Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Pc voll mit Malware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.12.2014, 15:37   #1
Crounty
 
Pc voll mit Malware - Standard

Pc voll mit Malware



Hallo Leute,
hab einen Pc voll mit Malware gefunden, brauche deswegen eure Hilfe damit dieser wieder läuft.


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Pk (administrator) on OUAILS-PC on 19-12-2014 16:30:53
Running from C:\Users\Pk\Downloads
Loaded Profile: Pk (Available profiles: Pk & ouali_000)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\PC Speed Up\PCSUService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\LPT\srpts.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Object Browser) C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6.exe
() C:\Program Files (x86)\LPT\srptsl.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\Pk\AppData\Local\Smartbar\Application\Lrcnta.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-10-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-11-17] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90368 2014-11-20] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [403568 2014-04-14] (CyberGhost S.R.L.)
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Pk\AppData\Local\Smartbar\Application\Smartbar.exe [28192 2014-11-19] (Smartbar)
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader)
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [300840 2014-08-08] ()
AppInit_DLLs: C:\Users\Pk\AppData\Local\Smartbar\Application\Resources\crdlil64.dll => C:\Users\Pk\AppData\Local\Smartbar\Application\Resources\crdlil64.dll [71680 2014-12-03] ()
AppInit_DLLs-x32: C:\Users\Pk\AppData\Local\Smartbar\Application\Resources\crdlil.dll => C:\Users\Pk\AppData\Local\Smartbar\Application\Resources\crdlil.dll [60416 2014-12-03] ()
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2902429972-443509965-4274997157-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2902429972-443509965-4274997157-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2902429972-443509965-4274997157-1001] => http=127.0.0.1:49763;https=127.0.0.1:49763
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kTAeo-yisldtUXwYZM4gk781H07MAE8GscmBuBf3AobnTPL3xS6USzQr3hdsNA,
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2902429972-443509965-4274997157-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2902429972-443509965-4274997157-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}
BHO: Ge-Force -> {11111111-1111-1111-1111-110611191111} -> C:\Program Files (x86)\Ge-Force\Ge-Force-bho64.dll No File
BHO: Sense -> {11111111-1111-1111-1111-110611811153} -> C:\Program Files (x86)\Sense\Sense-bho64.dll (Object Browser)
BHO: No Name -> {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} ->  No File
BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Sense -> {11111111-1111-1111-1111-110611811153} -> C:\Program Files (x86)\Sense\Sense-bho.dll (Object Browser)
BHO-x32: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Caramava -> {f0913486-1b23-46b2-a8ad-dbfc98421f73} -> C:\Program Files (x86)\Caramava\Caramavabho.dll (Caramava)
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2902429972-443509965-4274997157-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MB3038653-7474-418E-BF69-1EF568F15448&SearchSource=55&CUI=&UM=5&UP=SP59E9C460-1DD9-413E-AB72-B1C5C5FEBACB&SSPV=
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://www.sweet-page.com/?type=hp&ts=1402321604&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402323183&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402324645&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402328681&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402331885&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402338859&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402339144&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402354800&from=cor&uid=ST9500325AS_6VEF8HFW"
CHR Profile: C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Google Drive) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Battlefield Heroes) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-05-24]
CHR Extension: (Google-Suche) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (deoodoglhbmpafkajmlggnjnngdclnie) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoodoglhbmpafkajmlggnjnngdclnie [2014-12-09]
CHR Extension: (Sense) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdiimmpmdoofmahingpgabiikimjgcia [2014-12-10]
CHR Extension: (V-bates) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip [2014-04-23]
CHR Extension: (Google Wallet) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Google Mail) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-17] (Acer Incorporated)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-14] (CyberGhost S.R.L)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-10-02] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-09-20] (WildTangent)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-03] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-03] (globalUpdate) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-11-14] (LogMeIn, Inc.)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32800 2014-11-19] () <==== ATTENTION
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [430888 2014-08-08] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-25] ()
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-01] (LogMeIn Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2014-08-25] (YTDownloader)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
R4 SPDRIVER_1.38.0.1425; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1425\jsdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 16:30 - 2014-12-19 16:32 - 00023792 _____ () C:\Users\Pk\Downloads\FRST.txt
2014-12-19 16:30 - 2014-12-19 16:31 - 00000000 ___DC () C:\FRST
2014-12-19 16:18 - 2014-12-19 16:18 - 02121216 _____ (Farbar) C:\Users\Pk\Downloads\FRST64.exe
2014-12-19 16:17 - 2014-12-19 16:17 - 00001284 _____ () C:\Users\Pk\Desktop\Revo Uninstaller.lnk
2014-12-19 16:17 - 2014-12-19 16:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-16 16:15 - 2014-12-16 16:15 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
2014-12-14 11:23 - 2014-12-14 11:38 - 00000459 _____ () C:\Users\Pk\.swfinfo
2014-12-10 19:32 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 19:32 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 19:31 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 19:31 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 19:31 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 19:31 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 18:12 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 18:12 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 18:12 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 18:12 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 18:12 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 18:12 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 18:12 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 18:12 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 18:12 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 18:12 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 18:12 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-10 18:11 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 18:11 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 18:11 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 18:11 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 18:11 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 18:11 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 18:11 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 18:11 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 18:11 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 18:11 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 18:11 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 18:11 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 18:11 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 18:11 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 18:11 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 18:11 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 18:11 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 18:11 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 18:11 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 18:11 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 18:11 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 18:11 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 18:11 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 18:11 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 18:11 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 18:11 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 18:11 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 18:11 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 18:11 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 18:11 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 18:11 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-06 12:51 - 2014-12-06 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-06 12:49 - 2014-12-06 12:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-06 12:49 - 2014-12-06 12:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-06 11:59 - 2014-12-06 11:59 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\.technic
2014-12-03 15:32 - 2014-12-19 15:39 - 00003416 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-1.job
2014-12-03 15:32 - 2014-12-19 15:39 - 00002778 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5_user.job
2014-12-03 15:32 - 2014-12-19 15:39 - 00002778 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5.job
2014-12-03 15:32 - 2014-12-19 15:39 - 00002772 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5_user.job
2014-12-03 15:32 - 2014-12-19 15:39 - 00002772 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5.job
2014-12-03 15:32 - 2014-12-19 15:39 - 00002434 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-2.job
2014-12-03 15:32 - 2014-12-19 15:39 - 00002428 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2.job
2014-12-03 15:32 - 2014-12-03 15:32 - 01363424 _____ (Object Browser) C:\Users\Pk\AppData\Roaming\UQ.exe
2014-12-03 15:32 - 2014-12-03 15:32 - 00006420 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-1
2014-12-03 15:32 - 2014-12-03 15:32 - 00005782 _____ () C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5
2014-12-03 15:32 - 2014-12-03 15:32 - 00005776 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5
2014-12-03 15:32 - 2014-12-03 15:32 - 00005438 _____ () C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-2
2014-12-03 15:32 - 2014-12-03 15:32 - 00005432 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2
2014-12-03 15:31 - 2014-12-19 16:31 - 00005850 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-6.job
2014-12-03 15:31 - 2014-12-19 16:31 - 00005844 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00005844 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00005508 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-11.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00005506 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-7.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00005502 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00004482 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-4.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00004476 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00003796 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00003772 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-1.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00000918 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-12-03 15:31 - 2014-12-16 15:36 - 00000922 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-12-03 15:31 - 2014-12-03 15:31 - 02002912 _____ (Object Browser) C:\Users\Pk\AppData\Roaming\WEFLS.exe
2014-12-03 15:31 - 2014-12-03 15:31 - 00008854 _____ () C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-6
2014-12-03 15:31 - 2014-12-03 15:31 - 00008848 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7
2014-12-03 15:31 - 2014-12-03 15:31 - 00008848 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6
2014-12-03 15:31 - 2014-12-03 15:31 - 00008512 _____ () C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-11
2014-12-03 15:31 - 2014-12-03 15:31 - 00008510 _____ () C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-7
2014-12-03 15:31 - 2014-12-03 15:31 - 00008506 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11
2014-12-03 15:31 - 2014-12-03 15:31 - 00007486 _____ () C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-4
2014-12-03 15:31 - 2014-12-03 15:31 - 00007480 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4
2014-12-03 15:31 - 2014-12-03 15:31 - 00006800 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3
2014-12-03 15:31 - 2014-12-03 15:31 - 00006776 _____ () C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-1
2014-12-03 15:31 - 2014-12-03 15:31 - 00003894 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-12-03 15:31 - 2014-12-03 15:31 - 00003658 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-12-03 15:31 - 2014-12-03 15:31 - 00000000 ____D () C:\Program Files (x86)\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8
2014-12-03 15:31 - 2014-12-03 15:31 - 00000000 ____D () C:\Program Files (x86)\3a61f36b-5e00-4615-847d-0d7a34dfcb15
2014-12-03 15:30 - 2014-12-19 16:18 - 00000354 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2014-12-03 15:30 - 2014-12-19 15:43 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-12-03 15:30 - 2014-12-03 15:32 - 00000000 ____D () C:\Program Files (x86)\Sense
2014-12-03 15:30 - 2014-12-03 15:30 - 00002716 _____ () C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator
2014-12-03 15:30 - 2014-12-03 15:30 - 00001064 _____ () C:\Users\Pk\Desktop\PC Speed Up.lnk
2014-12-03 15:30 - 2014-12-03 15:30 - 00000000 ____D () C:\Users\Pk\Documents\PCSpeedUp
2014-12-03 15:30 - 2014-12-03 15:30 - 00000000 ____D () C:\Users\Pk\AppData\Local\globalUpdate
2014-12-03 15:30 - 2014-12-03 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
2014-12-03 15:30 - 2014-12-03 15:30 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-03 15:28 - 2014-12-03 15:28 - 00003718 _____ () C:\Windows\System32\Tasks\SMupdate1
2014-12-03 15:28 - 2014-12-03 15:28 - 00003578 _____ () C:\Windows\System32\Tasks\YTDownloader
2014-12-03 15:28 - 2014-12-03 15:28 - 00003568 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-12-03 15:28 - 2014-12-03 15:28 - 00001965 _____ () C:\Users\Pk\Desktop\YTDownloader.lnk
2014-12-03 15:28 - 2014-12-03 15:28 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-12-03 15:28 - 2014-12-03 15:28 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-12-03 15:28 - 2014-12-03 15:28 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2014-12-03 15:27 - 2014-12-03 15:27 - 00000000 ____D () C:\Users\Pk\AppData\Local\CrashRpt
2014-12-03 15:26 - 2014-12-03 15:26 - 00004320 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-12-03 15:26 - 2014-12-03 15:26 - 00003534 _____ () C:\Windows\System32\Tasks\RocketTab
2014-12-03 15:26 - 2014-12-03 15:26 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-12-03 15:26 - 2014-12-03 15:26 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-12-03 15:24 - 2014-12-03 15:25 - 00000000 ____D () C:\Users\Pk\AppData\Local\LPT
2014-12-03 15:24 - 2014-12-03 15:24 - 00000000 ____D () C:\Users\Pk\AppData\Local\Smartbar
2014-12-02 22:23 - 2014-12-02 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-02 22:22 - 2014-12-02 22:23 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-01 15:51 - 2014-12-01 15:51 - 00045112 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-11-24 09:46 - 2014-11-24 09:46 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
2014-11-19 13:32 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 13:32 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 13:32 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 13:32 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 14:36 - 2013-12-19 22:21 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2013-12-19 22:21 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2014-12-19 16:33 - 2014-03-19 18:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-19 16:32 - 2014-03-19 18:19 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2902429972-443509965-4274997157-1001
2014-12-19 16:29 - 2014-10-07 20:18 - 02011733 _____ () C:\Windows\WindowsUpdate.log
2014-12-19 16:28 - 2014-04-22 19:28 - 00000296 _____ () C:\Windows\Tasks\FF Watcher {B2AB07AB-FEC9-4CBA-87F4-2F55FF6D8165}.job
2014-12-19 16:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-19 16:28 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\ProgramData\Acer
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-12-19 16:27 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-19 16:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-12-19 16:23 - 2014-06-21 18:06 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21.job
2014-12-19 16:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-19 15:53 - 2014-03-23 18:24 - 00000000 ____D () C:\Users\Pk\AppData\Local\CrashDumps
2014-12-19 15:52 - 2014-03-19 18:09 - 00000000 ____D () C:\Users\Pk\AppData\Local\Pokki
2014-12-19 15:51 - 2014-05-13 18:22 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\uTorrent
2014-12-19 15:45 - 2014-03-27 18:09 - 00000000 ___DO () C:\Users\Pk\SkyDrive
2014-12-19 15:44 - 2013-12-20 06:42 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-19 15:44 - 2013-12-20 06:42 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-19 15:44 - 2013-11-27 10:55 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-19 15:40 - 2014-10-20 16:32 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\.minecraft
2014-12-19 15:40 - 2014-03-20 19:50 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 15:39 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 16:08 - 2014-08-13 16:00 - 00000000 ____D () C:\Users\Pk\AppData\Local\LogMeIn Hamachi
2014-12-16 16:13 - 2014-03-19 18:12 - 00000000 ____D () C:\Users\Pk\AppData\Local\clear.fi
2014-12-14 11:23 - 2014-03-19 18:09 - 00000000 ____D () C:\Users\Pk
2014-12-12 11:25 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 19:14 - 2014-03-22 19:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 19:05 - 2014-03-22 19:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 18:33 - 2014-03-19 18:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-03 15:31 - 2014-05-11 17:26 - 00000000 ____D () C:\Program Files (x86)\AMX Mod X
2014-12-03 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-26 22:10 - 2014-11-14 22:54 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-11-14 22:54 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-21 07:14 - 2013-11-27 10:40 - 00000000 ___HD () C:\OEM

Files to move or delete:
====================
C:\Users\Pk\jagex_cl_runescape_LIVE.dat
C:\Users\Pk\random.dat


Some content of TEMP:
====================
C:\Users\Pk\AppData\Local\Temp\h_keixo5.dll
C:\Users\Pk\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\Pk\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Pk\AppData\Local\Temp\System.Data.SQLitef8540cf9-92f7-4c52-9842-74687b7729a5.dll
C:\Users\Pk\AppData\Local\Temp\tu17p84.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 21:02

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Pk at 2014-12-19 16:33:42
Running from C:\Users\Pk\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2001.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2013.0 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.03.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Air Control Simulator (x32 Version: 3.0.2.59 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMX Mod X Installer 1.8.2 (HKLM-x32\...\AMX Mod X Installer) (Version: 1.8.2 - AMX Mod X Dev Team)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.03.2001.0 - Acer Incorporated)
AssaultCube v1.2.0.2 (HKLM-x32\...\AssaultCube) (Version: 1.2.0.2 - )
Battlefield Heroes (Pk) (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Caramava (HKLM\...\Caramava) (Version: 2014.04.18.223704 - Caramava) <==== ATTENTION!
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Elsword (HKLM-x32\...\Elsword_de_is1) (Version:  - )
ETDWare PS/2-X64 11.6.28.201_WHQL (HKLM\...\Elantech) (Version: 11.6.28.201 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GameTracker Lite (HKLM-x32\...\GameTracker Lite) (Version:  - ClanServers Hosting LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3349 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.279 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.279 - LogMeIn, Inc.) Hidden
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
MinecraftAlpha (HKLM-x32\...\MinecraftAlpha) (Version:  - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MTA:SA v1.3.5 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OPERATION7 (HKLM-x32\...\OPERATION7) (Version:  - )
PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.6.6.0 - Speedchecker Limited) <==== ATTENTION
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Pokki) (Version: 0.266.1.172 - Pokki) <==== ATTENTION!
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27041 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RocketTab (HKLM-x32\...\RocketTab) (Version:  - RocketTab) <==== ATTENTION!
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.0.260 - Client Connect LTD) <==== ATTENTION
Sense (HKLM-x32\...\Sense) (Version: 1.35.11.26 - Object Browser) <==== ATTENTION
Shopping Helper Smartbar (HKLM-x32\...\{DD4CA175-B85B-434A-8A3B-7E04CDD1741F}) (Version: 11.126.63.20709 - ReSoft Ltd.) <==== ATTENTION
Shopping Helper Smartbar Engine (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\{c67f3378-9788-4884-8ea0-03dbbdc440ef}) (Version: 11.126.63.20709 - ReSoft Ltd.) <==== ATTENTION
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Spielkanäle (x32 Version: 9.2.0.11 - WildTangent, Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Ultimate Naruto (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Pokki_6dd6415c7ca59a3afaff86950eac7bceb240f3f1) (Version: 1.0.1.55415 - Pokki)
Unity Web Player (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
Wizard101(DE) (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Wizard101(DE)_is1) (Version:  - Gameforge 4D GmbH)
YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader) <==== ATTENTION!

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-10-2014 10:11:02 Windows Update
19-10-2014 18:50:34 Windows Update
14-11-2014 14:45:02 Windows Modules Installer
19-11-2014 16:38:15 Windows Update
27-11-2014 18:26:00 Windows Update
06-12-2014 12:47:12 Windows Update
11-12-2014 19:00:42 Windows Update
19-12-2014 16:21:30 Revo Uninstaller's restore point - abDocs

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03AA69E7-60BC-417E-940F-40468EE2C8FA} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2014-08-25] (YTDownloader) <==== ATTENTION
Task: {14FA1028-9F98-4956-946D-4B13E30B19BE} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {1F7C0A08-85F8-45B8-B900-26F0E7DF6C9D} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-11-19] (Acer)
Task: {2BEADDA2-8973-4583-8A41-E2F57BEC150E} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6 => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {2F950441-C496-43B9-A51A-D42CC33CB522} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {31FF8399-464D-4F8E-9314-FF1D80C8C903} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11 => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {32257870-A173-4068-A461-6E35A2CC695D} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5_user => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {3416F7D6-66CB-4824-B085-073F95DE385D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {368D6236-321B-4AC2-B348-8796C857C2C2} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5 => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-5.exe <==== ATTENTION
Task: {4BCFC6B6-D5B1-4476-956E-942E0CAC718A} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2014-08-08] () <==== ATTENTION
Task: {57DAD70C-B499-49E1-942C-F232B8C7D0D5} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {59B4F9A5-81FA-4E32-8831-5E56E223D3B2} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {5A568646-CF36-46A2-8F3A-E7DFCF893D05} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {5ED6B805-0097-40DB-AB19-7023F4E02AC3} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-4 => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-4.exe <==== ATTENTION
Task: {5F4790CD-49CE-41A8-AECB-53198541A8BE} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-2 => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-2.exe <==== ATTENTION
Task: {651690BE-2E60-4F34-A09F-E81B2189388D} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-1 => C:\Program Files (x86)\Ge-Force\Ge-Force-codedownloader.exe <==== ATTENTION
Task: {713953D2-06B9-413F-A48E-9BA158555536} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7 => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {761446A4-0F14-4DC4-96CF-08FB7B999D5E} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2 => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {876BC0C0-A1A0-4A86-AB3B-347F1C029029} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-1 => C:\Program Files (x86)\Sense\Sense-codedownloader.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {89991028-D088-4F27-9195-15EB8658E4E3} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-7 => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-7.exe <==== ATTENTION
Task: {92D9011F-99FA-4B50-9578-247E9D4ECA7E} - System32\Tasks\FF Watcher {B2AB07AB-FEC9-4CBA-87F4-2F55FF6D8165} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: {991AD5E5-DFB6-48E0-83AF-1AE8142A87A2} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {A229167D-9C35-4545-AF3E-FE0BB1CFC224} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4 => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {A573131A-9906-4248-A9AE-6B1A4A8813D5} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2014-08-25] (Goobzo) <==== ATTENTION
Task: {AAB21B27-A0E0-491B-A015-173E960F4884} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-12-03] () <==== ATTENTION
Task: {AB7C8488-2452-423D-AF3A-FEB988CE38B8} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated)
Task: {B32DAFAB-564B-43C1-8F47-460696108ACA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {BB10A4CD-5ADB-4737-AD50-CFDD782EB4B8} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5_user => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-5.exe <==== ATTENTION
Task: {CB3CA836-7BCF-4D29-B667-68D82873A013} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3 => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {CDEC366F-05C1-4BA5-873E-36A4EECA4EAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {D5A8973B-2E07-4A3D-B8E2-40979811DF1B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {E3F71571-747F-4BFE-A045-EADC33BFB6BF} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5 => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {E8EABC65-13D0-49EE-9429-D489742A1066} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-03] (globalUpdate) <==== ATTENTION
Task: {EF16EDD9-5973-4020-90F4-1BCEFC4E1198} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
Task: {EFBF6778-C5DB-47CC-91BA-40249952974B} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-03] (globalUpdate) <==== ATTENTION
Task: {F02E1173-F1F4-4D95-8274-BFBAC23B21CA} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2902429972-443509965-4274997157-1001
Task: {F87573BC-CECB-4475-8F62-99A521859FD0} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-6 => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-6.exe <==== ATTENTION
Task: {FE862EEC-F3FB-4D81-B359-1881263C482D} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-11 => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-1.job => C:\Program Files (x86)\Ge-Force\Ge-Force-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-11.job => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-2.job => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-4.job => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5.job => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5_user.job => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-6.job => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-7.job => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-1.job => C:\Program Files (x86)\Sense\Sense-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5_user.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FF Watcher {B2AB07AB-FEC9-4CBA-87F4-2F55FF6D8165}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-12-03 15:30 - 2014-08-08 13:43 - 00430888 _____ () C:\Program Files (x86)\PC Speed Up\PCSUService.exe
2014-11-19 15:20 - 2014-11-19 15:20 - 00032800 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-05-24 21:03 - 2014-05-25 13:06 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-19 22:46 - 2013-07-30 18:11 - 00110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-11-19 15:20 - 2014-11-19 15:20 - 00034848 _____ () C:\Program Files (x86)\LPT\srptsl.exe
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-12-03 15:26 - 2014-12-03 15:26 - 05812224 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2014-11-19 15:18 - 2014-11-19 15:18 - 00023584 _____ () C:\Users\Pk\AppData\Local\Smartbar\Application\Lrcnta.exe
2014-12-03 15:30 - 2014-08-08 13:43 - 00585600 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll
2014-11-19 15:20 - 2014-11-19 15:20 - 00042528 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-11-19 15:19 - 2014-11-19 15:19 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-11-19 15:20 - 2014-11-19 15:20 - 00070688 _____ () C:\Program Files (x86)\LPT\srut.dll
2014-11-21 07:16 - 2014-11-21 07:16 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2014-11-17 10:57 - 2014-11-17 10:57 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-09-16 09:15 - 2014-09-16 09:15 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2014-11-17 10:53 - 2014-11-17 10:53 - 00279296 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-11-19 15:20 - 2014-11-19 15:20 - 00070688 _____ () C:\Users\Pk\AppData\Local\Smartbar\Application\srut.dll
2014-11-19 15:18 - 2014-11-19 15:18 - 00033312 _____ () C:\Users\Pk\AppData\Local\Smartbar\Application\lrcnt.dll
2014-11-19 15:20 - 2014-11-19 15:20 - 00067616 _____ () C:\Users\Pk\AppData\Local\Smartbar\Application\sppsm.dll
2014-11-19 15:19 - 2014-11-19 15:19 - 00027168 _____ () C:\Users\Pk\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-11-19 15:19 - 2014-11-19 15:19 - 00165920 _____ () C:\Users\Pk\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-12-03 15:31 - 2014-12-03 15:31 - 00135136 _____ () C:\Program Files (x86)\Sense\60b17b6c-638c-45c8-9f8b-a1284ee1f328.dll
2013-12-19 22:46 - 2013-07-30 18:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\ouali_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Pk\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Pk\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\Pk\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Pk\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\Pk\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Pk\AppData\Roaming:NT2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\StartupApproved\Run: => "CyberGhost"

========================= Accounts: ==========================

Administrator (S-1-5-21-2902429972-443509965-4274997157-500 - Administrator - Disabled)
Gast (S-1-5-21-2902429972-443509965-4274997157-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2902429972-443509965-4274997157-1007 - Limited - Enabled)
ouali_000 (S-1-5-21-2902429972-443509965-4274997157-1002 - Limited - Enabled) => C:\Users\ouali_000
Pk (S-1-5-21-2902429972-443509965-4274997157-1001 - Administrator - Enabled) => C:\Users\Pk

==================== Faulty Device Manager Devices =============

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2014 03:53:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.6, Zeitstempel: 0x546963f7
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b1d
ID des fehlerhaften Prozesses: 0x154c
Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0
Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1
Pfad des fehlerhaften Moduls: BackgroundAgent.exe2
Berichtskennung: BackgroundAgent.exe3
Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5

Error: (12/19/2014 03:50:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm CCleaner64.exe, Version 4.13.0.4693 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b24

Startzeit: 01d01b9acc55c20f

Endzeit: 5

Anwendungspfad: C:\Program Files\CCleaner\CCleaner64.exe

Berichts-ID: 5ad445c4-878e-11e4-83b0-201a06cb959b

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/19/2014 03:50:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm CCleaner64.exe, Version 4.13.0.4693 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 90c

Startzeit: 01d01b9acc56d3d8

Endzeit: 6

Anwendungspfad: C:\Program Files\CCleaner\CCleaner64.exe

Berichts-ID: 55f48bb3-878e-11e4-83b0-201a06cb959b

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/19/2014 03:49:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm QuickAccess.exe, Version 1.0.3000.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1518

Startzeit: 01d01b99cc2b6b9a

Endzeit: 160

Anwendungspfad: C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe

Berichts-ID: 45e2ff68-878e-11e4-83b0-201a06cb959b

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/19/2014 03:47:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 39.0.2171.95 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1af4

Startzeit: 01d01b9a6a041284

Endzeit: 8

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: d14837e6-878d-11e4-83b0-201a06cb959b

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/19/2014 03:43:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (12/19/2014 03:43:51 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (12/19/2014 03:43:51 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (12/19/2014 03:43:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

Error: (12/19/2014 03:43:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4


System errors:
=============
Error: (12/19/2014 03:39:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/19/2014 03:39:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (12/19/2014 03:38:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎18.‎12.‎2014 um 20:47:48 unerwartet heruntergefahren.

Error: (12/18/2014 04:07:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LPT System Updater Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/18/2014 04:07:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LPT System Updater Service erreicht.

Error: (12/18/2014 04:06:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎17.‎12.‎2014 um 21:20:54 unerwartet heruntergefahren.

Error: (12/15/2014 03:51:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/15/2014 03:51:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (12/15/2014 03:51:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LPT System Updater Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/15/2014 03:51:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LPT System Updater Service erreicht.


Microsoft Office Sessions:
=========================
Error: (12/19/2014 03:53:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.6546963f7MSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d154c01d01b99be746da7C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dllca1af314-878e-11e4-83b0-201a06cb959b

Error: (12/19/2014 03:50:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CCleaner64.exe4.13.0.46931b2401d01b9acc55c20f5C:\Program Files\CCleaner\CCleaner64.exe5ad445c4-878e-11e4-83b0-201a06cb959b

Error: (12/19/2014 03:50:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CCleaner64.exe4.13.0.469390c01d01b9acc56d3d86C:\Program Files\CCleaner\CCleaner64.exe55f48bb3-878e-11e4-83b0-201a06cb959b

Error: (12/19/2014 03:49:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: QuickAccess.exe1.0.3000.0151801d01b99cc2b6b9a160C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe45e2ff68-878e-11e4-83b0-201a06cb959b

Error: (12/19/2014 03:47:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.951af401d01b9a6a0412848C:\Program Files (x86)\Google\Chrome\Application\chrome.exed14837e6-878d-11e4-83b0-201a06cb959b

Error: (12/19/2014 03:43:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (12/19/2014 03:43:51 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (12/19/2014 03:43:51 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (12/19/2014 03:43:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

Error: (12/19/2014 03:43:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4


CodeIntegrity Errors:
===================================
  Date: 2014-12-08 21:36:08.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:36:07.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:36:06.978
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:35:34.466
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:35:33.682
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:02.863
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:02.289
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:01.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:10:59.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:10:57.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz
Percentage of memory in use: 52%
Total physical RAM: 3979.34 MB
Available physical RAM: 1899.99 MB
Total Pagefile: 8331.34 MB
Available Pagefile: 6189.91 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.19 GB) (Free:350.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 811F8FD7)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Geändert von Crounty (19.12.2014 um 16:07 Uhr)

Alt 19.12.2014, 17:24   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Pc voll mit Malware - Standard

Pc voll mit Malware



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Caramava

    LPT System Updater Service

    PC Speed Up

    Pokki

    RocketTab

    Search Protect

    Sense

    Shopping Helper Smartbar

    Shopping Helper Smartbar Engine (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\{c67f3378-9788-4884-8ea0-03dbbdc440ef}) (Version: 11.126.63.20709 - ReSoft Ltd.) <==== ATTENTION

    YTDownloader


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 20.12.2014, 14:59   #3
Crounty
 
Pc voll mit Malware - Standard

Pc voll mit Malware



Revo fand alles bis auf Caramava, LPT Sstem Updater Service und PC Speed Up, weshalb ich diese nicht deinstallieren konnte.

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.12.2014
Suchlauf-Zeit: 14:28:18
Logdatei: 
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.20.01
Rootkit Datenbank: v2014.12.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Pk

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 362008
Verstrichene Zeit: 30 Min, 7 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 57
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [fa1781e4ccb0102659e156b7ac578779], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [fa1781e4ccb0102659e156b7ac578779], 
PUP.Optional.Caramava.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{f0913486-1b23-46b2-a8ad-dbfc98421f73}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73], 
PUP.Optional.Caramava.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{BC97FB79-D445-4222-83E2-4D6638804806}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73], 
PUP.Optional.Caramava.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F75432CE-D1E0-42B0-BC6F-1DD84781CFCA}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73], 
PUP.Optional.Caramava.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F75432CE-D1E0-42B0-BC6F-1DD84781CFCA}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73], 
PUP.Optional.Caramava.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{BC97FB79-D445-4222-83E2-4D6638804806}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73], 
PUP.Optional.Caramava.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F0913486-1B23-46B2-A8AD-DBFC98421F73}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73], 
PUP.Optional.Caramava.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F0913486-1B23-46B2-A8AD-DBFC98421F73}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73], 
PUP.Optional.Caramava.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F0913486-1B23-46B2-A8AD-DBFC98421F73}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73], 
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [967bb1b4ed8f092d5d4140d030d31fe1], 
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [967bb1b4ed8f092d5d4140d030d31fe1], 
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [020f8dd8b5c70d291d8c6079a55d60a0], 
PUP.Optional.Caramava.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Caramava, In Quarantäne, [040dafb60e6e1e18b41d523c3cc79967], 
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, In Quarantäne, [59b8630235470a2ccdfd2e28996adc24], 
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\V-bates, In Quarantäne, [c8492c3964180b2b1a9536631ee51ee2], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\20891, In Quarantäne, [d63b4d18b9c342f47376c2c93ec58a76], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21836, In Quarantäne, [1cf5cb9a6c10d3639f4ad1ba05fe2cd4], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [ed2488dd5a22bd79300cc30fa95bda26], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [d63b67fe58241e1893a8c111996b21df], 
PUP.Optional.Caramava.A, HKLM\SOFTWARE\WOW6432NODE\Caramava, In Quarantäne, [bd54d29389f304326073078752b1bc44], 
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\WOW6432NODE\Speedchecker Limited, In Quarantäne, [59b82b3ae39910265b6f183eab58b44c], 
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\WOW6432NODE\V-bates, In Quarantäne, [69a8f17492ead85eb8f70d8c19ea37c9], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [47ca83e25725300614082a4720e38a76], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\20891, In Quarantäne, [41d05411b7c5e94de7021873b15201ff], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21836, In Quarantäne, [cc456ef7ccb011256386cac1867d09f7], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, In Quarantäne, [f81970f59fdd0f278889f0e109fbc838], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, In Quarantäne, [b75ae481710bb680e230d7fa05ffac54], 
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, In Quarantäne, [6ba6a8bd720a3cfa8a57c4ae7a8933cd], 
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [759c6cf9aad2c175da5bfb78fd067e82], 
PUP.Optional.GeForce.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, In Quarantäne, [937ec0a5ed8f63d3d73c22ad877d847c], 
PUP.Optional.Caramava.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Caramava, In Quarantäne, [5db4164f4d2f47efe2f092fc0ef5cf31], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [3ed387de8defbe78cf8ea22053b120e0], 
PUP.Optional.GeForce.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, In Quarantäne, [50c1a9bcd5a78da94bc8547bf410a858], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\20891, In Quarantäne, [e42d461f9ddf48ee42b4501481825da3], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21836, In Quarantäne, [63ae194c6c10f640d62014500df65ba5], 
PUP.Optional.iWebar.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\iWebar, In Quarantäne, [b25fa5c02e4e999dbe341183f40f23dd], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Object Browser, In Quarantäne, [749d99cc2953d066b08daf1458ac6799], 
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, In Quarantäne, [68a92441f7859d991064f5da32d211ef], 
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [9d746500cfad56e06a62c0f321e323dd], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [15fc34312d4fa98d42f21360ce3529d7], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.ShopperPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, In Quarantäne, [2ae75c091666a591caa5205c60a56b95], 
PUP.Optional.ShopperPro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, In Quarantäne, [2ae75c091666a591caa5205c60a56b95], 

Registrierungswerte: 9
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [020f8dd8b5c70d291d8c6079a55d60a0]
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [020f8dd8b5c70d291d8c6079a55d60a0]
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [45cc4b1a4834ec4a7039954448ba51af], 
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [45cc9fc6710bcd69f0b9637611f10000], 
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [40d13233cab2e650ee941e4946bdc63a]
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [47ca83e25725300614082a4720e38a76]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [28e96df81d5fb77f8002a4c310f331cf]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [88891451b8c4d66077a6afc2d42f827e]
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, ShoppingHelper, In Quarantäne, [68a92441f7859d991064f5da32d211ef]

Registrierungsdaten: 7
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}),Ersetzt,[4cc5b5b0f488ec4ae038e88243c2d729]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}),Ersetzt,[37dae184d0ac979f69b24c1e9174a957]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kTAeo-yisldtUXwYZM4gk781H07MAE8GscmBuBf3AobnTPL3xS6USzQr3hdsNc,, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kTAeo-yisldtUXwYZM4gk781H07MAE8GscmBuBf3AobnTPL3xS6USzQr3hdsNc,),Ersetzt,[4dc476ef91eb290dd5474c1edb2acd33]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}),Ersetzt,[2de49dc8c2ba85b1fd1dc1a90ff6d030]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}),Ersetzt,[4ec37bea7ffdf04606178edce12415eb]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}),Ersetzt,[5bb643221e5e14225ac43d2df4118c74]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}),Ersetzt,[020f60052656a88e12073f2b788d7b85]

Ordner: 26
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro, In Quarantäne, [db36cc99b7c5ef473f236e1248bb6997], 
PUP.Optional.Caramava.A, C:\Program Files (x86)\Caramava, In Quarantäne, [040dafb60e6e1e18b41d523c3cc79967], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\Partial Backups, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\voice, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\voice\de, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997], 
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\SearchProtect, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997], 
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997], 
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\SearchProtect\STG, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997], 
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\UI, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997], 
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997], 
PUP.Optional.SearchProtect.A, C:\Users\Pk\AppData\Local\SearchProtect, In Quarantäne, [c8499dc8374534024229989e11f2f808], 
PUP.Optional.SystemSpeedup, C:\Users\Pk\AppData\Roaming\systweak\ssd, In Quarantäne, [878a630248346ccad19741f8d13209f7], 
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8], 
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8], 
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\libraries, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8], 
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\resources, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{887DCFDB-C6BF-4AA8-BDDE-B889716A2D7E}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader, In Quarantäne, [4fc2f372f48804324707eb5a996ae51b], 

Dateien: 101
PUP.Optional.Caramava.A, C:\Program Files (x86)\Caramava\CaramavaBHO.dll, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73], 
PUP.Optional.Sense.A, C:\Users\Pk\AppData\Roaming\UQ.exe, In Quarantäne, [2be604613e3e61d53cc374f46a9755ab], 
PUP.Optional.Sense.A, C:\Users\Pk\AppData\Roaming\WEFLS.exe, In Quarantäne, [38d94b1a433974c230cf4e1ae81927d9], 
PUP.Optional.Nova.A, C:\Program Files (x86)\3a61f36b-5e00-4615-847d-0d7a34dfcb15\60e03062-9aa0-4f1b-bab1-739a3231ca5e.dll, In Quarantäne, [7c95a6bf97e50b2b43f574811ae721df], 
PUP.Optional.Crossrider, C:\Program Files (x86)\3a61f36b-5e00-4615-847d-0d7a34dfcb15\fcbbbec9-0975-4c68-9ba2-4a70c9d2ebad.dll, In Quarantäne, [98799bcaf9837abc516f29bb986c28d8], 
PUP.Optional.Nova.A, C:\Program Files (x86)\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8\00f6ff79-c308-4537-ada6-740d49eefaf8.dll, In Quarantäne, [67aa0560c1bb9c9ae454d520728f1ce4], 
PUP.Optional.Crossrider, C:\Program Files (x86)\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8.dll, In Quarantäne, [cd447de8b9c35fd7a61af7ed1ce8a25e], 
PUP.Optional.Nova.A, C:\Program Files (x86)\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8\9124dc78-6d21-42dd-b7e3-3813518da944.dll, In Quarantäne, [40d11e47d8a42a0c54e4db1ab150d62a], 
PUP.Optional.Crossrider, C:\Program Files (x86)\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8\d5d8a6bb-476f-4bb9-8cf2-6081992ad6f6.dll, In Quarantäne, [9a774a1b5824181ecdf36a7a8b79d828], 
PUP.Optional.Crossrider, C:\Program Files (x86)\AMX Mod X\3a61f36b-5e00-4615-847d-0d7a34dfcb15.dll, In Quarantäne, [7f92bca95824f145912fbb29cc38649c], 
PUP.Optional.Nova.A, C:\Program Files (x86)\AMX Mod X\b942e87d-c421-464b-b95d-ab6924e42901.dll, In Quarantäne, [19f8e67fb6c6c670bf79c035d42d5ba5], 
PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\VCLdr64.dll, In Quarantäne, [a66b2b3a3646181e0fbc3c6ea75a19e7], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSIF4EC.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [7d94acb957253303ccb2d7573cc49868], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI77DB.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [cf42f07586f6f44266180727ce3225db], 
PUP.Optional.VBates, C:\Windows\Tasks\FF Watcher {B2AB07AB-FEC9-4CBA-87F4-2F55FF6D8165}.job, In Quarantäne, [828f96cfff7dc5712d6f81ea669d46ba], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-1, In Quarantäne, [a0717ee7453793a376a11958ba49cd33], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-11, In Quarantäne, [29e8ee779eded462f81f0a676a99758b], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-2, In Quarantäne, [e9287beaa9d3e74fa374bfb2d72c3ec2], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-4, In Quarantäne, [be53cb9abbc1cb6b57c0f879a063b64a], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5, In Quarantäne, [51c088dd3d3ff14560b71b56e91ae11f], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5_user, In Quarantäne, [59b8d2930874f046d14685ec0ef55fa1], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-6, In Quarantäne, [7d9478ed44382b0be433a2cf21e2e11f], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-7, In Quarantäne, [5cb5580d7804270f62b56809be4516ea], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-1, In Quarantäne, [e52c8ed7374555e1cc4bdf92a45fcd33], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11, In Quarantäne, [4cc5ff66cfad2b0b96813839aa5923dd], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2, In Quarantäne, [17fa7bead9a316202ee97af762a1a858], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3, In Quarantäne, [0b0681e4cdaf1d19799efa77649fdb25], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4, In Quarantäne, [d23f01649fdd7abc9285f57ca0639c64], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5, In Quarantäne, [957cde87c8b4dc5a5bbc1d5403002cd4], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5_user, In Quarantäne, [020f5f06b7c543f337e0adc4e61dfe02], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6, In Quarantäne, [68a9184dacd056e057c0ff72ba49b64a], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7, In Quarantäne, [4dc4273e3e3e6acc68af541d4ab99070], 
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljmibnagodajacnnbifpamhggcohblip_0.localstorage, In Quarantäne, [c34e6203a1dbba7cddfddd944fb442be], 
PUP.Optional.SelectNGo.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Löschen bei Neustart, [b859e67f49337bbb48d8e09d44bf9b65], 
PUP.Optional.SelectNGo.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Löschen bei Neustart, [13fee382adcf2f0747d90a7315ee7987], 
PUP.Optional.ShoppingGate.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, In Quarantäne, [a26f75f0512bd6601bf53c4415ee46ba], 
PUP.Optional.ShoppingGate.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, In Quarantäne, [8988b3b2225a1c1ab759ceb2966ddf21], 
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk, In Quarantäne, [db36cc99b7c5ef473f236e1248bb6997], 
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro entfernen.lnk, In Quarantäne, [db36cc99b7c5ef473f236e1248bb6997], 
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk, In Quarantäne, [db36cc99b7c5ef473f236e1248bb6997], 
PUP.Optional.Caramava.A, C:\Program Files (x86)\Caramava\Caramava.ico, In Quarantäne, [040dafb60e6e1e18b41d523c3cc79967], 
PUP.Optional.Caramava.A, C:\Program Files (x86)\Caramava\CaramavaUninstall.exe, In Quarantäne, [040dafb60e6e1e18b41d523c3cc79967], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-1.job, In Quarantäne, [59b8f471e09c1620901d3f8fe321d828], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-11.job, In Quarantäne, [0d042b3a7dffc96de0cd2ca27e8657a9], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-2.job, In Quarantäne, [aa6750156b113df926874c82c93b22de], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-4.job, In Quarantäne, [af622d38126a50e6822bbc12a163b54b], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5.job, In Quarantäne, [e32e2f3637452214c0ed824c8b79e11f], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5_user.job, In Quarantäne, [51c01e47fd7fa88ec3ea5579ef15cd33], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-6.job, In Quarantäne, [7a97e87d5527191d6c41e6e8778d09f7], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-7.job, In Quarantäne, [9c75016483f962d4228b9737c83c3dc3], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-1.job, In Quarantäne, [9c753d2892ea45f1e9c47e50f80cd22e], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11.job, In Quarantäne, [1df46afb314b3df97c31a02efb095fa1], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2.job, In Quarantäne, [b859372e205c1422f3ba7658a75d52ae], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3.job, In Quarantäne, [fc15f96c215b2214e3ca7e50ef15d62a], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4.job, In Quarantäne, [53befa6b5c209b9b2c816c6238cc2ad6], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5.job, In Quarantäne, [4ac75e07295374c21499a62862a258a8], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5_user.job, In Quarantäne, [3dd4bda8d4a881b5753848862cd8d828], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6.job, In Quarantäne, [b061f66fd7a5c96d07a6a7275ca8cb35], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7.job, In Quarantäne, [2be6bea71e5e1b1b3a73824c040008f8], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, In Quarantäne, [d63bf273502cff37378cbc123cc804fc], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, In Quarantäne, [f61b7ce91666db5b784c17b74fb5be42], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, In Quarantäne, [ba57eb7a522a5bdbcef737976a9ad42c], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, In Quarantäne, [7c95b8ad126a92a409bd5c72ff05cd33], 
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [3fd21b4a710bbd794bf4854d659fab55], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\ExcludeList.rcp, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\German_rcp.dat, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\log_04-25-2014.log, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\log_04-27-2014.log, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\log_04-28-2014.log, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\log_04-29-2014.log, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\log_04-30-2014.log, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\rcpupdate.ini, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\results.rcp, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\TempHLList.rcp, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rmx, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rxb, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\voice\de\voice.wav, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789], 
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997], 
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997], 
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997], 
PUP.Optional.SystemSpeedup, C:\Users\Pk\AppData\Roaming\systweak\ssd\SSDPTstub.exe, In Quarantäne, [878a630248346ccad19741f8d13209f7], 
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\background.html, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8], 
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\logo_128.png, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8], 
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\main.html, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8], 
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\main.js, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8], 
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\manifest.json, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8], 
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\NMHClient.json, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8], 
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\libraries\ContentScript.js, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8], 
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\libraries\DataExchangeScript.js, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8], 
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\resources\LocalScript.js, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5], 
PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader\EZDownloader.lnk, In Quarantäne, [4fc2f372f48804324707eb5a996ae51b], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.105 - Bericht erstellt am 20/12/2014 um 15:30:09
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-16.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Pk - OUAILS-PC
# Gestartet von : C:\Users\Pk\Desktop\AdwCleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : pcsuservice

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\pc speed up
Ordner Gelöscht : C:\Users\Pk\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Pk\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
Ordner Gelöscht : C:\Users\Pk\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Pk\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Pk\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Pk\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Pk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Ordner Gelöscht : C:\Users\Pk\Documents\PCSpeedUp
Ordner Gelöscht : C:\Users\Public\Documents\ShopperPro
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Pk\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\Pk\AppData\Roaming\regsvr32.exe_log.txt
Datei Gelöscht : C:\Users\Pk\Desktop\PC Speed Up.lnk
Datei Gelöscht : C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : PC SpeedUp Service Deactivator
Task Gelöscht : YTDownloader

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [pcspeedup]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\lnkfile\shell\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\LiveSupport
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\Speedchecker Limited
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Sense
Schlüssel Gelöscht : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ShopperPro
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\YTDownloader
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v39.0.2171.95

[C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1402354800&from=cor&uid=ST9500325AS_6VEF8HFW&q={searchTerms}

*************************

AdwCleaner[R0].txt - [8895 octets] - [01/05/2014 09:28:39]
AdwCleaner[R1].txt - [10442 octets] - [20/12/2014 15:26:09]
AdwCleaner[S0].txt - [782 octets] - [01/05/2014 09:29:56]
AdwCleaner[S1].txt - [9858 octets] - [20/12/2014 15:30:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9918 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by Pk on 20.12.2014 at 15:34:13,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.12.2014 at 15:45:57,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by Pk (administrator) on OUAILS-PC on 20-12-2014 15:53:51
Running from C:\Users\Pk\Desktop
Loaded Profile: Pk (Available profiles: Pk & ouali_000)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Dropbox, Inc.) C:\Users\Pk\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-10-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-11-17] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90368 2014-11-20] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [403568 2014-04-14] (CyberGhost S.R.L.)
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2902429972-443509965-4274997157-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Ge-Force -> {11111111-1111-1111-1111-110611191111} -> C:\Program Files (x86)\Ge-Force\Ge-Force-bho64.dll No File
BHO: Sense -> {11111111-1111-1111-1111-110611811153} -> C:\Program Files (x86)\Sense\Sense-bho64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2902429972-443509965-4274997157-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MB3038653-7474-418E-BF69-1EF568F15448&SearchSource=55&CUI=&UM=5&UP=SP59E9C460-1DD9-413E-AB72-B1C5C5FEBACB&SSPV=
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://www.sweet-page.com/?type=hp&ts=1402321604&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402323183&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402324645&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402328681&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402331885&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402338859&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402339144&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402354800&from=cor&uid=ST9500325AS_6VEF8HFW"
CHR Profile: C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Google Drive) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Battlefield Heroes) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-05-24]
CHR Extension: (Google-Suche) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (deoodoglhbmpafkajmlggnjnngdclnie) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoodoglhbmpafkajmlggnjnngdclnie [2014-12-09]
CHR Extension: (Sense) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdiimmpmdoofmahingpgabiikimjgcia [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Google Mail) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-17] (Acer Incorporated)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-14] (CyberGhost S.R.L)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-10-02] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-09-20] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-25] ()
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 15:53 - 2014-12-20 15:55 - 00018199 _____ () C:\Users\Pk\Desktop\FRST.txt
2014-12-20 15:53 - 2014-12-20 15:53 - 00000000 ____D () C:\Users\Pk\Desktop\FRST-OlderVersion
2014-12-20 15:45 - 2014-12-20 15:45 - 00000611 _____ () C:\Users\Pk\Desktop\JRT.txt
2014-12-20 15:34 - 2014-12-20 15:34 - 00000000 ____D () C:\Windows\ERUNT
2014-12-20 13:30 - 2014-12-20 15:33 - 00000000 ___RD () C:\Users\Pk\Dropbox
2014-12-20 13:30 - 2014-12-20 13:30 - 00001171 _____ () C:\Users\Pk\Desktop\Dropbox.lnk
2014-12-20 13:28 - 2014-12-20 13:28 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-20 13:24 - 2014-12-20 15:33 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\Dropbox
2014-12-20 13:22 - 2014-12-20 13:23 - 00324224 _____ (Dropbox, Inc.) C:\Users\Pk\Downloads\DropboxInstaller.exe
2014-12-19 18:59 - 2014-12-20 15:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 18:59 - 2014-12-19 18:59 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-19 18:59 - 2014-12-19 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-19 18:58 - 2014-12-19 18:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-19 18:58 - 2014-12-19 18:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-19 18:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-19 18:58 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-19 18:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-19 18:56 - 2014-12-19 18:56 - 02166272 _____ () C:\Users\Pk\Desktop\AdwCleaner_4.105.exe
2014-12-19 18:55 - 2014-12-19 18:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Pk\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-19 18:55 - 2014-12-19 18:56 - 01707646 _____ (Thisisu) C:\Users\Pk\Desktop\JRT.exe
2014-12-19 18:08 - 2014-12-19 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-19 18:08 - 2014-12-19 18:08 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-19 18:07 - 2014-12-20 15:31 - 00039424 _____ () C:\Windows\PFRO.log
2014-12-19 16:30 - 2014-12-20 15:54 - 00000000 ___DC () C:\FRST
2014-12-19 16:18 - 2014-12-20 15:53 - 02122240 ____C (Farbar) C:\Users\Pk\Desktop\FRST64.exe
2014-12-19 16:17 - 2014-12-19 16:17 - 00001284 _____ () C:\Users\Pk\Desktop\Revo Uninstaller.lnk
2014-12-19 16:17 - 2014-12-19 16:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-16 16:15 - 2014-12-16 16:15 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
2014-12-14 11:23 - 2014-12-14 11:38 - 00000459 _____ () C:\Users\Pk\.swfinfo
2014-12-13 17:01 - 2014-12-13 17:01 - 00045112 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-12-10 19:32 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 19:32 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 19:31 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 19:31 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 19:31 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 19:31 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 18:12 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 18:12 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 18:12 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 18:12 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 18:12 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 18:12 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 18:12 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 18:12 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 18:12 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 18:12 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 18:12 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-10 18:11 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 18:11 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 18:11 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 18:11 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 18:11 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 18:11 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 18:11 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 18:11 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 18:11 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 18:11 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 18:11 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 18:11 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 18:11 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 18:11 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 18:11 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 18:11 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 18:11 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 18:11 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 18:11 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 18:11 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 18:11 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 18:11 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 18:11 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 18:11 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 18:11 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 18:11 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 18:11 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 18:11 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 18:11 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 18:11 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 18:11 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-06 12:51 - 2014-12-06 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-06 12:49 - 2014-12-06 12:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-06 12:49 - 2014-12-06 12:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-06 11:59 - 2014-12-06 11:59 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\.technic
2014-12-03 15:31 - 2014-12-20 15:19 - 00000000 ____D () C:\Program Files (x86)\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8
2014-12-03 15:31 - 2014-12-20 15:19 - 00000000 ____D () C:\Program Files (x86)\3a61f36b-5e00-4615-847d-0d7a34dfcb15
2014-11-24 09:46 - 2014-11-24 09:46 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 14:36 - 2013-12-19 22:21 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2013-12-19 22:21 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2014-12-20 15:45 - 2014-10-07 20:18 - 01519558 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 15:36 - 2013-12-20 06:42 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-20 15:36 - 2013-12-20 06:42 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-20 15:36 - 2013-11-27 10:55 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 15:34 - 2014-03-23 18:24 - 00000000 ____D () C:\Users\Pk\AppData\Local\CrashDumps
2014-12-20 15:33 - 2014-03-27 18:09 - 00000000 ___DO () C:\Users\Pk\SkyDrive
2014-12-20 15:33 - 2014-03-19 18:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-20 15:32 - 2014-03-20 19:50 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-20 15:31 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 15:30 - 2014-05-01 09:24 - 00000000 ___DC () C:\AdwCleaner
2014-12-20 15:30 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-12-20 15:27 - 2014-03-19 18:19 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2902429972-443509965-4274997157-1001
2014-12-20 15:23 - 2014-06-21 18:06 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21.job
2014-12-20 15:20 - 2014-03-19 18:09 - 00000000 ____D () C:\Users\Pk
2014-12-20 15:19 - 2014-05-11 17:26 - 00000000 ____D () C:\Program Files (x86)\AMX Mod X
2014-12-20 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-20 13:59 - 2014-10-20 16:32 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\.minecraft
2014-12-20 12:49 - 2014-08-13 16:00 - 00000000 ____D () C:\Users\Pk\AppData\Local\LogMeIn Hamachi
2014-12-19 20:50 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-19 18:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-19 18:39 - 2014-03-19 18:09 - 00000000 ____D () C:\Users\Pk\AppData\Local\Pokki
2014-12-19 18:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\ProgramData\Acer
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-12-19 16:27 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-19 16:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-12-19 15:51 - 2014-05-13 18:22 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\uTorrent
2014-12-16 16:13 - 2014-03-19 18:12 - 00000000 ____D () C:\Users\Pk\AppData\Local\clear.fi
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 19:14 - 2014-03-22 19:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 19:05 - 2014-03-22 19:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 18:33 - 2014-03-19 18:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 22:10 - 2014-11-14 22:54 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-11-14 22:54 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-21 07:14 - 2013-11-27 10:40 - 00000000 ___HD () C:\OEM

Files to move or delete:
====================
C:\Users\Pk\jagex_cl_runescape_LIVE.dat
C:\Users\Pk\random.dat


Some content of TEMP:
====================
C:\Users\Pk\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqrfbsd.dll
C:\Users\Pk\AppData\Local\Temp\h_keixo5.dll
C:\Users\Pk\AppData\Local\Temp\Quarantine.exe
C:\Users\Pk\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\Pk\AppData\Local\Temp\sqlite3.dll
C:\Users\Pk\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Pk\AppData\Local\Temp\System.Data.SQLitef8540cf9-92f7-4c52-9842-74687b7729a5.dll
C:\Users\Pk\AppData\Local\Temp\tu17p84.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 21:02

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by Pk at 2014-12-20 15:57:00
Running from C:\Users\Pk\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2001.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2013.0 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.03.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Air Control Simulator (x32 Version: 3.0.2.59 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMX Mod X Installer 1.8.2 (HKLM-x32\...\AMX Mod X Installer) (Version: 1.8.2 - AMX Mod X Dev Team)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.03.2001.0 - Acer Incorporated)
AssaultCube v1.2.0.2 (HKLM-x32\...\AssaultCube) (Version: 1.2.0.2 - )
Battlefield Heroes (Pk) (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Elsword (HKLM-x32\...\Elsword_de_is1) (Version:  - )
ETDWare PS/2-X64 11.6.28.201_WHQL (HKLM\...\Elantech) (Version: 11.6.28.201 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GameTracker Lite (HKLM-x32\...\GameTracker Lite) (Version:  - ClanServers Hosting LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3349 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
MinecraftAlpha (HKLM-x32\...\MinecraftAlpha) (Version:  - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MTA:SA v1.3.5 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OPERATION7 (HKLM-x32\...\OPERATION7) (Version:  - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27041 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Spielkanäle (x32 Version: 9.2.0.11 - WildTangent, Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
Wizard101(DE) (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Wizard101(DE)_is1) (Version:  - Gameforge 4D GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-10-2014 10:11:02 Windows Update
19-10-2014 18:50:34 Windows Update
14-11-2014 14:45:02 Windows Modules Installer
19-11-2014 16:38:15 Windows Update
27-11-2014 18:26:00 Windows Update
06-12-2014 12:47:12 Windows Update
11-12-2014 19:00:42 Windows Update
19-12-2014 16:21:30 Revo Uninstaller's restore point - abDocs

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14FA1028-9F98-4956-946D-4B13E30B19BE} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {1F7C0A08-85F8-45B8-B900-26F0E7DF6C9D} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-11-19] (Acer)
Task: {2F950441-C496-43B9-A51A-D42CC33CB522} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {3416F7D6-66CB-4824-B085-073F95DE385D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {59B4F9A5-81FA-4E32-8831-5E56E223D3B2} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {991AD5E5-DFB6-48E0-83AF-1AE8142A87A2} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {AB7C8488-2452-423D-AF3A-FEB988CE38B8} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated)
Task: {B32DAFAB-564B-43C1-8F47-460696108ACA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {CDEC366F-05C1-4BA5-873E-36A4EECA4EAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {D5A8973B-2E07-4A3D-B8E2-40979811DF1B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {EF16EDD9-5973-4020-90F4-1BCEFC4E1198} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
Task: {F02E1173-F1F4-4D95-8274-BFBAC23B21CA} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2902429972-443509965-4274997157-1001
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-24 21:03 - 2014-05-25 13:06 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-11-20 13:06 - 2014-11-20 13:06 - 00090368 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2014-11-20 13:06 - 2014-11-20 13:06 - 00089856 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2014-11-21 07:16 - 2014-11-21 07:16 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2014-11-17 10:57 - 2014-11-17 10:57 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-09-16 09:15 - 2014-09-16 09:15 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2014-11-17 10:53 - 2014-11-17 10:53 - 00279296 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-11-20 13:06 - 2014-11-20 13:06 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2014-12-20 13:28 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Pk\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-20 15:33 - 2014-12-20 15:33 - 00043008 _____ () c:\users\pk\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqrfbsd.dll
2014-12-20 13:28 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Pk\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-12-20 13:28 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Pk\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-12-20 13:28 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Pk\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-20 13:28 - 2014-10-22 01:22 - 00118784 _____ () C:\Users\Pk\AppData\Roaming\Dropbox\bin\plugins\accessible\qtaccessiblewidgets.dll
2013-12-19 22:46 - 2013-07-30 18:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\ouali_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Pk\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Pk\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\Pk\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Pk\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\Pk\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Pk\AppData\Roaming:NT2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\StartupApproved\Run: => "CyberGhost"

========================= Accounts: ==========================

Administrator (S-1-5-21-2902429972-443509965-4274997157-500 - Administrator - Disabled)
Gast (S-1-5-21-2902429972-443509965-4274997157-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2902429972-443509965-4274997157-1007 - Limited - Enabled)
ouali_000 (S-1-5-21-2902429972-443509965-4274997157-1002 - Limited - Enabled) => C:\Users\ouali_000
Pk (S-1-5-21-2902429972-443509965-4274997157-1001 - Administrator - Enabled) => C:\Users\Pk

==================== Faulty Device Manager Devices =============

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-08 21:36:08.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:36:07.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:36:06.978
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:35:34.466
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:35:33.682
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:02.863
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:02.289
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:01.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:10:59.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:10:57.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz
Percentage of memory in use: 42%
Total physical RAM: 3979.34 MB
Available physical RAM: 2301.97 MB
Total Pagefile: 8331.34 MB
Available Pagefile: 6268.24 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.19 GB) (Free:350.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 811F8FD7)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 20.12.2014, 15:02   #4
Crounty
 
Pc voll mit Malware - Standard

Pc voll mit Malware



...

Geändert von Crounty (20.12.2014 um 15:55 Uhr)

Alt 21.12.2014, 08:41   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Pc voll mit Malware - Standard

Pc voll mit Malware




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.12.2014, 18:37   #6
Crounty
 
Pc voll mit Malware - Standard

Pc voll mit Malware



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ebef5bea6993594f96ee82c602a50196
# engine=21656
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-21 06:19:15
# local_time=2014-12-21 07:19:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 34008 9490274 0 0
# scanned=244124
# found=40
# cleaned=39
# scan_time=13230
sh=F4BBB551315DBE49911663D85F079AFE8B5F8F51 ft=1 fh=96414ff33da39282 vn="Variante von Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\update[1]"
sh=80970B977AB0EA9A04CBE2D461BCF2906E76B9DF ft=1 fh=c71c001159c7ad58 vn="Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\v-bates\DGChrome.exe.vir"
sh=A865E3D38BB6E80925CE0ED3302F63216F5BD742 ft=1 fh=c71c0011f664ecf3 vn="Variante von Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\v-bates\Extension32.dll.vir"
sh=085B93C8E1DB2DB2246EEF48A924FDE02E58B3B1 ft=1 fh=72cc119c6c0cf2fa vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\v-bates\Extension64.dll.vir"
sh=F01B2664D8FF5A98DF177B7A4407065C32D124EF ft=1 fh=c71c0011fee765ee vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\v-bates\ExtensionUpdaterService.exe.vir"
sh=A5BCC1074522EA9F1EDB2D1C01F603F0C1EC6BA0 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\v-bates\Firefox\chrome\content\main.js.vir"
sh=1F6F1F2989F733607A7230A4DC4A54A62023A4EB ft=1 fh=7d9488d6dd82b054 vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\pc speed up\PCSUSD.exe.vir"
sh=E0965E7B73C8E8D95728A71853CD9997001590BC ft=1 fh=b51dafac565cd70b vn="Win32/Systweak.O evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\CleanSchedule.exe.vir"
sh=DF45A5201604D7986E3153BE2998619ECB5E6551 ft=1 fh=29969ff45a549a07 vn="Variante von Win32/Systweak.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\RCPUninstall.exe.vir"
sh=F4977A23C6895A68D1F2B53AF88D52DE6DFB998F ft=1 fh=2ecd3c6af0f1e8dc vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\RegCleanPro.exe.vir"
sh=476063885747EDD774A6B8CB2790703503A75A55 ft=1 fh=d7bb79193adaee2e vn="Win32/Systweak.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\SSDPTstub.exe.vir"
sh=6B8066AEE7C8FAE3ECB7D6D6FD83B4D425F811A2 ft=1 fh=98e0bbcb76eeca04 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\systweakasp.exe.vir"
sh=53708CCF2410434187CA268A7A724A3992C0FC65 ft=1 fh=a6207637a02e9db4 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=D30BAC56E88EDAEF64D8813330D1FB24921088FA ft=1 fh=5da947440ba8911d vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=4539C49EE54EF49172ADAA38B553E38FDF347C80 ft=1 fh=ab01c90ebcba11aa vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=1E3BA56AFE7F70CA844E8330E38FD662A4B41790 ft=1 fh=9c60344bfd510269 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=33093FCFDCE7C07DD5886ECC4DA42672E5314B09 ft=1 fh=d3cea830025d3e5f vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3D6705DAB5126B0393B6FF5C26484B0899A3D125 ft=1 fh=51586fa0d05d1c4e vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=DE134CEDD3AE537C91B6196D66BFCB0FD7DFE550 ft=1 fh=a9eb9770e77ea827 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=856E28D7768BB8C0CD7F1E4355A810D8DB55F6B0 ft=1 fh=1f4105694a25c3d7 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=D4CC48D139C141781B8D9EC5330FDB3057D3DF88 ft=1 fh=34d17fc7c29d944b vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=5F3FBCA00AA8DEE17FF34FC6D0CB7E3F55314B73 ft=1 fh=1e4266cc5aaaaecd vn="Win32/HackTool.Steam.E Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Games\Rust.Client.v25.02.2014\Rust Client.exe"
sh=03517F89D3F20D2D4E2B1A956F8248C9DA9FFC18 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdiimmpmdoofmahingpgabiikimjgcia\15427.9892.6193_0\extensionData\plugins\91.js"
sh=9806CA9C846454A49F22249E83A2E43993B047BA ft=1 fh=237168f980092527 vn="Variante von Win32/SpeedBit.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Pk\AppData\Local\Temp\ShopperProJSINJFull.exe"
sh=976BFE19D4FD2C4B051AE49C952038651956AD3B ft=1 fh=3fa81d351a31970a vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Pk\AppData\Local\Temp\tu17p84.exe"
sh=6F6B9B1EBAD0E8694711735030222E2A961080DD ft=1 fh=65f8a3aa4e632c4f vn="Variante von Win32/Adware.iBryte.BX Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Pk\Downloads\Nicht bestätigt 231185.crdownload"
sh=AC9000BC7034A767CC842DBF75F694FDEB0BD539 ft=1 fh=05d94f6d18135325 vn="Variante von Win32/Adware.iBryte.BX Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Pk\Downloads\Nicht bestätigt 871388.crdownload"
sh=083E59D5CD3500CF0BBDFC59CC4B39645C5CA83A ft=1 fh=1b7719d2674458f9 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI77DB.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=4D19E1FC12C9F2D1BB673CB02511E4EE86B87EBE ft=1 fh=ec73789bd2de0d47 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI77DB.tmp-\sppsm.dll"
sh=B9E7A461796E22B87226172152D83213002081AC ft=1 fh=74353f1bba4f89f2 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI77DB.tmp-\spusm.dll"
sh=7D37E07482CA5D2EDC014784A215917F63A294F5 ft=1 fh=a9866ae28e6f19a4 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI77DB.tmp-\srbu.dll"
sh=90948FD08FA61D38913DC0D988B830C55D0A45EC ft=1 fh=ed3bd3e2a46ff9be vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI77DB.tmp-\srptc.dll"
sh=083E59D5CD3500CF0BBDFC59CC4B39645C5CA83A ft=1 fh=1b7719d2674458f9 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIF4EC.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=8B6287A98E7CC7403B070D2EF07C4E2BFCEF0403 ft=1 fh=c04b514b90e70a4d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIF4EC.tmp-\spbe.dll"
sh=4D19E1FC12C9F2D1BB673CB02511E4EE86B87EBE ft=1 fh=ec73789bd2de0d47 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIF4EC.tmp-\sppsm.dll"
sh=B9E7A461796E22B87226172152D83213002081AC ft=1 fh=74353f1bba4f89f2 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIF4EC.tmp-\spusm.dll"
sh=0993C65D332068F7DC335AD6C7EBB8E89B515CF0 ft=1 fh=4c6549bbd2148752 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIF4EC.tmp-\srbs.dll"
sh=7D37E07482CA5D2EDC014784A215917F63A294F5 ft=1 fh=a9866ae28e6f19a4 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIF4EC.tmp-\srbu.dll"
sh=90948FD08FA61D38913DC0D988B830C55D0A45EC ft=1 fh=ed3bd3e2a46ff9be vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIF4EC.tmp-\srptc.dll"
sh=F4BBB551315DBE49911663D85F079AFE8B5F8F51 ft=1 fh=96414ff33da39282 vn="Variante von Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\update[1]"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Adobe Flash Player 	15.0.0.246 Flash Player out of Date!  
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Norton Online Backup ARA Engine 4.5.0.9 ARA.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by Pk (administrator) on OUAILS-PC on 21-12-2014 19:30:53
Running from C:\Users\Pk\Desktop
Loaded Profile: Pk (Available profiles: Pk & ouali_000)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\ARA.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-10-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-11-17] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90368 2014-11-20] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [403568 2014-04-14] (CyberGhost S.R.L.)
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2902429972-443509965-4274997157-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Ge-Force -> {11111111-1111-1111-1111-110611191111} -> C:\Program Files (x86)\Ge-Force\Ge-Force-bho64.dll No File
BHO: Sense -> {11111111-1111-1111-1111-110611811153} -> C:\Program Files (x86)\Sense\Sense-bho64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2902429972-443509965-4274997157-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MB3038653-7474-418E-BF69-1EF568F15448&SearchSource=55&CUI=&UM=5&UP=SP59E9C460-1DD9-413E-AB72-B1C5C5FEBACB&SSPV=
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://www.sweet-page.com/?type=hp&ts=1402321604&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402323183&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402324645&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402328681&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402331885&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402338859&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402339144&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402354800&from=cor&uid=ST9500325AS_6VEF8HFW"
CHR Profile: C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Google Drive) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Battlefield Heroes) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-05-24]
CHR Extension: (Google-Suche) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (deoodoglhbmpafkajmlggnjnngdclnie) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoodoglhbmpafkajmlggnjnngdclnie [2014-12-09]
CHR Extension: (Sense) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdiimmpmdoofmahingpgabiikimjgcia [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Google Mail) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-17] (Acer Incorporated)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-14] (CyberGhost S.R.L)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-10-02] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-09-20] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-25] ()
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-21 19:30 - 2014-12-21 19:32 - 00018268 _____ () C:\Users\Pk\Desktop\FRST.txt
2014-12-21 15:34 - 2014-12-21 15:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-21 15:33 - 2014-12-21 15:33 - 00852505 _____ () C:\Users\Pk\Downloads\SecurityCheck.exe
2014-12-21 15:32 - 2014-12-21 15:33 - 02347384 _____ (ESET) C:\Users\Pk\Downloads\esetsmartinstaller_deu.exe
2014-12-20 15:53 - 2014-12-20 15:53 - 00000000 ____D () C:\Users\Pk\Desktop\FRST-OlderVersion
2014-12-20 15:45 - 2014-12-20 15:45 - 00000611 _____ () C:\Users\Pk\Desktop\JRT.txt
2014-12-20 15:34 - 2014-12-20 15:34 - 00000000 ____D () C:\Windows\ERUNT
2014-12-20 13:30 - 2014-12-20 15:33 - 00000000 ___RD () C:\Users\Pk\Dropbox
2014-12-20 13:30 - 2014-12-20 13:30 - 00001171 _____ () C:\Users\Pk\Desktop\Dropbox.lnk
2014-12-20 13:28 - 2014-12-20 13:28 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-20 13:24 - 2014-12-20 15:33 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\Dropbox
2014-12-20 13:22 - 2014-12-20 13:23 - 00324224 _____ (Dropbox, Inc.) C:\Users\Pk\Downloads\DropboxInstaller.exe
2014-12-19 18:59 - 2014-12-21 18:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 18:59 - 2014-12-19 18:59 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-19 18:59 - 2014-12-19 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-19 18:58 - 2014-12-19 18:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-19 18:58 - 2014-12-19 18:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-19 18:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-19 18:58 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-19 18:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-19 18:56 - 2014-12-19 18:56 - 02166272 _____ () C:\Users\Pk\Desktop\AdwCleaner_4.105.exe
2014-12-19 18:55 - 2014-12-19 18:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Pk\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-19 18:55 - 2014-12-19 18:56 - 01707646 _____ (Thisisu) C:\Users\Pk\Desktop\JRT.exe
2014-12-19 18:08 - 2014-12-19 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-19 18:08 - 2014-12-19 18:08 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-19 18:07 - 2014-12-20 15:31 - 00039424 _____ () C:\Windows\PFRO.log
2014-12-19 16:30 - 2014-12-21 19:31 - 00000000 ___DC () C:\FRST
2014-12-19 16:18 - 2014-12-20 15:53 - 02122240 ____C (Farbar) C:\Users\Pk\Desktop\FRST64.exe
2014-12-19 16:17 - 2014-12-19 16:17 - 00001284 _____ () C:\Users\Pk\Desktop\Revo Uninstaller.lnk
2014-12-19 16:17 - 2014-12-19 16:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-16 16:15 - 2014-12-16 16:15 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
2014-12-14 11:23 - 2014-12-14 11:38 - 00000459 _____ () C:\Users\Pk\.swfinfo
2014-12-13 17:01 - 2014-12-13 17:01 - 00045112 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-12-10 19:32 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 19:32 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 19:31 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 19:31 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 19:31 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 19:31 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 18:12 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 18:12 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 18:12 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 18:12 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 18:12 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 18:12 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 18:12 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 18:12 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 18:12 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 18:12 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 18:12 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-10 18:11 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 18:11 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 18:11 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 18:11 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 18:11 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 18:11 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 18:11 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 18:11 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 18:11 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 18:11 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 18:11 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 18:11 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 18:11 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 18:11 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 18:11 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 18:11 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 18:11 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 18:11 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 18:11 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 18:11 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 18:11 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 18:11 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 18:11 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 18:11 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 18:11 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 18:11 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 18:11 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 18:11 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 18:11 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 18:11 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 18:11 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-06 12:51 - 2014-12-06 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-06 12:49 - 2014-12-06 12:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-06 12:49 - 2014-12-06 12:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-06 11:59 - 2014-12-06 11:59 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\.technic
2014-12-03 15:31 - 2014-12-20 15:19 - 00000000 ____D () C:\Program Files (x86)\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8
2014-12-03 15:31 - 2014-12-20 15:19 - 00000000 ____D () C:\Program Files (x86)\3a61f36b-5e00-4615-847d-0d7a34dfcb15
2014-11-24 09:46 - 2014-11-24 09:46 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 14:36 - 2013-12-19 22:21 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2013-12-19 22:21 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2014-12-21 19:33 - 2014-03-19 18:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-21 19:23 - 2014-06-21 18:06 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21.job
2014-12-21 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-21 18:18 - 2014-03-19 18:19 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2902429972-443509965-4274997157-1001
2014-12-21 18:02 - 2014-10-07 20:18 - 01694330 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 17:55 - 2014-03-23 18:24 - 00000000 ____D () C:\Users\Pk\AppData\Local\CrashDumps
2014-12-21 15:31 - 2013-12-20 06:42 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-21 15:31 - 2013-12-20 06:42 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-21 15:31 - 2013-11-27 10:55 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 15:27 - 2014-03-27 18:09 - 00000000 ___DO () C:\Users\Pk\SkyDrive
2014-12-21 15:26 - 2014-03-20 19:50 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 15:25 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-21 14:38 - 2014-10-20 16:32 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\.minecraft
2014-12-21 10:45 - 2014-03-19 18:09 - 00000000 ____D () C:\Users\Pk
2014-12-20 15:30 - 2014-05-01 09:24 - 00000000 ___DC () C:\AdwCleaner
2014-12-20 15:30 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-12-20 15:19 - 2014-05-11 17:26 - 00000000 ____D () C:\Program Files (x86)\AMX Mod X
2014-12-20 12:49 - 2014-08-13 16:00 - 00000000 ____D () C:\Users\Pk\AppData\Local\LogMeIn Hamachi
2014-12-19 20:50 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-19 18:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-19 18:39 - 2014-03-19 18:09 - 00000000 ____D () C:\Users\Pk\AppData\Local\Pokki
2014-12-19 18:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\ProgramData\Acer
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-12-19 16:27 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-19 16:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-12-19 15:51 - 2014-05-13 18:22 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\uTorrent
2014-12-16 16:13 - 2014-03-19 18:12 - 00000000 ____D () C:\Users\Pk\AppData\Local\clear.fi
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 19:14 - 2014-03-22 19:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 19:05 - 2014-03-22 19:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 18:33 - 2014-03-19 18:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 22:10 - 2014-11-14 22:54 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-11-14 22:54 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-21 07:14 - 2013-11-27 10:40 - 00000000 ___HD () C:\OEM

Files to move or delete:
====================
C:\Users\Pk\jagex_cl_runescape_LIVE.dat
C:\Users\Pk\random.dat


Some content of TEMP:
====================
C:\Users\Pk\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqrfbsd.dll
C:\Users\Pk\AppData\Local\Temp\h_keixo5.dll
C:\Users\Pk\AppData\Local\Temp\Quarantine.exe
C:\Users\Pk\AppData\Local\Temp\sqlite3.dll
C:\Users\Pk\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Pk\AppData\Local\Temp\System.Data.SQLitef8540cf9-92f7-4c52-9842-74687b7729a5.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 21:02

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by Pk at 2014-12-21 19:33:25
Running from C:\Users\Pk\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2001.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2013.0 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.03.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Air Control Simulator (x32 Version: 3.0.2.59 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMX Mod X Installer 1.8.2 (HKLM-x32\...\AMX Mod X Installer) (Version: 1.8.2 - AMX Mod X Dev Team)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.03.2001.0 - Acer Incorporated)
AssaultCube v1.2.0.2 (HKLM-x32\...\AssaultCube) (Version: 1.2.0.2 - )
Battlefield Heroes (Pk) (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Elsword (HKLM-x32\...\Elsword_de_is1) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.6.28.201_WHQL (HKLM\...\Elantech) (Version: 11.6.28.201 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GameTracker Lite (HKLM-x32\...\GameTracker Lite) (Version:  - ClanServers Hosting LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3349 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
MinecraftAlpha (HKLM-x32\...\MinecraftAlpha) (Version:  - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MTA:SA v1.3.5 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OPERATION7 (HKLM-x32\...\OPERATION7) (Version:  - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27041 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Spielkanäle (x32 Version: 9.2.0.11 - WildTangent, Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
Wizard101(DE) (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Wizard101(DE)_is1) (Version:  - Gameforge 4D GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-10-2014 10:11:02 Windows Update
19-10-2014 18:50:34 Windows Update
14-11-2014 14:45:02 Windows Modules Installer
19-11-2014 16:38:15 Windows Update
27-11-2014 18:26:00 Windows Update
06-12-2014 12:47:12 Windows Update
11-12-2014 19:00:42 Windows Update
19-12-2014 16:21:30 Revo Uninstaller's restore point - abDocs

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14FA1028-9F98-4956-946D-4B13E30B19BE} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {1F7C0A08-85F8-45B8-B900-26F0E7DF6C9D} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-11-19] (Acer)
Task: {2F950441-C496-43B9-A51A-D42CC33CB522} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {3416F7D6-66CB-4824-B085-073F95DE385D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {59B4F9A5-81FA-4E32-8831-5E56E223D3B2} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {991AD5E5-DFB6-48E0-83AF-1AE8142A87A2} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {AB7C8488-2452-423D-AF3A-FEB988CE38B8} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated)
Task: {B32DAFAB-564B-43C1-8F47-460696108ACA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {CDEC366F-05C1-4BA5-873E-36A4EECA4EAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {D5A8973B-2E07-4A3D-B8E2-40979811DF1B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {EF16EDD9-5973-4020-90F4-1BCEFC4E1198} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
Task: {F02E1173-F1F4-4D95-8274-BFBAC23B21CA} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2902429972-443509965-4274997157-1001
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-24 21:03 - 2014-05-25 13:06 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-11-20 13:06 - 2014-11-20 13:06 - 00090368 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2014-11-20 13:06 - 2014-11-20 13:06 - 00089856 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2014-11-21 07:16 - 2014-11-21 07:16 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2014-11-17 10:57 - 2014-11-17 10:57 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-09-16 09:15 - 2014-09-16 09:15 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2014-11-17 10:53 - 2014-11-17 10:53 - 00279296 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-11-20 13:06 - 2014-11-20 13:06 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2013-12-19 22:46 - 2013-07-30 18:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\ouali_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Pk\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Pk\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\Pk\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Pk\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\Pk\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Pk\AppData\Roaming:NT2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\StartupApproved\Run: => "CyberGhost"

========================= Accounts: ==========================

Administrator (S-1-5-21-2902429972-443509965-4274997157-500 - Administrator - Disabled)
Gast (S-1-5-21-2902429972-443509965-4274997157-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2902429972-443509965-4274997157-1007 - Limited - Enabled)
ouali_000 (S-1-5-21-2902429972-443509965-4274997157-1002 - Limited - Enabled) => C:\Users\ouali_000
Pk (S-1-5-21-2902429972-443509965-4274997157-1001 - Administrator - Enabled) => C:\Users\Pk

==================== Faulty Device Manager Devices =============

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2014 07:24:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/21/2014 05:52:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.6, Zeitstempel: 0x546963f7
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b1d
ID des fehlerhaften Prozesses: 0x115c
Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0
Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1
Pfad des fehlerhaften Moduls: BackgroundAgent.exe2
Berichtskennung: BackgroundAgent.exe3
Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5

Error: (12/21/2014 03:34:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/21/2014 03:34:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/21/2014 03:34:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/21/2014 03:27:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.3.2000, Zeitstempel: 0x546c82a9
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001bf5f0
ID des fehlerhaften Prozesses: 0xf00
Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0
Pfad der fehlerhaften Anwendung: AcerPortal.exe1
Pfad des fehlerhaften Moduls: AcerPortal.exe2
Berichtskennung: AcerPortal.exe3
Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5

Error: (12/21/2014 01:42:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.6, Zeitstempel: 0x546963f7
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b1d
ID des fehlerhaften Prozesses: 0x1714
Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0
Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1
Pfad des fehlerhaften Moduls: BackgroundAgent.exe2
Berichtskennung: BackgroundAgent.exe3
Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5

Error: (12/21/2014 10:47:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.3.2000, Zeitstempel: 0x546c82a9
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001bf5f0
ID des fehlerhaften Prozesses: 0x1988
Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0
Pfad der fehlerhaften Anwendung: AcerPortal.exe1
Pfad des fehlerhaften Moduls: AcerPortal.exe2
Berichtskennung: AcerPortal.exe3
Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5

Error: (12/20/2014 04:45:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.6, Zeitstempel: 0x546963f7
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b1d
ID des fehlerhaften Prozesses: 0x16d8
Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0
Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1
Pfad des fehlerhaften Moduls: BackgroundAgent.exe2
Berichtskennung: BackgroundAgent.exe3
Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5


System errors:
=============
Error: (12/21/2014 03:26:20 PM) (Source: DCOM) (EventID: 10016) (User: OUAILS-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Ouails-PCPkS-1-5-21-2902429972-443509965-4274997157-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/21/2014 03:26:20 PM) (Source: DCOM) (EventID: 10016) (User: OUAILS-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Ouails-PCPkS-1-5-21-2902429972-443509965-4274997157-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/21/2014 03:26:20 PM) (Source: DCOM) (EventID: 10016) (User: OUAILS-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Ouails-PCPkS-1-5-21-2902429972-443509965-4274997157-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/21/2014 03:26:19 PM) (Source: DCOM) (EventID: 10016) (User: OUAILS-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Ouails-PCPkS-1-5-21-2902429972-443509965-4274997157-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/21/2014 03:26:19 PM) (Source: DCOM) (EventID: 10016) (User: OUAILS-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Ouails-PCPkS-1-5-21-2902429972-443509965-4274997157-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/21/2014 03:26:19 PM) (Source: DCOM) (EventID: 10016) (User: OUAILS-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Ouails-PCPkS-1-5-21-2902429972-443509965-4274997157-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/21/2014 03:26:19 PM) (Source: DCOM) (EventID: 10016) (User: OUAILS-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Ouails-PCPkS-1-5-21-2902429972-443509965-4274997157-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/21/2014 03:25:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/21/2014 03:25:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (12/21/2014 03:25:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎21.‎12.‎2014 um 15:21:51 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (12/21/2014 07:24:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/21/2014 05:52:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.6546963f7MSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d115c01d01d2a2143c545C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dllb2a5e4c8-8931-11e4-83b6-201a06cb959b

Error: (12/21/2014 03:34:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Pk\Downloads\esetsmartinstaller_deu.exe

Error: (12/21/2014 03:34:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Pk\Downloads\esetsmartinstaller_deu.exe

Error: (12/21/2014 03:34:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Pk\Downloads\esetsmartinstaller_deu.exe

Error: (12/21/2014 03:27:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.3.2000546c82a9SHELL32.dll6.3.9600.1733154023318c0000005001bf5f0f0001d01d2a4f39569eC:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll8f40c593-891d-11e4-83b6-201a06cb959b

Error: (12/21/2014 01:42:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.6546963f7MSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d171401d01d02f5233571C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dlle2e2408a-890e-11e4-83b5-201a06cb959b

Error: (12/21/2014 10:47:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.3.2000546c82a9SHELL32.dll6.3.9600.1733154023318c0000005001bf5f0198801d01d031f0c2635C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll5f5520ac-88f6-11e4-83b5-201a06cb959b

Error: (12/20/2014 04:45:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.6546963f7MSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d16d801d01c61d2d7a9caC:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dll277dca97-885f-11e4-83b4-201a06cb959b


CodeIntegrity Errors:
===================================
  Date: 2014-12-08 21:36:08.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:36:07.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:36:06.978
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:35:34.466
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:35:33.682
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:02.863
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:02.289
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:01.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:10:59.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:10:57.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz
Percentage of memory in use: 52%
Total physical RAM: 3979.34 MB
Available physical RAM: 1886.7 MB
Total Pagefile: 8331.34 MB
Available Pagefile: 5679.25 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.19 GB) (Free:349.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 811F8FD7)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Immernoch die ADS

Alt 22.12.2014, 15:30   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Pc voll mit Malware - Standard

Pc voll mit Malware



in welchem Browser?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.12.2014, 16:08   #8
Crounty
 
Pc voll mit Malware - Standard

Pc voll mit Malware



Nur in Chrome, da kommen die Ads by Info und Senseplus.
Hab auch den Internet Explorer versucht und da kam nichts.

Alt 24.12.2014, 15:05   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Pc voll mit Malware - Standard

Pc voll mit Malware



Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de


Frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Pc voll mit Malware
caramava entfernen, cyberghost, install.exe, launch, pc speed up entfernen, pokki entfernen, pup.optional.browsefox.a, pup.optional.caramava.a, pup.optional.crossrider.a, pup.optional.geforce.a, pup.optional.globalupdate.a, pup.optional.globalupdate.t, pup.optional.iwebar.a, pup.optional.regcleanerpro.a, pup.optional.regcleanpro.a, pup.optional.searchprotect, pup.optional.shopperpro, pup.optional.shoppinghelper.a, pup.optional.snapdo.t, pup.optional.speedchecker.a, pup.optional.systemspeedup, pup.optional.vbates, pup.optional.vbateshelper.a, rockettab entfernen, search protect entfernen, sense entfernen, shopping helper smartbar entfernen, ytdownloader, ytdownloader entfernen



Ähnliche Themen: Pc voll mit Malware


  1. Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware
    Log-Analyse und Auswertung - 23.04.2015 (25)
  2. Arbeitsspeicher voll ausgelastet
    Plagegeister aller Art und deren Bekämpfung - 02.02.2015 (1)
  3. C: nach Bluescreenplötzlich voll
    Alles rund um Windows - 17.01.2015 (5)
  4. WIN 8 Haufenweise Trojaner/Malware. HDD müllt sich im Sekundentakt voll.
    Plagegeister aller Art und deren Bekämpfung - 06.07.2014 (5)
  5. Firefox stürzt ständig ab/System voll mit Malware
    Plagegeister aller Art und deren Bekämpfung - 28.04.2014 (21)
  6. PC voll mit Viren!!!
    Log-Analyse und Auswertung - 19.11.2013 (15)
  7. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  8. Festplatte voll?!
    Log-Analyse und Auswertung - 29.07.2009 (2)
  9. Laufwerk C voll
    Alles rund um Windows - 25.02.2009 (1)
  10. Pc voll mit Trojanern
    Plagegeister aller Art und deren Bekämpfung - 05.07.2008 (6)
  11. Festplatte voll und TR/Dropper.Gen
    Log-Analyse und Auswertung - 24.06.2008 (1)
  12. Festplatte voll
    Alles rund um Windows - 20.05.2008 (30)
  13. Voll verseucht
    Log-Analyse und Auswertung - 11.12.2007 (3)
  14. Voll die Seuche
    Log-Analyse und Auswertung - 10.04.2007 (10)
  15. voll Gestresst
    Plagegeister aller Art und deren Bekämpfung - 16.02.2005 (6)
  16. Voll die Seuche ey
    Log-Analyse und Auswertung - 07.12.2004 (2)
  17. festplatte voll
    Plagegeister aller Art und deren Bekämpfung - 18.02.2004 (32)

Zum Thema Pc voll mit Malware - Hallo Leute, hab einen Pc voll mit Malware gefunden, brauche deswegen eure Hilfe damit dieser wieder läuft. FRST Logfile: FRST Logfile: Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar - Pc voll mit Malware...
Archiv
Du betrachtest: Pc voll mit Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.