ () C:\Users\Peach W\Downloads\FRST.txt
2014-11-21 14:05 - 2014-11-21 14:06 - 00000000 ____D () C:\FRST
2014-11-21 14:05 - 2014-11-21 14:05 - 02117632 _____ (Farbar) C:\Users\Peach W\Downloads\FRST64.exe
2014-11-21 12:28 - 2014-11-21 12:28 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-21 12:28 - 2014-11-21 12:28 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-21 12:28 - 2014-11-21 12:28 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-21 12:28 - 2014-11-21 12:28 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-21 12:27 - 2014-11-21 12:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-21 12:27 - 2014-11-21 12:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-21 12:18 - 2014-11-21 12:18 - 00000288 _____ () C:\Users\Peach W\Desktop\Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus - Trojaner-Board.URL
2014-11-21 07:09 - 2014-11-21 07:10 - 00280936 _____ () C:\WINDOWS\Minidump\112114-86406-01.dmp
2014-11-21 07:07 - 2014-11-21 07:07 - 00000000 _____ () C:\Recovery.txt
2014-11-20 16:48 - 2014-11-20 16:48 - 00280936 _____ () C:\WINDOWS\Minidump\112014-88906-01.dmp
2014-11-20 15:46 - 2014-11-21 07:11 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-11-20 15:33 - 2014-11-20 15:34 - 00005478 _____ () C:\WINDOWS\DPINST.LOG
2014-11-20 15:33 - 2014-11-20 15:33 - 00001904 _____ () C:\Users\Public\Desktop\SHARKOON Skiller Konfigurator.lnk
2014-11-20 15:33 - 2014-11-20 15:33 - 00000000 ____D () C:\Users\Peach W\AppData\Roaming\InstallShield
2014-11-20 15:33 - 2014-11-20 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Skiller
2014-11-20 15:33 - 2014-11-20 15:33 - 00000000 ____D () C:\Program Files (x86)\SHARKOON Skiller
2014-11-20 15:33 - 2012-05-11 15:24 - 00027648 _____ () C:\WINDOWS\system32\Drivers\GameKB.sys
2014-11-20 15:32 - 2014-11-20 15:32 - 34951671 _____ () C:\Users\Peach W\Downloads\20120810_skiller_zip_35086.zip
2014-11-20 14:44 - 2014-11-20 14:44 - 00000267 _____ () C:\Users\Peach W\Desktop\Tastatur schreibt falsche Zeichen!!!.URL
2014-11-20 14:23 - 2014-11-21 12:13 - 00002519 _____ () C:\Users\Peach W\Desktop\Neues Textdokument.txt
2014-11-20 14:14 - 2014-11-20 14:15 - 09629976 _____ (CyberGhost S.R.L. ) C:\Users\Peach W\Downloads\CG_5.0.14.7.exe
2014-11-20 13:46 - 2014-11-20 13:46 - 03394432 _____ (Informer Technologies, Inc. ) C:\Users\Peach W\Downloads\siinst.exe
2014-11-18 16:27 - 2014-11-18 16:28 - 12713235 _____ () C:\Users\Peach W\Downloads\theme(1).ZIP
2014-11-18 16:27 - 2014-11-18 16:27 - 12713235 _____ () C:\Users\Peach W\Downloads\theme(2).ZIP
2014-11-18 16:10 - 2014-11-18 16:01 - 00000123 _____ () C:\Users\Peach W\Desktop\FarCry 4.url
2014-11-18 15:31 - 2014-11-18 15:31 - 00001708 _____ () C:\Users\Peach W\Desktop\Uplay.lnk
2014-11-17 15:47 - 2014-11-17 15:47 - 00000213 _____ () C:\Users\Peach W\Desktop\Untitled.URL
2014-11-16 20:50 - 2014-11-16 20:50 - 00000237 _____ () C:\Users\Peach W\Desktop\Stereo.URL
2014-11-16 18:19 - 2014-11-16 18:19 - 00000000 ____D () C:\Users\Peach W\Documents\Benutzerdefinierte Office-Vorlagen
2014-11-16 18:14 - 2014-11-16 18:14 - 00880784 _____ (Google Inc.) C:\Users\Peach W\Downloads\GoogleVoiceAndVideoSetup(1).exe
2014-11-16 18:12 - 2014-11-16 18:12 - 00880784 _____ (Google Inc.) C:\Users\Peach W\Downloads\GoogleVoiceAndVideoSetup.exe
2014-11-15 10:26 - 2014-11-15 10:26 - 00000000 ____D () C:\Users\Peach W\Desktop\Schule
2014-11-14 19:50 - 2014-11-19 20:26 - 00000000 ____D () C:\Users\Peach W\Desktop\SurvivalQuestServer4.9
2014-11-14 19:49 - 2014-11-14 19:49 - 95301817 _____ () C:\Users\Peach W\Downloads\SurvivalQuestServer4.9(2).zip
2014-11-14 19:49 - 2014-11-14 19:49 - 95301817 _____ () C:\Users\Peach W\Downloads\SurvivalQuestServer4.9(1).zip
2014-11-13 22:40 - 2014-11-13 22:40 - 00000239 _____ () C:\Users\Peach W\Desktop\Premature online anschauen und downloaden - Kinofilm, Film Stream angucken auf Movie2k.tl Movie2k.to Movie4k.to.URL
2014-11-13 12:54 - 2014-11-13 12:54 - 00000000 ____D () C:\ProgramData\ATI
2014-11-13 07:38 - 2014-11-13 07:38 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-11-13 07:38 - 2014-11-13 07:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-11-13 07:28 - 2014-11-13 07:28 - 00060817 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201411130728541703.log
2014-11-13 07:28 - 2014-11-13 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-13 07:27 - 2014-11-13 07:27 - 00066560 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201411130727478889.log
2014-11-13 07:27 - 2014-11-13 07:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ATI
2014-11-13 07:27 - 2014-11-13 07:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\ATI
2014-11-13 07:26 - 2014-11-13 07:26 - 00000000 ____D () C:\AMD
2014-11-13 07:05 - 2014-11-13 07:04 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-11-13 07:05 - 2014-11-13 07:04 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-11-13 07:05 - 2014-11-13 07:04 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-11-13 07:05 - 2014-11-13 07:04 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-11-13 07:04 - 2014-11-13 07:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-13 07:02 - 2014-11-13 07:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-11-13 07:02 - 2014-11-13 07:02 - 00000000 ____D () C:\Program Files\7-Zip
2014-11-13 06:59 - 2014-11-13 06:59 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2014-11-13 06:59 - 2014-11-13 06:59 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-11-13 06:59 - 2014-11-13 06:59 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-11-13 06:55 - 2014-11-13 06:55 - 00001687 _____ () C:\Users\Peach W\Desktop\license.avastlic
2014-11-12 21:32 - 2014-11-12 21:33 - 00280936 _____ () C:\WINDOWS\Minidump\111214-52156-01.dmp
2014-11-12 16:56 - 2014-11-12 16:56 - 00000000 ____D () C:\Users\Peach W\Documents\OneNote-Notizbücher
2014-11-12 15:42 - 2014-11-12 15:42 - 00000398 _____ () C:\Users\Peach W\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Server (Y).lnk
2014-11-12 14:59 - 2014-11-12 14:59 - 00003195 _____ () C:\Users\Peach W\Desktop\SkyDrive Pro 2013.lnk
2014-11-12 14:59 - 2014-11-12 14:59 - 00003053 _____ () C:\Users\Peach W\Desktop\Excel 2013.lnk
2014-11-12 14:59 - 2014-11-12 14:59 - 00003031 _____ () C:\Users\Peach W\Desktop\Word 2013.lnk
2014-11-12 14:59 - 2014-11-12 14:59 - 00002953 _____ () C:\Users\Peach W\Desktop\Publisher 2013.lnk
2014-11-12 14:59 - 2014-11-12 14:59 - 00002953 _____ () C:\Users\Peach W\Desktop\PowerPoint 2013.lnk
2014-11-12 14:59 - 2014-11-12 14:59 - 00002880 _____ () C:\Users\Peach W\Desktop\Outlook 2013.lnk
2014-11-12 14:59 - 2014-11-12 14:59 - 00002855 _____ () C:\Users\Peach W\Desktop\OneNote 2013.lnk
2014-11-12 14:54 - 2014-11-12 14:54 - 00002131 _____ () C:\Users\Peach W\Desktop\IJ Scan Utility.lnk
2014-11-12 14:48 - 2014-11-13 07:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-12 14:48 - 2014-11-12 14:48 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-11-12 14:47 - 2014-11-12 14:47 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-11-12 14:46 - 2014-11-12 14:47 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-11-12 14:46 - 2014-11-12 14:46 - 00000000 __RHD () C:\MSOCache
2014-11-12 14:46 - 2014-11-12 14:46 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-11-12 14:46 - 2014-11-12 14:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-12 14:46 - 2014-11-12 14:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-11-12 14:45 - 2014-11-12 14:46 - 00000197 _____ () C:\WINDOWS\system32\2014-11-12-13-45-27.068-AvastVBoxSVC.exe-4460.log
2014-11-12 14:25 - 2014-11-12 14:27 - 746719232 _____ () C:\Users\Peach W\Documents\OFF13SD64.ISO
2014-11-11 21:09 - 2014-11-11 21:10 - 18755678 _____ () C:\Users\Peach W\Downloads\Psycho Dad Chainsaws Xbox One.avi
2014-11-09 18:06 - 2014-11-09 18:10 - 329930248 _____ (Microsoft Corporation) C:\Users\Peach W\Downloads\MicrosoftInstaller.exe
2014-11-09 14:15 - 2014-11-09 14:16 - 00000247 _____ () C:\WINDOWS\system32\2014-11-09-13-15-53.025-aswFe.exe-6992.log
2014-11-09 13:58 - 2014-11-09 14:15 - 00000247 _____ () C:\WINDOWS\system32\2014-11-09-12-58-49.099-aswFe.exe-4108.log
2014-11-09 13:58 - 2014-11-09 13:58 - 00000197 _____ () C:\WINDOWS\system32\2014-11-09-12-58-39.084-AvastVBoxSVC.exe-3376.log
2014-11-09 13:37 - 2014-11-09 13:37 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2014-11-09 13:37 - 2014-11-09 13:37 - 00000000 ____D () C:\WINDOWS\system32\vbox
2014-11-08 20:24 - 2014-11-08 20:24 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2014-11-08 18:31 - 2014-11-08 18:31 - 01402920 _____ () C:\Users\Peach W\Downloads\battlelog-web-plugins_2.5.1_149.exe
2014-11-08 15:57 - 2014-11-18 16:03 - 00035254 _____ () C:\WINDOWS\DirectX.log
2014-11-08 10:42 - 2014-11-08 10:44 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-11-08 10:42 - 2014-11-08 10:42 - 00000000 ____D () C:\Users\Peach W\AppData\Roaming\Canon
2014-11-07 22:43 - 2014-11-07 22:44 - 00000000 ____D () C:\Users\Peach W\AppData\Roaming\RealHorrorStories.GameORE
2014-11-07 22:22 - 2014-11-12 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-11-07 22:21 - 2014-11-07 22:21 - 00000000 ____D () C:\WINDOWS\system32\STRING
2014-11-07 22:21 - 2014-11-07 22:21 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2014-11-07 22:21 - 2013-02-04 15:10 - 00321536 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BRL.dll
2014-11-07 22:21 - 2013-01-24 16:24 - 00359936 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
2014-11-07 22:21 - 2013-01-24 16:24 - 00039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
2014-11-07 22:21 - 2013-01-24 16:23 - 00366592 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2014-11-07 22:21 - 2012-11-08 13:11 - 00096000 _____ () C:\WINDOWS\SysWOW64\CNC1772D.TBL
2014-11-07 22:21 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2014-11-07 22:20 - 2014-11-07 22:21 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-11-07 21:36 - 2014-11-09 16:52 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-07 21:33 - 2014-11-07 21:33 - 00000000 ___HD () C:\ProgramData\CanonIJETV
2014-11-07 21:32 - 2014-11-12 14:42 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-11-06 17:37 - 2014-11-06 17:37 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-11-06 17:36 - 2013-03-24 05:00 - 00391168 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBR.DLL
2014-10-31 19:48 - 2014-11-20 20:16 - 00348928 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-10-31 19:48 - 2014-11-20 20:16 - 00280904 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-10-26 16:23 - 2014-10-26 16:24 - 00000000 ____D () C:\Users\Peach W\.VirtualBox
2014-10-26 16:22 - 2013-04-12 11:41 - 00237840 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2014-10-26 16:21 - 2013-04-12 11:40 - 00120080 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2014-10-26 16:20 - 2014-11-12 15:21 - 00000000 ____D () C:\Users\Peach W\AppData\Local\Genymobile
2014-10-26 16:20 - 2014-10-26 16:20 - 00049653 _____ () C:\Users\Peach W\genymotion-log.zip
2014-10-22 20:45 - 2014-11-13 12:53 - 00023392 _____ () C:\WINDOWS\PFRO.log
2014-10-22 19:17 - 2014-11-13 14:41 - 00002256 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2014-10-22 19:17 - 2014-11-13 07:00 - 00001946 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2014-10-22 19:17 - 2014-10-22 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 14:06 - 2013-12-11 13:12 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-21 14:03 - 2014-10-11 20:58 - 01563715 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-21 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-21 13:59 - 2013-06-07 18:47 - 00000000 ____D () C:\Users\Peach W\AppData\Roaming\Skype
2014-11-21 13:43 - 2013-06-07 20:52 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-21 13:17 - 2014-09-29 14:40 - 00001156 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1575631535-2236727039-3554967969-1001UA.job
2014-11-21 12:28 - 2013-06-07 18:35 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1575631535-2236727039-3554967969-1001
2014-11-21 12:19 - 2013-09-30 05:14 - 00005692 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-21 12:19 - 2013-09-30 04:56 - 01645036 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-21 12:19 - 2013-09-30 04:56 - 00432818 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-21 11:30 - 2014-08-13 18:23 - 00000390 _____ () C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2014-11-21 07:28 - 2013-11-26 08:06 - 00000000 ____D () C:\Users\Peach W
2014-11-21 07:14 - 2013-07-30 01:12 - 00000000 ____D () C:\Program Files (x86)\Opera Next
2014-11-21 07:13 - 2014-08-23 10:47 - 00000000 ____D () C:\Users\Peach W\AppData\Local\Adobe
2014-11-21 07:11 - 2013-06-07 20:18 - 04403712 ___SH () C:\Users\Peach W\Desktop\Thumbs.db
2014-11-21 07:09 - 2013-12-03 21:53 - 00000292 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2014-11-21 07:09 - 2013-11-30 18:39 - 00000000 ____D () C:\WINDOWS\Minidump
2014-11-21 07:09 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-20 21:19 - 2013-12-17 17:14 - 00000000 ____D () C:\ProgramData\Origin
2014-11-20 20:16 - 2013-06-28 17:17 - 00348928 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-11-20 20:15 - 2014-05-29 11:24 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-20 18:23 - 2014-09-29 14:40 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1575631535-2236727039-3554967969-1001Core.job
2014-11-20 17:52 - 2014-10-13 22:27 - 00005165 _____ () C:\WINDOWS\setupact.log
2014-11-20 15:39 - 2014-02-15 13:19 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-11-20 15:39 - 2013-08-22 15:44 - 05145144 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-20 15:33 - 2014-02-24 16:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-20 14:53 - 2013-06-07 18:29 - 00000000 ____D () C:\Users\Peach W\AppData\Local\Packages
2014-11-20 14:46 - 2014-10-09 13:51 - 00000000 ___RD () C:\Users\Peach W\Desktop\Games
2014-11-20 14:28 - 2013-06-07 20:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-20 14:27 - 2014-04-15 16:08 - 00000000 ____D () C:\Users\Peach W\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-19 20:14 - 2013-08-09 19:57 - 00000000 ____D () C:\Users\Peach W\AppData\Roaming\.minecraft
2014-11-18 16:28 - 2014-01-05 15:16 - 00230912 ___SH () C:\Users\Peach W\Downloads\Thumbs.db
2014-11-18 16:21 - 2013-12-24 13:15 - 00000000 ____D () C:\Users\Peach W\Documents\My Games
2014-11-18 15:06 - 2014-02-23 18:43 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-11-17 20:08 - 2014-08-24 14:09 - 00000000 ____D () C:\Users\Peach W\Desktop\1.8 SRV
2014-11-17 16:27 - 2014-09-15 14:56 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera beta.lnk
2014-11-17 16:27 - 2014-05-20 19:27 - 00003872 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1375143143
2014-11-16 18:12 - 2014-09-29 14:40 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1575631535-2236727039-3554967969-1001UA
2014-11-16 18:12 - 2014-09-29 14:40 - 00003726 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1575631535-2236727039-3554967969-1001Core
2014-11-13 07:57 - 2013-06-08 09:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 07:47 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-13 07:47 - 2012-07-26 06:26 - 00000167 _____ () C:\WINDOWS\win.ini
2014-11-13 07:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-13 07:34 - 2013-09-08 17:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-13 07:32 - 2013-06-08 19:01 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-13 07:28 - 2014-05-29 17:39 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-11-13 07:28 - 2013-12-17 16:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-13 07:05 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-13 06:59 - 2014-04-26 23:37 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-11-13 06:59 - 2014-02-15 13:19 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-13 06:59 - 2014-02-15 13:19 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-11-13 06:59 - 2014-02-15 13:19 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-11-13 06:59 - 2014-02-15 13:19 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-11-13 06:59 - 2014-02-15 13:19 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-11-13 06:59 - 2014-02-15 13:19 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-11-13 06:59 - 2014-02-15 13:19 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-11-13 06:59 - 2014-02-15 13:19 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-11-12 22:02 - 2014-01-17 20:14 - 00000000 ___RD () C:\Users\Peach W\Dropbox
2014-11-12 21:56 - 2014-01-17 20:07 - 00000000 ____D () C:\Users\Peach W\AppData\Roaming\Dropbox
2014-11-12 16:26 - 2013-06-08 09:51 - 00000000 ____D () C:\Users\Peach W\AppData\Local\Microsoft Help
2014-11-12 15:43 - 2013-06-10 06:17 - 00000463 _____ () C:\Users\Peach W\Desktop\Server.lnk
2014-11-12 15:25 - 2014-08-13 00:37 - 00000000 ____D () C:\Program Files (x86)\nLite
2014-11-12 15:05 - 2014-01-04 20:55 - 00000000 ____D () C:\Users\Peach W\Documents\Arduino
2014-11-12 14:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-12 14:48 - 2013-09-30 04:59 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-11-12 14:27 - 2013-11-26 07:55 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-11-11 20:43 - 2013-06-07 20:52 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-11-11 18:34 - 2013-10-01 15:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-11 14:55 - 2013-11-15 13:24 - 00000000 ____D () C:\Users\Peach W\AppData\Local\Google
2014-11-11 14:55 - 2013-07-09 21:16 - 00000000 ____D () C:\Users\Peach W\AppData\Roaming\Mozilla
2014-11-09 13:32 - 2014-05-29 17:56 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-11-08 15:58 - 2013-06-28 17:16 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-11-08 15:14 - 2013-07-11 00:09 - 00000000 ____D () C:\Users\Peach W\AppData\Roaming\vlc
2014-11-08 15:05 - 2014-02-13 20:37 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-11-08 15:03 - 2014-05-29 11:25 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-11-08 11:10 - 2013-06-10 10:27 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-07 23:23 - 2013-06-08 08:52 - 00000000 ____D () C:\Users\Peach W\AppData\Roaming\uTorrent
2014-11-07 22:39 - 2014-02-16 13:19 - 00000000 ____D () C:\Users\Peach W\AppData\Local\wf-launcher
2014-11-07 22:39 - 2013-09-13 21:42 - 00000000 ____D () C:\ProgramData\GFACE
2014-11-07 22:21 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-06 20:49 - 2014-06-01 02:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
2014-11-06 19:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-11-04 17:03 - 2013-11-30 14:42 - 00000000 ____D () C:\Program Files (x86)\eclipse
2014-10-31 19:32 - 2014-10-02 13:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-31 19:32 - 2013-06-07 18:47 - 00000000 ____D () C:\ProgramData\Skype
2014-10-30 01:55 - 2013-08-22 16:38 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-30 01:55 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-26 21:07 - 2014-10-06 14:00 - 00000000 ____D () C:\Users\Peach W\Desktop\Spigot Adv bauen
2014-10-24 12:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-10-22 19:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

Some content of TEMP:
====================
C:\Users\Peach W\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpltgwna.dll
C:\Users\Peach W\AppData\Local\Temp\jansi-64-git-Spigot-1649.dll
C:\Users\Peach W\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Peach W\AppData\Local\Temp\Nexus%20Mod%20Manager-0.52.3.exe
C:\Users\Peach W\AppData\Local\Temp\ose00000.exe
C:\Users\Peach W\AppData\Local\Temp\ose00001.exe
C:\Users\Peach W\AppData\Local\Temp\proxy_vole5859710200247744577.dll
C:\Users\Peach W\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Peach W\AppData\Local\Temp\sonarinst.exe
C:\Users\Peach W\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-21 07:28

==================== End Of Log ============================
         
--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by Vincent at 2014-11-21 14:07:23
Running from C:\Users\Peach W\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23028 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.01 - Canon Inc.)
Catalyst Control Center - Branding (HKLM-x32\...\{25A3B953-1423-3F15-640E-B620DD0F419A}) (Version:  - )
Day of Defeat (HKLM-x32\...\Steam App 30) (Version:  - Valve)
Dead Rising 3 (HKLM-x32\...\Steam App 265550) (Version:  - Capcom Game Studio Vancouver)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dropbox (HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
FileZilla Client 3.8.0 (HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.1 - Black Tree Gaming)
Opera beta 26.0.1656.20 (HKLM-x32\...\Opera 26.0.1656.20) (Version: 26.0.1656.20 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version:  - Croteam)
Serious Sam: The Random Encounter (HKLM-x32\...\Steam App 201480) (Version:  - Vlambeer)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0012-0000-1000-0000000FF1CE}_Office15.STANDARD_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spore (HKLM-x32\...\Steam App 17390) (Version:  - Maxis™)
Spotify (HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
TeamSpeak 3 Client (HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows-Treiberpaket - Arduino LLC (www.arduino.cc) Arduino USB Driver (01/04/2013 1.0.0.0) (HKLM\...\1E3EA5624DD04BEFECF3FFF6D3A21CCE9CD70A91) (Version: 01/04/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Peach W\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Peach W\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Peach W\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{3DD12613-1A9C-48A6-8691-4CBA20BB7B31}\InprocServer32 -> C:\Users\Peach W\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GlassyCPUMonitor.gadget\Release\ProcessMonitor64.dll (TODO: <Firmenname>)
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Peach W\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Peach W\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Peach W\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peach W\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peach W\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peach W\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peach W\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peach W\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peach W\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peach W\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1575631535-2236727039-3554967969-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peach W\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

06-11-2014 15:43:30 Windows Modules Installer
08-11-2014 14:56:17 DirectX wurde installiert
11-11-2014 16:41:24 Windows Update
13-11-2014 05:57:43 avast! antivirus system restore point
14-11-2014 18:32:14 Windows Modules Installer
18-11-2014 14:01:14 Windows Update
18-11-2014 14:02:47 Windows Modules Installer
20-11-2014 14:33:19 Installiert SHARKOON Skiller

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00624009-FFBA-4372-8DDA-F1ABD3776DC5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-13] (Microsoft Corporation)
Task: {07DCF13C-CC89-4CE7-9CCE-BF540F8900AC} - System32\Tasks\PCMeter\Startup => C:\Program Files\PCMeterV4\PCMeterV0.4.exe
Task: {1B30A4A1-CEC8-46E6-B593-4ED0682E7959} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {25692E3C-9FA2-4505-9C04-7D3CC31ECB27} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3556770C-D0AC-4461-B228-1A613E3B8893} - System32\Tasks\Opera scheduled Autoupdate 1375143143 => C:\Program Files (x86)\Opera Next\launcher.exe [2014-11-17] (Opera Software)
Task: {38584C47-8633-4411-BDBD-BDE4EDCB2FDC} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {42A14FFD-813A-4E1F-9F1B-3FE1A927A19B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1575631535-2236727039-3554967969-1001Core => C:\Users\Peach W\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {5610E3F2-13E0-4E87-9DF5-00B6729BB5D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {646C7FA3-320E-4E6C-A3BE-8E5ED5E46D35} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {78D11AAA-2DC0-4617-B95D-A66524DA4D2D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PEACH-DESKTOP-Vincent Peach-Desktop => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {7C57790B-F430-4DDB-A2D7-98891D8B92C0} - System32\Tasks\AdobeAAMUpdater-1.0-Peach-PC-Vincent => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {7C6B6F10-5994-4454-94D7-15C3AAD90B08} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {84B86D34-6F91-4C1F-A681-FDEAE7AC4E4A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {92F3A226-16D0-44C3-A608-3354B550CC1F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-13] (AVAST Software)
Task: {F513C060-E336-41CC-94DD-D0BE6033C30A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {F853FACA-CD7B-491A-85F1-243F6FB80036} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1575631535-2236727039-3554967969-1001UA => C:\Users\Peach W\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1575631535-2236727039-3554967969-1001Core.job => C:\Users\Peach W\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1575631535-2236727039-3554967969-1001UA.job => C:\Users\Peach W\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-07 22:25 - 2013-05-14 18:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-11-08 20:24 - 2014-11-08 20:24 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-11-19 16:38 - 2014-11-19 16:38 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111900\algo.dll
2014-11-13 06:59 - 2014-11-13 06:59 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-01 15:48 - 2014-11-11 18:34 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "20131121"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "GamingKeyboard"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\StartupFolder: => "Severe Weather Alerts.lnk"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\StartupFolder: => "Severe Weather Alerts App.lnk"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\StartupFolder: => "Sidebar19.lnk"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\Run: => "LiveSupport"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\Run: => "Unified Remote v2"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\Run: => "Comrade.exe"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\Run: => "Vidalia"
HKU\S-1-5-21-1575631535-2236727039-3554967969-1001\...\StartupApproved\Run: => "Google Update"

========================= Accounts: ==========================

Administrator (S-1-5-21-1575631535-2236727039-3554967969-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1575631535-2236727039-3554967969-1060 - Limited - Enabled)
Gast (S-1-5-21-1575631535-2236727039-3554967969-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1575631535-2236727039-3554967969-1057 - Limited - Enabled)
Vincent (S-1-5-21-1575631535-2236727039-3554967969-1001 - Administrator - Enabled) => C:\Users\Peach W

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2014 00:19:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (11/21/2014 00:19:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/21/2014 00:19:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/20/2014 06:29:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (11/20/2014 06:29:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/20/2014 06:29:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/20/2014 06:24:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (11/20/2014 06:24:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/20/2014 06:24:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/20/2014 05:56:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.


System errors:
=============
Error: (11/21/2014 00:38:50 PM) (Source: DCOM) (EventID: 10010) (User: PEACH-DESKTOP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/21/2014 00:38:20 PM) (Source: DCOM) (EventID: 10010) (User: PEACH-DESKTOP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/21/2014 11:41:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070003 fehlgeschlagen: Windows 8.1 Update für x64-basierte Systeme (KB2919355)

Error: (11/21/2014 11:34:00 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (11/21/2014 11:31:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070003 fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB2894853)

Error: (11/21/2014 07:28:31 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (11/21/2014 07:10:06 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000139 (0x0000000000000003, 0xffffd0002af262b0, 0xffffd0002af26208, 0x0000000000000000)C:\WINDOWS\MEMORY.DMP112114-86406-01

Error: (11/21/2014 07:09:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/21/2014 07:09:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MeDM" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/21/2014 07:09:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (11/21/2014 00:19:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (11/21/2014 00:19:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (11/21/2014 00:19:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (11/20/2014 06:29:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (11/20/2014 06:29:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (11/20/2014 06:29:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (11/20/2014 06:24:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (11/20/2014 06:24:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (11/20/2014 06:24:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (11/20/2014 05:56:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000


CodeIntegrity Errors:
===================================
  Date: 2014-04-27 23:05:36.192
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-27 23:05:35.770
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-27 23:05:35.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-27 23:05:34.723
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-27 23:05:34.505
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-27 23:05:34.348
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-27 23:05:33.161
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-27 23:05:31.255
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-27 23:05:31.114
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-04-27 23:05:30.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD FX(tm)-8350 Eight-Core Processor 
Percentage of memory in use: 39%
Total physical RAM: 8159.73 MB
Available physical RAM: 4973.18 MB
Total Pagefile: 16351.73 MB
Available Pagefile: 12737.9 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:19.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 415963CF)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 22.11.2014, 11:06   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus? - Standard

Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus?



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.11.2014, 09:00   #5
Peach32
 
Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus? - Standard

Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus?



Habe ich geamcht, nichts gefunden.

Anhang 70986

MfG Peach


Alt 24.11.2014, 07:48   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus? - Standard

Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus?



Logs sind sauber, da ist keine Malware.

Niemals nen Keyboard im laufenden Betrieb an und abstecken. Ich denke dass Keyboard ist defekt, und zwar so, dass es auch gleich den Laptop beim versuchsweise Anklemmen durcheinander gebracht hat.
__________________
--> Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus?

Antwort

Themen zu Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus?
anschluss, bluescreen, bluescreen 0x00000139, cyberghost, fehlercode windows, festgestellt, laptop, problem, secure, spinnt, spyhunter, spyhunter entfernen, tastatur spinnt, tastatur-virus, tastaturtreibern, tastaur, treiber, usb, verbindung, verschwunden, virus



Ähnliche Themen: Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus?


  1. Tastatur spinnt
    Plagegeister aller Art und deren Bekämpfung - 30.04.2015 (3)
  2. tastatur spinnt rum virus?
    Alles rund um Windows - 05.12.2014 (2)
  3. Tastatur spinnt
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (5)
  4. Tastatur spinnt!
    Log-Analyse und Auswertung - 24.10.2013 (5)
  5. Asus-Laptop, Tastatur spinnt, Programme auf Desktop flackern und blinken
    Antiviren-, Firewall- und andere Schutzprogramme - 17.09.2013 (7)
  6. Laptop wurde vom GVU Virus/Trojaner befallen
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (73)
  7. Laptop mit GVU/BSI-Virus befallen
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (22)
  8. Laptop von Trojaner Virus atraps.gen 2 / TR/Small.FI befallen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (18)
  9. 100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop
    Plagegeister aller Art und deren Bekämpfung - 07.04.2012 (6)
  10. Bootsektor Virus hat meinen Laptop befallen
    Plagegeister aller Art und deren Bekämpfung - 09.10.2009 (23)
  11. Virus ? Tastatur spinnt, Dateien öffnen sich etc.
    Plagegeister aller Art und deren Bekämpfung - 01.05.2009 (1)
  12. laptop spinnt, dau braucht hilfe...
    Log-Analyse und Auswertung - 16.02.2009 (6)
  13. Hilfe - Laptop spinnt!!!
    Mülltonne - 05.02.2009 (0)
  14. Laptop spinnt total - Virus???
    Log-Analyse und Auswertung - 08.09.2008 (3)
  15. Tastatur spinnt Hilfe
    Netzwerk und Hardware - 13.08.2008 (12)
  16. Meine Tastatur spinnt, ist es ein Virus?
    Plagegeister aller Art und deren Bekämpfung - 13.07.2008 (2)
  17. Laptop Tastatur spinnt, Booten mit Mehrfachpiepsen(50x)..Pc schreibt von alleine?!?
    Log-Analyse und Auswertung - 04.04.2007 (4)

Zum Thema Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus? - Hallo, Bin neu in dem Forum und hoofentlich richtig hier. Hier mein System: Betriebssystem: Windwos 8.1 und Windows 7 auf der 160GB Festplatte Festplatten: 1TB und 160GB Mainboard: Gigabyte GA-990FXA-UD5 - Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus?...
Archiv
Du betrachtest: Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.