Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 8 - Versuchte Registryänderung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 28.12.2014, 15:22   #1
Naxus
 
Win 8 - Versuchte Registryänderung - Standard

Win 8 - Versuchte Registryänderung



Ok, habe seid einigen Tagen massive Virenprobleme (gehabt), auf meinem Mainacc haben sich immer mehr Programme im Hintergrund geöffnet, danach hat Avast im Sekundentakt Schadsoftware geblockt, und ein paar Stunden später ging alle 2 Sek die Benutzerkontensteuerung an und wollte Adminrechte für die Registry (welche ich nicht erteilt habe). Main Mainaccount war damit nicht mehr benutztbar. Avast hat daraufhin einen Scan noch vor dem Systemstart durchgeführt.
Alle weiteren Scans habe ich auf dem Gastkonto durchgeführt:
Zunächst ein MBAM Scan:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 28.12.2014
Scan Time: 13:42:59
Logfile: mbam scan.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.28.06
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: janeisklar

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376893
Time Elapsed: 17 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2855763909-2318779563-1536155455-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [092d7eeabbc11026ae00ff18857ec33d], 
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [092d7eeabbc11026ae00ff18857ec33d], 
Trojan.FakeMS.ED, HKLM\SOFTWARE\CLASSES\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}, Quarantined, [f3432345740860d64c0847aa50b152ae], 
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [0432e187bebefd39a74c0ac0ba4a6799], 
PUP.Optional.GeForce.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, Quarantined, [df57a7c1ea9285b1c1e8d106af552ad6], 
PUP.Optional.HQVideo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQ-Video-Pro-2.1cV21.12, Quarantined, [1a1ce78189f3023491b2914b0ff51fe1], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2855763909-2318779563-1536155455-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [ad899dcb611bd85eb340a228d82c827e], 
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-2855763909-2318779563-1536155455-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Quarantined, [ba7c5315413bfb3baf5bdafe9f65c63a], 
PUP.Optional.ShopperPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, Quarantined, [72c44d1b3b412d095109c8beb64f55ab], 
PUP.Optional.ShopperPro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, Quarantined, [72c44d1b3b412d095109c8beb64f55ab], 

Registry Values: 3
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [3afcd296720a9a9ce13d165ab44f3ec2]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [f73f5c0c403cb08606183a3609faed13]
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-2855763909-2318779563-1536155455-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, ShoppingHelper, Quarantined, [ba7c5315413bfb3baf5bdafe9f65c63a]

Registry Data: 7
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQOCwyOLJch7wqhi-1tfoQyLurXllxetPJfPUaBY3WvmpzdedmgeRHD-ERwsmikGWk8Tgzhg_CK0gWdVnWJQVN5biEK9uh0A59wDL7nNx5KZsM9jTataj7CahsOHuY4,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQOCwyOLJch7wqhi-1tfoQyLurXllxetPJfPUaBY3WvmpzdedmgeRHD-ERwsmikGWk8Tgzhg_CK0gWdVnWJQVN5biEK9uh0A59wDL7nNx5KZsM9jTataj7CahsOHuY4,&q={searchTerms}),Replaced,[c17513550775d5619170690b82837f81]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2855763909-2318779563-1536155455-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQOCwyOLJch7wqhi-1tfoQyLurXllxetPJfPUaBY3WvmpzdedmgeRHD-ERwsmikGWk8Tgzhg_CK0gWdVnWJQVN5biEK9uh0A59wDL7nNx5KZsM9jTataj7CahsOHuYk,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQOCwyOLJch7wqhi-1tfoQyLurXllxetPJfPUaBY3WvmpzdedmgeRHD-ERwsmikGWk8Tgzhg_CK0gWdVnWJQVN5biEK9uh0A59wDL7nNx5KZsM9jTataj7CahsOHuYk,&q={searchTerms}),Replaced,[d75f75f33b4141f5798ba0d4da2b07f9]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2855763909-2318779563-1536155455-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQOCwyOLJch7wqhi-1tfoQyLurXllxetPJfPUaBY3WvmpzdedmgeRHD-ERwsmikGWkNkWzOavfK1c5h1F1blx0g4YALiwok3ZMudnEKWQv-VhUsioWmKoJFtatiF2uE,, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQOCwyOLJch7wqhi-1tfoQyLurXllxetPJfPUaBY3WvmpzdedmgeRHD-ERwsmikGWkNkWzOavfK1c5h1F1blx0g4YALiwok3ZMudnEKWQv-VhUsioWmKoJFtatiF2uE,),Replaced,[33034a1ef884b1854fb6cca8f70e51af]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2855763909-2318779563-1536155455-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQOCwyOLJch7wqhi-1tfoQyLurXllxetPJfPUaBY3WvmpzdedmgeRHD-ERwsmikGWk8Tgzhg_CK0gWdVnWJQVN5biEK9uh0A59wDL7nNx5KZsM9jTataj7CahsOHuYk,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQOCwyOLJch7wqhi-1tfoQyLurXllxetPJfPUaBY3WvmpzdedmgeRHD-ERwsmikGWk8Tgzhg_CK0gWdVnWJQVN5biEK9uh0A59wDL7nNx5KZsM9jTataj7CahsOHuYk,&q={searchTerms}),Replaced,[2f071e4a76061620a85b066e28ddb050]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2855763909-2318779563-1536155455-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQOCwyOLJch7wqhi-1tfoQyLurXllxetPJfPUaBY3WvmpzdedmgeRHD-ERwsmikGWk8Tgzhg_CK0gWdVnWJQVN5biEK9uh0A59wDL7nNx5KZsM9jTataj7CahsOHuYk,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQOCwyOLJch7wqhi-1tfoQyLurXllxetPJfPUaBY3WvmpzdedmgeRHD-ERwsmikGWk8Tgzhg_CK0gWdVnWJQVN5biEK9uh0A59wDL7nNx5KZsM9jTataj7CahsOHuYk,&q={searchTerms}),Replaced,[9f9720485f1dee48d92df57f9570cf31]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2855763909-2318779563-1536155455-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQOCwyOLJch7wqhi-1tfoQyLurXllxetPJfPUaBY3WvmpzdedmgeRHD-ERwsmikGWk8Tgzhg_CK0gWdVnWJQVN5biEK9uh0A59wDL7nNx5KZsM9jTataj7CahsOHuYk,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQOCwyOLJch7wqhi-1tfoQyLurXllxetPJfPUaBY3WvmpzdedmgeRHD-ERwsmikGWk8Tgzhg_CK0gWdVnWJQVN5biEK9uh0A59wDL7nNx5KZsM9jTataj7CahsOHuYk,&q={searchTerms}),Replaced,[3105da8ede9e290d36d1b1c359ac827e]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2855763909-2318779563-1536155455-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQOCwyOLJch7wqhi-1tfoQyLurXllxetPJfPUaBY3WvmpzdedmgeRHD-ERwsmikGWk8Tgzhg_CK0gWdVnWJQVN5biEK9uh0A59wDL7nNx5KZsM9jTataj7CahsOHuYk,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQOCwyOLJch7wqhi-1tfoQyLurXllxetPJfPUaBY3WvmpzdedmgeRHD-ERwsmikGWk8Tgzhg_CK0gWdVnWJQVN5biEK9uh0A59wDL7nNx5KZsM9jTataj7CahsOHuYk,&q={searchTerms}),Replaced,[4ee8491f5c20d264ad55db990afb03fd]

Folders: 0
(No malicious items detected)

Files: 8
Trojan.Ransom.ED, C:\ProgramData\EAF79594B.cpp, Quarantined, [42f4b1b7acd085b1497023dace3323dd], 
Trojan.Agent.ED, C:\ProgramData\Windows Genuine Advantage\{6BCC7DAA-0F61-4F4C-8BFA-38F32EA8636B}\powercpl31.dll, Quarantined, [96a037311a62270f6e7b1fe0b34e966a], 
Trojan.FakeMS.ED, C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\d3d10core.dll, Delete-on-Reboot, [f3432345740860d64c0847aa50b152ae], 
PUP.Optional.HQVideo.A, C:\Users\janeisklar\AppData\Roaming\VIZGDEC.exe, Quarantined, [6fc7610788f4a59162488c2530d5956b], 
PUP.Optional.Sense.A, C:\Program Files (x86)\Sense\Sense-bho.dll, Quarantined, [88ae491fe09cc76fe15e4525d031eb15], 
Trojan.Ransom.ED, C:\Users\janeisklar\AppData\Local\Temp\bZKO.dll, Quarantined, [0c2a0e5a82fa6fc7e9d0af4e2fd24bb5], 
PUP.Optional.WebSearch.A, C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default\searchplugins\Web Search.xml, Quarantined, [55e1e68229534de96c8e2a6cc83bdb25], 
PUP.Optional.CrossRider.A, C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14a6d07cb674296d5c7cffb75ba263da");), Replaced,[fe3842260f6d83b3ca4349700afb619f]

Physical Sectors: 0
(No malicious items detected)


(end)
         
Danach bin ich nach Forenanleitung vorgegangen:
Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:45 on 28/12/2014 (janeisklar)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by Gast (ATTENTION: The logged in user is not administrator) on PIZZAPLANET on 28-12-2014 14:11:02
Running from C:\Users\Gast\Downloads
Loaded Profile: Gast (Available profiles: janeisklar & Gast)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Pokki) C:\Users\Gast\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NOX) C:\Program Files (x86)\Ozone Gaming\Ozone Radon\Ozone_Radon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Pokki) C:\Users\Gast\AppData\Local\Pokki\Engine\HostAppService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Pokki) C:\Users\Gast\AppData\Local\Pokki\Engine\HostAppService.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [Ozone Radon Gaming Mouse] => C:\Program Files (x86)\Ozone Gaming\Ozone Radon\Ozone_Radon.exe [25473024 2011-09-28] (NOX)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-28] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2855763909-2318779563-1536155455-501\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:60267;https=127.0.0.1:60267
ProxyEnable: [S-1-5-21-2855763909-2318779563-1536155455-501] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2855763909-2318779563-1536155455-501] => http=127.0.0.1:60267;https=127.0.0.1:60267
HKU\S-1-5-21-2855763909-2318779563-1536155455-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2855763909-2318779563-1536155455-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2855763909-2318779563-1536155455-501\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2855763909-2318779563-1536155455-501\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-2855763909-2318779563-1536155455-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2855763909-2318779563-1536155455-501 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-28]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "EventLog" service could not be unlocked. <===== ATTENTION

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-28] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-28] (Avast Software)
S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
S4 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-11-21] (LENOVO INCORPORATED.)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-16] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-04-16] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-16] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-28] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-28] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-28] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 13:39 - 2014-12-28 13:42 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 13:39 - 2014-12-28 13:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-28 13:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-28 13:39 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-28 13:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-28 13:18 - 2014-12-28 13:19 - 00000000 ____D () C:\Users\Gast
2014-12-28 13:12 - 2014-12-28 13:12 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-12-12-13.060-aswFe.exe-4244.log
2014-12-28 13:04 - 2014-12-28 13:12 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-12-04-46.021-aswFe.exe-4964.log
2014-12-28 13:04 - 2014-12-28 13:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-28 13:04 - 2014-12-28 13:04 - 00000197 _____ () C:\WINDOWS\system32\2014-12-28-12-04-42.094-AvastVBoxSVC.exe-1504.log
2014-12-28 13:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-12-28 05:45 - 2014-12-28 14:02 - 00006102 _____ () C:\WINDOWS\PFRO.log
2014-12-28 02:48 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-28 02:23 - 2014-12-28 02:23 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-01-23-41.042-aswFe.exe-8084.log
2014-12-28 02:11 - 2014-12-28 02:23 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-01-11-56.015-aswFe.exe-4244.log
2014-12-28 02:10 - 2014-12-28 02:10 - 00000197 _____ () C:\WINDOWS\system32\2014-12-28-01-10-36.020-AvastVBoxSVC.exe-8052.log
2014-12-28 01:23 - 2014-12-28 01:23 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-12-28 01:23 - 2014-12-28 01:23 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-12-28 01:10 - 2014-12-28 01:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2014-12-28 01:10 - 2014-12-28 01:11 - 00000000 ____D () C:\WINDOWS\system32\vbox
2014-12-28 01:04 - 2014-12-28 01:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-28 01:03 - 2014-12-28 01:23 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-12-28 01:03 - 2014-12-28 01:03 - 00000000 ____D () C:\Program Files\LockHunter
2014-12-28 01:02 - 2014-12-28 01:02 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-27 22:57 - 2014-12-27 22:57 - 00057096 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2014-12-27 22:57 - 2014-12-27 22:57 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\SysWOW64\certsentry.dll
2014-12-27 22:57 - 2014-12-27 22:57 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-12-27 22:56 - 2014-12-27 22:56 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2014-12-27 20:16 - 2014-12-28 14:07 - 00194824 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-21 15:47 - 2014-12-21 15:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-21 15:07 - 2014-12-21 15:07 - 00000000 _____ () C:\autoexec.bat
2014-12-21 14:23 - 2014-12-21 14:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-21 14:22 - 2014-12-28 14:01 - 00000000 ____D () C:\Program Files (x86)\Sense
2014-12-21 14:19 - 2014-12-21 15:07 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-20 17:09 - 2014-12-20 17:09 - 00000000 ____D () C:\Program Files (x86)\Helden-Software
2014-12-16 08:27 - 2014-12-16 08:27 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-13 17:01 - 2014-12-13 17:01 - 00045112 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2014-12-13 13:45 - 2014-12-13 13:45 - 00066728 _____ (Eugene V. Muzychenko) C:\WINDOWS\system32\Drivers\vrtaucbl.sys
2014-12-13 13:45 - 2014-12-13 13:45 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-12-13 13:42 - 2014-12-13 13:42 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-12-09 19:41 - 2014-12-09 19:41 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-12-09 14:00 - 2014-12-09 14:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-08 22:54 - 2014-12-08 22:55 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-12-04 07:53 - 2014-12-04 07:52 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-12-04 07:52 - 2014-12-04 07:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-01 11:21 - 2014-12-01 11:29 - 00000000 ____D () C:\rads

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 14:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-28 14:04 - 2014-08-14 13:10 - 01948257 _____ () C:\WINDOWS\SysWOW64\rootpa.e2e
2014-12-28 14:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\InputMethod
2014-12-28 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-28 13:45 - 2014-11-15 18:09 - 00000000 ____D () C:\Users\janeisklar
2014-12-28 11:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-28 05:46 - 2013-08-22 15:44 - 00374456 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-28 00:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2014-12-21 15:51 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-12-21 15:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-12-21 15:48 - 2014-11-16 20:17 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-21 15:48 - 2014-04-02 18:34 - 00000000 ____D () C:\WINDOWS\Panther
2014-12-18 11:55 - 2014-08-14 22:50 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-18 11:55 - 2014-08-14 22:50 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-18 11:55 - 2014-03-18 10:53 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-10 07:55 - 2014-11-15 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-08 15:14 - 2014-11-16 08:42 - 00000000 ____D () C:\mukke
2014-12-07 23:52 - 2014-11-16 13:22 - 00000000 ____D () C:\Program Files (x86)\EA Games

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
mit addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by Gast at 2014-12-28 13:49:55
Running from C:\Users\Gast\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A0EE5DB1-8E1F-7BB2-6734-9CDC5E8DF0DD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
BEACON (HKLM-x32\...\{259BF8E7-28DB-461F-8D7F-7B6E267D2502}_is1) (Version: 1.4.0509.0 - Lenovo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
foobar2000 v1.3.5 (HKLM-x32\...\foobar2000) (Version: 1.3.5 - Peter Pawlowski)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.32.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Web Start (HKU\S-1-5-21-2855763909-2318779563-1536155455-501\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.1.52728 - Pokki)
Lenovo Web Start (HKU\S-1-5-21-2855763909-2318779563-1536155455-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.1.52728 - Pokki)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
NVIDIA PhysX v8.10.17 (HKLM-x32\...\{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}) (Version: 8.10.17 - NVIDIA Corporation)
Ozone Radon (HKLM-x32\...\{B50AB875-64A2-4D12-BB48-B15611B48CE0}) (Version: 1.0.0 - Ozone Gaming)
PSP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Startmenü (HKU\S-1-5-21-2855763909-2318779563-1536155455-501\...\Pokki) (Version: 0.268.2.183 - Pokki)
Startmenü (HKU\S-1-5-21-2855763909-2318779563-1536155455-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki) (Version: 0.268.2.183 - Pokki)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list restore points.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


==================== Loaded Modules (whitelisted) =============

2014-03-25 09:23 - 2014-03-25 09:23 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: Lenovo System Agent Service => 2
MSCONFIG\Services: MpsSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "FamilySafetyGuide.lnk"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "LVT"
HKLM\...\StartupApproved\Run32: => "jmekey"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "jmesoft"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SPDriver"
HKLM\...\StartupApproved\Run32: => "YTDownloader"

========================= Accounts: ==========================


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Systemfehler 5 aufgetreten.

Zugriff verweigert


==================== Memory info =========================== 

Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics 
Percentage of memory in use: 62%
Total physical RAM: 3518.09 MB
Available physical RAM: 1306.25 MB
Total Pagefile: 4414.09 MB
Available Pagefile: 1635.6 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:319.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
GMER ließ sich nicht ausführen, aufgrund folgender Fehlermeldung.
Code:
ATTFilter
C:\WINDOWS\system32\config\system: Der Prozess kann nicht auf die Dateien zugreifen, da sie von einem anderen Prozess verwendet werden.
         
Danach habe ich nochmals versucht auf meinem eigentlich Benutzeraccount einzuloggen.
Keine Meldung von Avast, keine Benutzerkontensteuerung, läuft... eigentlich.
Allerdings kommen immer noch 2 Meldungen:
RegSvr32:
Code:
ATTFilter
Fehler beim Laden des Moduls 
"C:\ProgramData\MojjUtaw\WetayOdewu.atw".

Stellen sie sicher, dass die Binärdatei am angegeben 
Pfad gespeichert ist, oder debuggen Sie die Datei, um 
Probleme mit der binären Datei oder abhängigen 
DLL-Dateien auszuschließen.

Der Vorgang konnte nicht erfolgreich abgeschlossen 
werden, da die Datei einen Virus oder möglicherweise
unerwünschte Software enthält
         
RunDLL
Code:
ATTFilter
Problem beim Starten von C:\PROGRA~3\EAF79594b.cpp
Das angegebene Modul wurde nicht gefunden.
         
Ich vermute daher, dass immer noch etwas im Hintergrund aktiv ist.
Hier noch der Log vom Avast Scan:
Code:
ATTFilter
12/28/2014 11:34
Prüfung aller lokalen Laufwerke

Datei C:\Program Files\Common Files\System\SysMenu64.dll ist infiziert von Win32:Adware-CDO [PUP], Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\1YCP6HRJ\2A705B474D5945352B6D2143707D7D516779E5B95F32A784A51EA2FF1B3596D4B0BAFEC92FC04C2D60C32949C163F0E0[1].htm ist infiziert von HTML:RedirBA-inf [Trj], In Container verschoben
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\1YCP6HRJ\8SXAGZ9F.htm ist infiziert von HTML:Iframe-inf, In Container verschoben
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\1YCP6HRJ\ads[3].htm ist infiziert von JS:ScriptIP-inf [Trj], Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\AAXFUOCO\0H5D97HS.htm ist infiziert von HTML:Iframe-inf, In Container verschoben
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\AAXFUOCO\DZX1JPSG.htm ist infiziert von HTML:Iframe-inf, In Container verschoben
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\AAXFUOCO\HGPFF8BA.htm ist infiziert von HTML:Iframe-inf, In Container verschoben
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\AAXFUOCO\V4VJWICQ.htm ist infiziert von HTML:Iframe-inf, In Container verschoben
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\BVB1K5PU\ads[4].htm ist infiziert von JS:ScriptIP-inf [Trj], In Container verschoben
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\GEFHBFT4\15ZH2VMU.htm ist infiziert von HTML:Iframe-inf, Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\GEFHBFT4\ads[2].htm ist infiziert von JS:ScriptIP-inf [Trj], In Container verschoben
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\GEFHBFT4\ads[3].htm ist infiziert von JS:ScriptIP-inf [Trj], In Container verschoben
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\GEFHBFT4\GPLMM73O.htm ist infiziert von HTML:Iframe-inf, Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\GEFHBFT4\KFMCAR1Y.htm ist infiziert von HTML:Iframe-inf, Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\GEFHBFT4\S1XTQDGI.htm ist infiziert von HTML:Iframe-inf, Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\KAI3YID8\L6BM1C80.htm ist infiziert von HTML:Iframe-inf, Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\TB8IZ766\bush-hospital[1].htm ist infiziert von HTML:Iframe-inf, Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\TB8IZ766\E5BKMDV0.htm ist infiziert von HTML:Iframe-inf, Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\TB8IZ766\js[1].js ist infiziert von JS:ScriptPE-inf [Trj], Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\TB8IZ766\KCCKG8SB.htm ist infiziert von HTML:Iframe-inf, Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\TB8IZ766\U51OF1YE.htm ist infiziert von HTML:Iframe-inf, Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\V8ZLP8Y6\RAZ2X6S4.htm ist infiziert von HTML:Iframe-inf, Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\X1IHDP50\ads[1].htm ist infiziert von JS:ScriptIP-inf [Trj], In Container verschoben
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\X1IHDP50\ads[2].htm ist infiziert von JS:ScriptIP-inf [Trj], In Container verschoben
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\X1IHDP50\IU2XVET5.htm ist infiziert von HTML:Iframe-inf, Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Microsoft\Windows\INetCache\IE\X1IHDP50\IWMP8EAH.htm ist infiziert von HTML:Iframe-inf, Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Temp\627D.tmp ist infiziert von Win32:Malware-gen, Gelöscht
Datei C:\Users\janeisklar\AppData\Local\Temp\UpdateFlashPlayer_f48a8679.exe ist infiziert von Win32:MalOb-HX [Cryp], Gelöscht
Datei C:\Users\janeisklar\AppData\Roaming\EIZDOGM.exe ist infiziert von Win32:Malware-gen, Gelöscht
Datei C:\Users\janeisklar\AppData\Roaming\FRVOIK.exe ist infiziert von Win32:Trojan-gen, Gelöscht
Datei C:\Users\janeisklar\AppData\Roaming\WF.exe ist infiziert von Win32:Malware-gen, Gelöscht
Anzahl durchsuchter Ordner: 48632
Anzahl der geprüften Dateien: 441371
Anzahl infizierter Dateien: 31
         
Hoffe das ich alles wichtige gepostet habe.
Mit freundlichen Grüßen

Naxus

Alt 28.12.2014, 16:22   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8 - Versuchte Registryänderung - Standard

Win 8 - Versuchte Registryänderung



hi,

bitte nur im Adminaccount arbeiten:


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 29.12.2014, 12:24   #3
Naxus
 
Win 8 - Versuchte Registryänderung - Standard

Win 8 - Versuchte Registryänderung



Ok, alles erledigt, hier die Logs:
MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 29.12.2014
Scan Time: 11:19:32
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.29.04
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: janeisklar

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376354
Time Elapsed: 16 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v4.106 - Bericht erstellt am 29/12/2014 um 11:50:59
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-28.1 [Live]
# Betriebssystem : Windows 8.1 Connected  (64 bits)
# Benutzername : janeisklar - PIZZAPLANET
# Gestartet von : C:\Users\janeisklar\Downloads\adwcleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Amazon\ABB
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\Sense
Ordner Gelöscht : C:\Users\janeisklar\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\janeisklar\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Public\Documents\ShopperPro
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Ordner Gelöscht : C:\Users\janeisklar\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Datei Gelöscht : C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default\user.js

***** [ Tasks ] *****

Task Gelöscht : YTDownloader

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Wert Gelöscht : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Schlüssel Gelöscht : HKCU\Software\593ebb20332dd030
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Sense
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ShopperPro
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\YTDownloader
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v34.0.5 (x86 de)

[kmpgplgm.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A948852%2C%22ver%22%3A1%2C%22status%[...]
[kmpgplgm.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.Resources_resource_948861.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29%[...]
[kmpgplgm.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ae2b0dff561784e3db84ed9e2815a71a2f5d474691ed6bbee47c02com69129.69129.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22[...]

-\\ Comodo Dragon v36.1.1.21

[C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Gelöscht [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\janeisklar\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Gelöscht [Extension] : cmaiofennmphjldldcpphcechfnnohja

*************************

AdwCleaner[R0].txt - [3909 octets] - [29/12/2014 11:47:57]
AdwCleaner[S0].txt - [3688 octets] - [29/12/2014 11:50:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3748 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Connected x64
Ran by janeisklar on 29.12.2014 at 11:56:13,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\janeisklar\appdata\local\{0AE5843E-74E3-BC04-ECAB-400FCC788B49}



~~~ FireFox

Emptied folder: C:\Users\janeisklar\AppData\Roaming\mozilla\firefox\profiles\kmpgplgm.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.12.2014 at 12:03:24,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by janeisklar (administrator) on PIZZAPLANET on 29-12-2014 12:15:06
Running from C:\Users\janeisklar\Downloads
Loaded Profile: janeisklar (Available profiles: janeisklar & Gast)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Dragon)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NOX) C:\Program Files (x86)\Ozone Gaming\Ozone Radon\Ozone_Radon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Razer, Inc.) C:\Users\janeisklar\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [Ozone Radon Gaming Mouse] => C:\Program Files (x86)\Ozone Gaming\Ozone Radon\Ozone_Radon.exe [25473024 2011-09-28] (NOX)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-28] (AVAST Software)
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
Startup: C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B49597FAE.lnk
ShortcutTarget: B49597FAE.lnk -> C:\PROGRA~3\EAF79594B.cpp (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:60267;https=127.0.0.1:60267
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2855763909-2318779563-1536155455-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\janeisklar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: cookiekillerjosephmoran - C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default\Extensions\cookiekiller@joseph.moran [2014-12-27]
FF Extension: 2e17e2b2b8d44a678d7bfafa6cc9d1d0 - C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0} [2014-12-27]
FF Extension: Adblock Edge - C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-28]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-28] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-28] (Avast Software)
S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
S4 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-11-21] (LENOVO INCORPORATED.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-16] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-04-16] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-16] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-28] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-28] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-28] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 12:15 - 2014-12-29 12:15 - 00012918 _____ () C:\Users\janeisklar\Downloads\FRST.txt
2014-12-29 12:12 - 2014-12-29 12:12 - 00000247 _____ () C:\WINDOWS\system32\2014-12-29-11-12-44.082-aswFe.exe-34732.log
2014-12-29 12:11 - 2014-12-29 12:15 - 00000000 ____D () C:\FRST
2014-12-29 12:06 - 2014-12-29 12:06 - 02123264 _____ (Farbar) C:\Users\janeisklar\Downloads\FRST64.exe
2014-12-29 12:04 - 2014-12-29 12:12 - 00000247 _____ () C:\WINDOWS\system32\2014-12-29-11-04-36.093-aswFe.exe-34804.log
2014-12-29 12:04 - 2014-12-29 12:04 - 00000197 _____ () C:\WINDOWS\system32\2014-12-29-11-04-34.064-AvastVBoxSVC.exe-3440.log
2014-12-29 11:56 - 2014-12-29 11:56 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-29 11:47 - 2014-12-29 11:51 - 00000000 ____D () C:\AdwCleaner
2014-12-29 11:47 - 2014-12-29 11:47 - 01707939 _____ (Thisisu) C:\Users\janeisklar\Downloads\JRT.exe
2014-12-29 11:46 - 2014-12-29 11:46 - 02173952 _____ () C:\Users\janeisklar\Downloads\adwcleaner_4.106.exe
2014-12-29 11:43 - 2014-12-29 11:44 - 00000247 _____ () C:\WINDOWS\system32\2014-12-29-10-43-59.005-aswFe.exe-5148.log
2014-12-29 11:42 - 2014-12-29 12:03 - 00000000 ____D () C:\Users\janeisklar\Desktop\Viren
2014-12-29 11:33 - 2014-12-29 11:43 - 00000247 _____ () C:\WINDOWS\system32\2014-12-29-10-33-47.069-aswFe.exe-4384.log
2014-12-29 11:33 - 2014-12-29 11:33 - 00000197 _____ () C:\WINDOWS\system32\2014-12-29-10-33-45.036-AvastVBoxSVC.exe-1952.log
2014-12-28 15:17 - 2014-12-28 15:17 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\WinRAR
2014-12-28 14:40 - 2013-08-22 14:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141228-144030.backup
2014-12-28 14:28 - 2014-12-28 14:32 - 02239542 _____ () C:\regsvr32.bmp
2014-12-28 14:26 - 2014-12-28 14:32 - 02239542 _____ () C:\Users\janeisklar\Desktop\regsvr32.bmp
2014-12-28 14:20 - 2014-12-28 14:21 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-13-20-58.021-aswFe.exe-3108.log
2014-12-28 14:19 - 2014-12-28 14:19 - 00380416 _____ () C:\Users\Gast\Downloads\2ff1hzu4.exe
2014-12-28 14:15 - 2014-12-28 14:20 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-13-15-33.004-aswFe.exe-3056.log
2014-12-28 14:15 - 2014-12-28 14:15 - 00000197 _____ () C:\WINDOWS\system32\2014-12-28-13-15-30.089-AvastVBoxSVC.exe-724.log
2014-12-28 14:13 - 2014-12-28 14:13 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nitro PDF
2014-12-28 14:12 - 2014-12-28 14:12 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieUserList
2014-12-28 14:12 - 2014-12-28 14:12 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieSiteList
2014-12-28 14:10 - 2014-12-28 14:23 - 00000000 ____D () C:\Users\Gast\Desktop\scan files
2014-12-28 14:08 - 2014-12-28 14:08 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Macromedia
2014-12-28 14:03 - 2014-12-28 14:21 - 00000000 ____D () C:\Users\Gast\AppData\Local\LogMeIn Hamachi
2014-12-28 14:03 - 2014-12-28 14:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\LogMeIn
2014-12-28 14:00 - 2014-12-28 14:01 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\TS3Client
2014-12-28 13:47 - 2014-12-28 13:47 - 02122752 _____ (Farbar) C:\Users\Gast\Downloads\FRST64.exe
2014-12-28 13:45 - 2014-12-28 13:45 - 00000000 _____ () C:\Users\janeisklar\defogger_reenable
2014-12-28 13:44 - 2014-12-28 13:44 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-12-28 13:39 - 2014-12-29 11:19 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 13:39 - 2014-12-28 13:39 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-28 13:39 - 2014-12-28 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-28 13:39 - 2014-12-28 13:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-28 13:39 - 2014-12-28 13:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-28 13:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-28 13:39 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-28 13:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-28 13:30 - 2014-12-28 13:31 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Gast\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-28 13:23 - 2014-12-28 13:23 - 00000000 ____D () C:\Users\Public\Pokki
2014-12-28 13:23 - 2014-12-28 13:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-12-28 13:22 - 2014-12-28 14:43 - 00002171 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2014-12-28 13:22 - 2014-12-28 13:22 - 00002402 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk
2014-12-28 13:22 - 2014-12-28 13:22 - 00002342 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\AVAST Software
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\ATI
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Local\Razer
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Local\ATI
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Local\AMD
2014-12-28 13:19 - 2014-12-28 13:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Pokki
2014-12-28 13:19 - 2014-12-28 13:19 - 00001461 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-28 13:19 - 2014-12-28 13:19 - 00000020 ___SH () C:\Users\Gast\ntuser.ini
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Vorlagen
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Startmenü
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Lokale Einstellungen
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Eigene Dateien
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Anwendungsdaten
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Anwendungsdaten
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-12-28 13:19 - 2014-03-18 11:06 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-28 13:19 - 2014-03-18 11:06 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-28 13:19 - 2014-03-18 10:54 - 00000369 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-28 13:19 - 2014-03-18 10:54 - 00000369 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-28 13:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-28 13:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-28 13:18 - 2014-12-28 13:19 - 00000000 ____D () C:\Users\Gast
2014-12-28 13:12 - 2014-12-28 13:12 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-12-12-13.060-aswFe.exe-4244.log
2014-12-28 13:04 - 2014-12-29 11:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-28 13:04 - 2014-12-28 15:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-28 13:04 - 2014-12-28 13:12 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-12-04-46.021-aswFe.exe-4964.log
2014-12-28 13:04 - 2014-12-28 13:04 - 00000197 _____ () C:\WINDOWS\system32\2014-12-28-12-04-42.094-AvastVBoxSVC.exe-1504.log
2014-12-28 13:04 - 2014-12-28 13:04 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-12-28 12:59 - 2014-12-28 13:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\janeisklar\Downloads\spybot-2.4.exe
2014-12-28 05:45 - 2014-12-29 11:52 - 00009252 _____ () C:\WINDOWS\PFRO.log
2014-12-28 02:48 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-28 02:23 - 2014-12-28 02:23 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-01-23-41.042-aswFe.exe-8084.log
2014-12-28 02:11 - 2014-12-28 02:23 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-01-11-56.015-aswFe.exe-4244.log
2014-12-28 02:10 - 2014-12-28 02:10 - 00000197 _____ () C:\WINDOWS\system32\2014-12-28-01-10-36.020-AvastVBoxSVC.exe-8052.log
2014-12-28 01:27 - 2014-12-28 01:27 - 00001899 _____ () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2014-12-28 01:23 - 2014-12-28 01:23 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-12-28 01:23 - 2014-12-28 01:23 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-12-28 01:10 - 2014-12-28 01:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2014-12-28 01:10 - 2014-12-28 01:11 - 00000000 ____D () C:\WINDOWS\system32\vbox
2014-12-28 01:08 - 2014-12-28 01:23 - 00001991 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-28 01:08 - 2014-12-28 01:08 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\AVAST Software
2014-12-28 01:08 - 2014-12-28 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-28 01:07 - 2014-12-29 11:55 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-12-28 01:04 - 2014-12-28 01:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-28 01:04 - 2014-12-28 01:28 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Google
2014-12-28 01:03 - 2014-12-28 01:23 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-12-28 01:03 - 2014-12-28 01:03 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\LockHunter
2014-12-28 01:03 - 2014-12-28 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2014-12-28 01:03 - 2014-12-28 01:03 - 00000000 ____D () C:\Program Files\LockHunter
2014-12-28 01:02 - 2014-12-28 01:02 - 03029032 _____ (Crystal Rich Ltd ) C:\Users\janeisklar\Downloads\lockhuntersetup_3-1-1.exe
2014-12-28 01:02 - 2014-12-28 01:02 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-28 01:00 - 2014-12-28 01:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-28 00:46 - 2014-12-28 14:26 - 00000000 ____D () C:\ProgramData\MojjUtaw
2014-12-28 00:45 - 2014-12-28 00:45 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-12-28 00:44 - 2014-12-28 14:02 - 00000000 ___HD () C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2014-12-28 00:44 - 2014-12-28 00:44 - 00000000 ____D () C:\ProgramData\poeecxg
2014-12-28 00:39 - 2014-12-28 05:44 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Iquqbepy
2014-12-27 22:57 - 2014-12-27 22:57 - 00057096 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2014-12-27 22:57 - 2014-12-27 22:57 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\SysWOW64\certsentry.dll
2014-12-27 22:57 - 2014-12-27 22:57 - 00001147 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2014-12-27 22:57 - 2014-12-27 22:57 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Comodo
2014-12-27 22:57 - 2014-12-27 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-12-27 22:57 - 2014-12-27 22:57 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-12-27 22:56 - 2014-12-27 22:56 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2014-12-27 22:52 - 2014-12-27 22:55 - 53161456 _____ (Comodo) C:\Users\janeisklar\Downloads\dragonsetup.exe
2014-12-27 20:16 - 2014-12-29 12:05 - 00279477 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-27 12:30 - 2014-12-27 12:30 - 00083380 _____ () C:\Users\janeisklar\Documents\naxusqt.xml
2014-12-27 11:04 - 2014-12-27 11:04 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Rawr
2014-12-26 18:47 - 2014-12-26 18:48 - 16521403 _____ () C:\Users\janeisklar\Downloads\Rawr v2.3.22.zip
2014-12-22 12:02 - 2014-12-28 01:00 - 00043520 ___SH () C:\Users\janeisklar\Downloads\Thumbs.db
2014-12-21 15:47 - 2014-12-21 15:47 - 00002782 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-21 15:47 - 2014-12-21 15:47 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-21 15:47 - 2014-12-21 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-21 15:47 - 2014-12-21 15:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-21 15:46 - 2014-12-21 15:46 - 04036200 _____ (Piriform Ltd) C:\Users\janeisklar\Downloads\ccsetup500_slim.exe
2014-12-21 15:07 - 2014-12-21 15:07 - 00000000 _____ () C:\autoexec.bat
2014-12-21 15:04 - 2014-12-21 15:04 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\janeisklar\Downloads\SpyHunter-Installer.exe
2014-12-21 14:23 - 2014-12-21 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-21 14:23 - 2014-12-21 14:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-21 11:02 - 2014-12-21 11:15 - 131078000 _____ (AVAST Software) C:\Users\janeisklar\Downloads\avast_free_antivirus_setup.exe
2014-12-21 10:38 - 2014-12-28 01:12 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Ovqkics
2014-12-20 17:13 - 2014-12-20 17:14 - 00000285 _____ () C:\Users\janeisklar\.dsa4.properties
2014-12-20 17:13 - 2014-12-20 17:14 - 00000000 ____D () C:\Users\janeisklar\helden
2014-12-20 17:13 - 2014-12-20 17:13 - 00002789 _____ () C:\Users\janeisklar\.heldEinstellungen4_1.xml
2014-12-20 17:09 - 2014-12-20 17:09 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Helden-Software
2014-12-20 17:09 - 2014-12-20 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helden-Software
2014-12-20 17:09 - 2014-12-20 17:09 - 00000000 ____D () C:\Program Files (x86)\Helden-Software
2014-12-20 17:07 - 2014-12-20 17:07 - 07560776 _____ (www.helden-software.de) C:\Users\janeisklar\Downloads\setup-helden-software-5.3.3.exe
2014-12-20 10:06 - 2014-12-28 01:12 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Ewqztion
2014-12-20 00:24 - 2014-12-20 00:24 - 02385724 _____ () C:\Users\janeisklar\Downloads\AMIDST-3.6.exe
2014-12-17 12:40 - 2014-12-17 12:41 - 02104188 _____ () C:\Users\janeisklar\Downloads\SkyBlock-Map.zip
2014-12-17 12:37 - 2014-12-17 12:37 - 03103454 _____ () C:\Users\janeisklar\Downloads\SkyBlock 2.1.zip
2014-12-16 08:27 - 2014-12-16 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-16 08:27 - 2014-12-16 08:27 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-14 16:47 - 2014-12-14 16:47 - 00001625 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-12-14 16:46 - 2014-12-14 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-12-14 12:40 - 2014-12-26 19:15 - 00000000 ____D () C:\Users\janeisklar\Downloads\WoW_3.3.5a_rising-gods.de
2014-12-14 11:05 - 2014-12-14 11:08 - 80461108 _____ () C:\Users\janeisklar\Downloads\Broken Bells - After The Disco [2014].rar
2014-12-13 17:01 - 2014-12-13 17:01 - 00045112 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2014-12-13 16:11 - 2014-12-13 16:11 - 00394754 _____ () C:\Users\janeisklar\Downloads\soundboard-1.0b5-win64.ts3_plugin
2014-12-13 13:45 - 2014-12-13 13:45 - 00066728 _____ (Eugene V. Muzychenko) C:\WINDOWS\system32\Drivers\vrtaucbl.sys
2014-12-13 13:45 - 2014-12-13 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-12-13 13:45 - 2014-12-13 13:45 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-12-13 13:43 - 2014-12-13 13:44 - 00000000 ____D () C:\Users\janeisklar\Desktop\vac
2014-12-13 13:42 - 2014-12-13 13:42 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\WinRAR
2014-12-13 13:42 - 2014-12-13 13:42 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-13 13:42 - 2014-12-13 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-13 13:42 - 2014-12-13 13:42 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-12-13 13:41 - 2014-12-13 13:41 - 01870680 _____ () C:\Users\janeisklar\Downloads\wrar520d.exe
2014-12-13 13:41 - 2014-12-13 13:41 - 00281432 _____ () C:\Users\janeisklar\Downloads\Virtual-Audio-Cable-4.10.7z
2014-12-09 19:41 - 2014-12-09 19:41 - 00001189 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-12-09 19:41 - 2014-12-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-12-09 19:41 - 2014-12-09 19:41 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-12-09 19:38 - 2014-12-09 19:39 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\janeisklar\Downloads\TeamSpeak3-Client-win32-3.0.16(1).exe
2014-12-09 16:33 - 2014-12-09 16:35 - 30668968 _____ (Riot Games) C:\Users\janeisklar\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe
2014-12-09 14:00 - 2014-12-09 14:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 13:44 - 2014-12-09 13:44 - 00675988 _____ () C:\Users\janeisklar\Desktop\Minecraft.exe
2014-12-09 13:19 - 2014-12-09 13:46 - 00000013 _____ () C:\Users\janeisklar\Desktop\Neues Textdokument.txt
2014-12-08 22:54 - 2014-12-08 22:55 - 00002017 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2014-12-08 22:54 - 2014-12-08 22:55 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-12-08 22:54 - 2014-12-08 22:54 - 00002064 _____ () C:\Users\janeisklar\Desktop\JDownloader.lnk
2014-12-08 22:54 - 2014-12-08 22:54 - 00002028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2014-12-08 22:54 - 2014-12-08 22:54 - 00001951 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2014-12-08 22:50 - 2014-12-08 22:50 - 00296144 _____ () C:\Users\janeisklar\Downloads\install_jd_one.exe
2014-12-07 23:52 - 2014-12-07 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-04 18:27 - 2014-12-29 11:41 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\LogMeIn Hamachi
2014-12-04 18:27 - 2014-12-04 18:27 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\LogMeIn
2014-12-04 18:27 - 2014-12-04 18:27 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-04 10:21 - 2014-12-16 08:27 - 00000949 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-12-04 07:54 - 2014-12-04 07:54 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\java
2014-12-04 07:53 - 2014-12-29 12:03 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\.minecraft
2014-12-04 07:53 - 2014-12-04 07:53 - 00000000 ____D () C:\ProgramData\Sun
2014-12-04 07:53 - 2014-12-04 07:52 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-12-04 07:52 - 2014-12-04 07:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-04 07:52 - 2014-12-04 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-04 07:52 - 2014-12-04 07:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-04 07:51 - 2014-12-04 07:51 - 00638888 _____ (Oracle Corporation) C:\Users\janeisklar\Downloads\jxpiinstall.exe
2014-12-03 18:33 - 2014-12-03 18:33 - 01174352 _____ () C:\Users\janeisklar\Downloads\LogMeIn Hamachi - CHIP-Installer.exe
2014-12-03 10:15 - 2014-12-29 11:32 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-03 10:15 - 2014-12-09 18:32 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-02 21:16 - 2014-12-02 21:19 - 49942613 _____ () C:\Users\janeisklar\Downloads\chrismiles - fuckitep.zip
2014-12-01 11:21 - 2014-12-01 11:29 - 00000000 ____D () C:\rads

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-29 11:53 - 2014-08-14 13:10 - 02011655 _____ () C:\WINDOWS\SysWOW64\rootpa.e2e
2014-12-29 11:52 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-29 11:51 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-29 11:50 - 2014-08-14 13:23 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-12-29 03:58 - 2014-11-15 18:09 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Pokki
2014-12-29 03:48 - 2014-11-16 13:24 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\foobar2000
2014-12-29 02:58 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\TS3Client
2014-12-28 19:19 - 2014-11-15 18:16 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2855763909-2318779563-1536155455-1002
2014-12-28 14:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-28 14:32 - 2014-11-19 20:13 - 00009216 ___SH () C:\Users\janeisklar\Desktop\Thumbs.db
2014-12-28 14:26 - 2014-11-26 09:56 - 00001795 _____ () C:\Users\janeisklar\Desktop\CyberGhost 5.lnk
2014-12-28 14:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\InputMethod
2014-12-28 13:45 - 2014-11-15 18:09 - 00000000 ____D () C:\Users\janeisklar
2014-12-28 11:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-28 05:46 - 2013-08-22 15:44 - 00374456 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-28 00:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2014-12-26 18:08 - 2014-08-14 13:33 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-12-21 15:51 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-12-21 15:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-12-21 15:48 - 2014-11-17 21:47 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\uTorrent
2014-12-21 15:48 - 2014-11-16 20:17 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-21 15:48 - 2014-04-02 18:34 - 00000000 ____D () C:\WINDOWS\Panther
2014-12-21 14:37 - 2014-11-15 18:13 - 00002352 _____ () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-18 11:55 - 2014-08-14 22:50 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-18 11:55 - 2014-08-14 22:50 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-18 11:55 - 2014-03-18 10:53 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-18 11:53 - 2014-11-17 07:04 - 00002181 _____ () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startmenü.lnk
2014-12-14 16:47 - 2014-11-15 18:47 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Riot Games
2014-12-10 07:55 - 2014-11-15 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-08 15:14 - 2014-11-16 08:42 - 00000000 ____D () C:\mukke
2014-12-08 07:35 - 2014-11-15 18:20 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Nitro PDF
2014-12-07 23:52 - 2014-11-16 13:22 - 00000000 ____D () C:\Program Files (x86)\EA Games

Some content of TEMP:
====================
C:\Users\janeisklar\AppData\Local\Temp\Quarantine.exe
C:\Users\janeisklar\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 11:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by janeisklar at 2014-12-29 12:17:25
Running from C:\Users\janeisklar\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\uTorrent) (Version: 3.4.2.36044 - BitTorrent Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A0EE5DB1-8E1F-7BB2-6734-9CDC5E8DF0DD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
BEACON (HKLM-x32\...\{259BF8E7-28DB-461F-8D7F-7B6E267D2502}_is1) (Version: 1.4.0509.0 - Lenovo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
foobar2000 v1.3.5 (HKLM-x32\...\foobar2000) (Version: 1.3.5 - Peter Pawlowski)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.32.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Web Start (HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
NVIDIA PhysX v8.10.17 (HKLM-x32\...\{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}) (Version: 8.10.17 - NVIDIA Corporation)
Ozone Radon (HKLM-x32\...\{B50AB875-64A2-4D12-BB48-B15611B48CE0}) (Version: 1.0.0 - Ozone Gaming)
PSP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Startmenü (HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\Pokki_Start_Menu) (Version: 0.269.5.339 - Pokki)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2855763909-2318779563-1536155455-1002_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\d3d10core.dll No File

==================== Restore Points  =========================

04-12-2014 07:50:08 Removed League of Legends
07-12-2014 23:43:08 Removed League of Legends
09-12-2014 16:36:04 Installed League of Legends
14-12-2014 10:12:30 Removed League of Legends
21-12-2014 13:54:31 Geplanter Prüfpunkt
28-12-2014 01:01:26 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1BF15E35-6C57-4143-A8D2-22256A26BFBD} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-11-21] ()
Task: {2DE04A1D-3348-4F5C-9C97-FF04EC86E86C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-18] (Lenovo)
Task: {464A35AC-CCE4-4586-8E62-E0FA3347F006} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {4DE59D33-0C16-4EED-89C4-A7DF60D88847} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2014-12-26] (Lenovo)
Task: {ACE739DD-9ED2-4603-8DD5-467E977FD591} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {AED31EE3-96A9-4ABC-A62D-8AF5B95834E4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-28] (AVAST Software)
Task: {EE666853-5A11-4810-ADE1-C19E2AC22B91} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-10-31 23:27 - 2014-10-31 23:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-11-07 03:23 - 2014-11-07 03:23 - 00289792 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2014-03-25 09:23 - 2014-03-25 09:23 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-12-28 01:23 - 2014-12-28 01:23 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-28 01:23 - 2014-12-28 01:23 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-29 11:13 - 2014-12-29 11:13 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122900\algo.dll
2014-12-28 01:23 - 2014-12-28 01:23 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-28 01:23 - 2014-12-28 01:23 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-18 23:28 - 2014-01-04 01:20 - 34755072 _____ () C:\Users\janeisklar\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-11-07 03:21 - 2014-11-07 03:21 - 00193024 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2014-11-18 23:28 - 2014-01-04 01:20 - 00970240 _____ () C:\Users\janeisklar\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll
2014-12-29 12:06 - 2014-12-29 12:06 - 00298496 _____ () C:\Users\janeisklar\AppData\Roaming\.minecraft\versions\1.8.1\1.8.1-natives-871448247639\lwjgl.dll
2014-12-29 12:06 - 2014-12-29 12:06 - 00246332 _____ () C:\Users\janeisklar\AppData\Roaming\.minecraft\versions\1.8.1\1.8.1-natives-871448247639\avutil-ttv-51.dll
2014-12-29 12:06 - 2014-12-29 12:06 - 00113171 _____ () C:\Users\janeisklar\AppData\Roaming\.minecraft\versions\1.8.1\1.8.1-natives-871448247639\swresample-ttv-0.dll
2014-12-29 12:06 - 2014-12-29 12:06 - 00394810 _____ () C:\Users\janeisklar\AppData\Roaming\.minecraft\versions\1.8.1\1.8.1-natives-871448247639\libmp3lame-ttv.dll
2014-12-29 12:06 - 2014-12-29 12:06 - 01145344 _____ () C:\Users\janeisklar\AppData\Roaming\.minecraft\versions\1.8.1\1.8.1-natives-871448247639\twitchsdk.dll
2014-12-29 12:06 - 2014-12-29 12:06 - 00390144 _____ () C:\Users\janeisklar\AppData\Roaming\.minecraft\versions\1.8.1\1.8.1-natives-871448247639\OpenAL32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: Lenovo System Agent Service => 2
MSCONFIG\Services: MpsSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "FamilySafetyGuide.lnk"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "LVT"
HKLM\...\StartupApproved\Run32: => "jmekey"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "jmesoft"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SPDriver"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "Ewqztion"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "SPDriver"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "Ovqkics"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "Eldltion"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "YTDownloader"

========================= Accounts: ==========================

Administrator (S-1-5-21-2855763909-2318779563-1536155455-500 - Administrator - Disabled)
Gast (S-1-5-21-2855763909-2318779563-1536155455-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2855763909-2318779563-1536155455-1004 - Limited - Enabled)
janeisklar (S-1-5-21-2855763909-2318779563-1536155455-1002 - Administrator - Enabled) => C:\Users\janeisklar

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/29/2014 00:17:56 PM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/29/2014 00:15:37 PM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/29/2014 00:12:06 PM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/29/2014 00:08:06 PM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/29/2014 00:07:36 PM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics 
Percentage of memory in use: 56%
Total physical RAM: 3518.09 MB
Available physical RAM: 1545.73 MB
Total Pagefile: 4478.09 MB
Available Pagefile: 1759.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:317.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 880B7167)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 29.12.2014, 21:27   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8 - Versuchte Registryänderung - Standard

Win 8 - Versuchte Registryänderung




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.12.2014, 13:51   #5
Naxus
 
Win 8 - Versuchte Registryänderung - Standard

Win 8 - Versuchte Registryänderung



Hallo, ja, das Problem besteht weiterhin. Habe festgestellt das die Windows Firewall aus ist und wollte sie anschalten, bekam nur einen Fehlercode das einige der Einstellungen von der Firewall nicht geändert werden können. Zudem scheint eset noch ein paar Dinge gefunden zu haben.


ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7ac2efa6d0c1e048885c7086892c431d
# engine=21752
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-30 12:20:57
# local_time=2014-12-30 01:20:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 200100 220676 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 211035 44823350 0 0
# scanned=197196
# found=33
# cleaned=33
# scan_time=2976
sh=4B85EEAB6A4DD57325A70B24ED3EB061B6324AA4 ft=1 fh=749b763bde82e26c vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sense\Sense-buttonutil64.dll.vir"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 01 - Der Cthulhu Mythos\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 01 - Der Cthulhu Mythos\CD 1\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 01 - Der Cthulhu Mythos\CD 2\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 01 - Der Cthulhu Mythos\CD 3\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 01 - Der Cthulhu Mythos\CD 4\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 02 - Schatten über Innsmoth\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 02 - Schatten über Innsmoth\CD 1\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 02 - Schatten über Innsmoth\CD 2\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 02 - Schatten über Innsmoth\CD 3\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 02 - Schatten über Innsmoth\CD 4 (Bonus CD)\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 03 - Das Ding auf der Schwelle - Die Ratten im Gemäuer\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 03 - Das Ding auf der Schwelle - Die Ratten im Gemäuer\CD1\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 03 - Das Ding auf der Schwelle - Die Ratten im Gemäuer\CD2\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 04 - Der Flüsterer im Dunkeln\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 04 - Der Flüsterer im Dunkeln\CD 1\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 04 - Der Flüsterer im Dunkeln\CD 2\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 04 - Der Flüsterer im Dunkeln\CD 3\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 04 - Der Flüsterer im Dunkeln\CD 4 - Bonus CD\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 05 - Der Schatten aus der Zeit\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 05 - Der Schatten aus der Zeit\CD01\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 05 - Der Schatten aus der Zeit\CD02\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 05 - Der Schatten aus der Zeit\CD03\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 06 -Jäger der Finsternis\Jäger der Finsternis CD1\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 06 -Jäger der Finsternis\Jäger der Finsternis CD2\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 06 -Jäger der Finsternis\Jäger der Finsternis CD3\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 06 -Jäger der Finsternis\Jäger der Finsternis CD4\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 07 - Berge des Wahnsinns\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 07 - Berge des Wahnsinns\CD01\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 07 - Berge des Wahnsinns\CD02\how_decrypt.html"
sh=47EB221BBCF73F4F2008EC4A66A481CDD246C571 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\höhrbücher\H.P. Lovecrafts - Bibliothek des Schreckens 07 - Berge des Wahnsinns\CD03\how_decrypt.html"
sh=D64E064D5C2B4A2872F18190ADBAB756B2D414B3 ft=1 fh=c078aaf883170b76 vn="Variante von Win32/Kryptik.CUGY Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\janeisklar\AppData\Local\Temp\~000E6A5E.tmp"
sh=DDE26367168E71F27E52D1E79A8487B01998162C ft=1 fh=2704f8fc3a105a47 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\janeisklar\Downloads\LogMeIn Hamachi - CHIP-Installer.exe"
         
Security Check
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Adobe Flash Player 	15.0.0.246 Flash Player out of Date!  
 Mozilla Firefox (34.0.5) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by janeisklar (administrator) on PIZZAPLANET on 30-12-2014 13:34:39
Running from C:\Users\janeisklar\Downloads
Loaded Profile: janeisklar (Available profiles: janeisklar & Gast)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Dragon)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NOX) C:\Program Files (x86)\Ozone Gaming\Ozone Radon\Ozone_Radon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\janeisklar\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Pokki) C:\Users\janeisklar\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\janeisklar\AppData\Local\Pokki\Engine\HostAppService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [Ozone Radon Gaming Mouse] => C:\Program Files (x86)\Ozone Gaming\Ozone Radon\Ozone_Radon.exe [25473024 2011-09-28] (NOX)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-28] (AVAST Software)
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
Startup: C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B49597FAE.lnk
ShortcutTarget: B49597FAE.lnk -> C:\PROGRA~3\EAF79594B.cpp (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:60267;https=127.0.0.1:60267
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2855763909-2318779563-1536155455-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\janeisklar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: cookiekillerjosephmoran - C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default\Extensions\cookiekiller@joseph.moran [2014-12-27]
FF Extension: 2e17e2b2b8d44a678d7bfafa6cc9d1d0 - C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0} [2014-12-27]
FF Extension: Adblock Edge - C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-28]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-28] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-28] (Avast Software)
S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
S4 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-11-21] (LENOVO INCORPORATED.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-16] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-04-16] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-16] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-28] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-28] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 13:34 - 2014-12-30 13:35 - 00012859 _____ () C:\Users\janeisklar\Downloads\FRST.txt
2014-12-30 13:32 - 2014-12-30 13:32 - 00001186 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-30 13:32 - 2014-12-30 13:32 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-30 13:32 - 2014-12-30 13:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-30 13:32 - 2014-12-30 13:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-30 12:54 - 2014-12-30 12:54 - 00852505 _____ () C:\Users\janeisklar\Desktop\SecurityCheck.exe
2014-12-30 12:51 - 2014-12-30 12:51 - 00244264 _____ () C:\Users\janeisklar\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-30 12:31 - 2014-12-30 12:31 - 00000247 _____ () C:\WINDOWS\system32\2014-12-30-11-31-08.003-aswFe.exe-2560.log
2014-12-30 12:24 - 2014-12-30 12:30 - 00000247 _____ () C:\WINDOWS\system32\2014-12-30-11-24-11.007-aswFe.exe-4884.log
2014-12-30 12:24 - 2014-12-30 12:24 - 02347384 _____ (ESET) C:\Users\janeisklar\Downloads\esetsmartinstaller_deu.exe
2014-12-30 12:24 - 2014-12-30 12:24 - 00000197 _____ () C:\WINDOWS\system32\2014-12-30-11-24-06.076-AvastVBoxSVC.exe-3268.log
2014-12-30 04:54 - 2014-12-30 04:54 - 00000000 ____D () C:\Users\janeisklar\Documents\MCEdit
2014-12-30 04:53 - 2014-12-30 04:54 - 00000000 ____D () C:\Program Files\mcedit
2014-12-30 04:49 - 2014-12-30 04:52 - 32214425 _____ () C:\Users\janeisklar\Downloads\MCEdit.v1.2.4.0.Win.64bit.exe
2014-12-29 16:31 - 2014-12-30 13:27 - 00000273 _____ () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2014-12-29 16:26 - 2014-12-29 16:26 - 00031768 _____ () C:\Users\janeisklar\Downloads\VillageInfo_1.8.zip
2014-12-29 16:24 - 2014-12-29 16:24 - 00029515 _____ () C:\Users\janeisklar\Downloads\SlimeMod_1.8.zip
2014-12-29 12:12 - 2014-12-29 12:12 - 00000247 _____ () C:\WINDOWS\system32\2014-12-29-11-12-44.082-aswFe.exe-34732.log
2014-12-29 12:11 - 2014-12-30 13:34 - 00000000 ____D () C:\FRST
2014-12-29 12:06 - 2014-12-29 12:06 - 02123264 _____ (Farbar) C:\Users\janeisklar\Downloads\FRST64.exe
2014-12-29 12:04 - 2014-12-29 12:12 - 00000247 _____ () C:\WINDOWS\system32\2014-12-29-11-04-36.093-aswFe.exe-34804.log
2014-12-29 12:04 - 2014-12-29 12:04 - 00000197 _____ () C:\WINDOWS\system32\2014-12-29-11-04-34.064-AvastVBoxSVC.exe-3440.log
2014-12-29 11:56 - 2014-12-29 11:56 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-29 11:47 - 2014-12-29 11:51 - 00000000 ____D () C:\AdwCleaner
2014-12-29 11:47 - 2014-12-29 11:47 - 01707939 _____ (Thisisu) C:\Users\janeisklar\Downloads\JRT.exe
2014-12-29 11:46 - 2014-12-29 11:46 - 02173952 _____ () C:\Users\janeisklar\Downloads\adwcleaner_4.106.exe
2014-12-29 11:43 - 2014-12-29 11:44 - 00000247 _____ () C:\WINDOWS\system32\2014-12-29-10-43-59.005-aswFe.exe-5148.log
2014-12-29 11:42 - 2014-12-30 13:28 - 00000000 ____D () C:\Users\janeisklar\Desktop\Viren
2014-12-29 11:33 - 2014-12-29 11:43 - 00000247 _____ () C:\WINDOWS\system32\2014-12-29-10-33-47.069-aswFe.exe-4384.log
2014-12-29 11:33 - 2014-12-29 11:33 - 00000197 _____ () C:\WINDOWS\system32\2014-12-29-10-33-45.036-AvastVBoxSVC.exe-1952.log
2014-12-28 15:17 - 2014-12-28 15:17 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\WinRAR
2014-12-28 14:40 - 2013-08-22 14:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141228-144030.backup
2014-12-28 14:28 - 2014-12-28 14:32 - 02239542 _____ () C:\regsvr32.bmp
2014-12-28 14:26 - 2014-12-28 14:32 - 02239542 _____ () C:\Users\janeisklar\Desktop\regsvr32.bmp
2014-12-28 14:20 - 2014-12-28 14:21 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-13-20-58.021-aswFe.exe-3108.log
2014-12-28 14:19 - 2014-12-28 14:19 - 00380416 _____ () C:\Users\Gast\Downloads\2ff1hzu4.exe
2014-12-28 14:15 - 2014-12-28 14:20 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-13-15-33.004-aswFe.exe-3056.log
2014-12-28 14:15 - 2014-12-28 14:15 - 00000197 _____ () C:\WINDOWS\system32\2014-12-28-13-15-30.089-AvastVBoxSVC.exe-724.log
2014-12-28 14:13 - 2014-12-28 14:13 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nitro PDF
2014-12-28 14:12 - 2014-12-28 14:12 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieUserList
2014-12-28 14:12 - 2014-12-28 14:12 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieSiteList
2014-12-28 14:10 - 2014-12-28 14:23 - 00000000 ____D () C:\Users\Gast\Desktop\scan files
2014-12-28 14:08 - 2014-12-28 14:08 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Macromedia
2014-12-28 14:03 - 2014-12-28 14:21 - 00000000 ____D () C:\Users\Gast\AppData\Local\LogMeIn Hamachi
2014-12-28 14:03 - 2014-12-28 14:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\LogMeIn
2014-12-28 14:00 - 2014-12-28 14:01 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\TS3Client
2014-12-28 13:47 - 2014-12-28 13:47 - 02122752 _____ (Farbar) C:\Users\Gast\Downloads\FRST64.exe
2014-12-28 13:45 - 2014-12-28 13:45 - 00000000 _____ () C:\Users\janeisklar\defogger_reenable
2014-12-28 13:44 - 2014-12-28 13:44 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-12-28 13:39 - 2014-12-29 11:19 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 13:39 - 2014-12-28 13:39 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-28 13:39 - 2014-12-28 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-28 13:39 - 2014-12-28 13:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-28 13:39 - 2014-12-28 13:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-28 13:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-28 13:39 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-28 13:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-28 13:30 - 2014-12-28 13:31 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Gast\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-28 13:23 - 2014-12-28 13:23 - 00000000 ____D () C:\Users\Public\Pokki
2014-12-28 13:23 - 2014-12-28 13:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-12-28 13:22 - 2014-12-28 14:43 - 00002171 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2014-12-28 13:22 - 2014-12-28 13:22 - 00002402 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk
2014-12-28 13:22 - 2014-12-28 13:22 - 00002342 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\AVAST Software
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\ATI
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Local\Razer
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Local\ATI
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Local\AMD
2014-12-28 13:19 - 2014-12-28 13:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Pokki
2014-12-28 13:19 - 2014-12-28 13:19 - 00001461 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-28 13:19 - 2014-12-28 13:19 - 00000020 ___SH () C:\Users\Gast\ntuser.ini
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Vorlagen
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Startmenü
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Lokale Einstellungen
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Eigene Dateien
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Anwendungsdaten
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Anwendungsdaten
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-12-28 13:19 - 2014-03-18 11:06 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-28 13:19 - 2014-03-18 11:06 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-28 13:19 - 2014-03-18 10:54 - 00000369 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-28 13:19 - 2014-03-18 10:54 - 00000369 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-28 13:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-28 13:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-28 13:18 - 2014-12-28 13:19 - 00000000 ____D () C:\Users\Gast
2014-12-28 13:12 - 2014-12-28 13:12 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-12-12-13.060-aswFe.exe-4244.log
2014-12-28 13:04 - 2014-12-29 11:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-28 13:04 - 2014-12-28 15:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-28 13:04 - 2014-12-28 13:12 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-12-04-46.021-aswFe.exe-4964.log
2014-12-28 13:04 - 2014-12-28 13:04 - 00000197 _____ () C:\WINDOWS\system32\2014-12-28-12-04-42.094-AvastVBoxSVC.exe-1504.log
2014-12-28 13:04 - 2014-12-28 13:04 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-12-28 12:59 - 2014-12-28 13:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\janeisklar\Downloads\spybot-2.4.exe
2014-12-28 05:45 - 2014-12-29 11:52 - 00009252 _____ () C:\WINDOWS\PFRO.log
2014-12-28 02:48 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-28 02:23 - 2014-12-28 02:23 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-01-23-41.042-aswFe.exe-8084.log
2014-12-28 02:11 - 2014-12-28 02:23 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-01-11-56.015-aswFe.exe-4244.log
2014-12-28 02:10 - 2014-12-28 02:10 - 00000197 _____ () C:\WINDOWS\system32\2014-12-28-01-10-36.020-AvastVBoxSVC.exe-8052.log
2014-12-28 01:27 - 2014-12-28 01:27 - 00001899 _____ () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2014-12-28 01:23 - 2014-12-28 01:23 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-12-28 01:23 - 2014-12-28 01:23 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-12-28 01:10 - 2014-12-28 01:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2014-12-28 01:10 - 2014-12-28 01:11 - 00000000 ____D () C:\WINDOWS\system32\vbox
2014-12-28 01:08 - 2014-12-28 01:23 - 00001991 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-28 01:08 - 2014-12-28 01:08 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\AVAST Software
2014-12-28 01:08 - 2014-12-28 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-28 01:07 - 2014-12-30 13:23 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-12-28 01:04 - 2014-12-28 01:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-28 01:04 - 2014-12-28 01:28 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Google
2014-12-28 01:03 - 2014-12-28 01:23 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-12-28 01:03 - 2014-12-28 01:03 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\LockHunter
2014-12-28 01:03 - 2014-12-28 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2014-12-28 01:03 - 2014-12-28 01:03 - 00000000 ____D () C:\Program Files\LockHunter
2014-12-28 01:02 - 2014-12-28 01:02 - 03029032 _____ (Crystal Rich Ltd ) C:\Users\janeisklar\Downloads\lockhuntersetup_3-1-1.exe
2014-12-28 01:02 - 2014-12-28 01:02 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-28 01:00 - 2014-12-28 01:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-28 00:46 - 2014-12-28 14:26 - 00000000 ____D () C:\ProgramData\MojjUtaw
2014-12-28 00:45 - 2014-12-28 00:45 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-12-28 00:44 - 2014-12-28 14:02 - 00000000 ___HD () C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2014-12-28 00:44 - 2014-12-28 00:44 - 00000000 ____D () C:\ProgramData\poeecxg
2014-12-28 00:39 - 2014-12-28 05:44 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Iquqbepy
2014-12-27 22:57 - 2014-12-27 22:57 - 00057096 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2014-12-27 22:57 - 2014-12-27 22:57 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\SysWOW64\certsentry.dll
2014-12-27 22:57 - 2014-12-27 22:57 - 00001147 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2014-12-27 22:57 - 2014-12-27 22:57 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Comodo
2014-12-27 22:57 - 2014-12-27 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-12-27 22:57 - 2014-12-27 22:57 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-12-27 22:56 - 2014-12-27 22:56 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2014-12-27 22:52 - 2014-12-27 22:55 - 53161456 _____ (Comodo) C:\Users\janeisklar\Downloads\dragonsetup.exe
2014-12-27 20:16 - 2014-12-30 12:33 - 00378992 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-27 12:30 - 2014-12-27 12:30 - 00083380 _____ () C:\Users\janeisklar\Documents\naxusqt.xml
2014-12-27 11:04 - 2014-12-27 11:04 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Rawr
2014-12-26 18:47 - 2014-12-26 18:48 - 16521403 _____ () C:\Users\janeisklar\Downloads\Rawr v2.3.22.zip
2014-12-22 12:02 - 2014-12-30 12:26 - 00043520 ___SH () C:\Users\janeisklar\Downloads\Thumbs.db
2014-12-21 15:47 - 2014-12-21 15:47 - 00002782 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-21 15:47 - 2014-12-21 15:47 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-21 15:47 - 2014-12-21 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-21 15:47 - 2014-12-21 15:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-21 15:46 - 2014-12-21 15:46 - 04036200 _____ (Piriform Ltd) C:\Users\janeisklar\Downloads\ccsetup500_slim.exe
2014-12-21 15:07 - 2014-12-21 15:07 - 00000000 _____ () C:\autoexec.bat
2014-12-21 15:04 - 2014-12-21 15:04 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\janeisklar\Downloads\SpyHunter-Installer.exe
2014-12-21 14:23 - 2014-12-21 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-21 14:23 - 2014-12-21 14:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-21 11:02 - 2014-12-21 11:15 - 131078000 _____ (AVAST Software) C:\Users\janeisklar\Downloads\avast_free_antivirus_setup.exe
2014-12-21 10:38 - 2014-12-28 01:12 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Ovqkics
2014-12-20 17:13 - 2014-12-20 17:14 - 00000285 _____ () C:\Users\janeisklar\.dsa4.properties
2014-12-20 17:13 - 2014-12-20 17:14 - 00000000 ____D () C:\Users\janeisklar\helden
2014-12-20 17:13 - 2014-12-20 17:13 - 00002789 _____ () C:\Users\janeisklar\.heldEinstellungen4_1.xml
2014-12-20 17:09 - 2014-12-20 17:09 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Helden-Software
2014-12-20 17:09 - 2014-12-20 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helden-Software
2014-12-20 17:09 - 2014-12-20 17:09 - 00000000 ____D () C:\Program Files (x86)\Helden-Software
2014-12-20 17:07 - 2014-12-20 17:07 - 07560776 _____ (www.helden-software.de) C:\Users\janeisklar\Downloads\setup-helden-software-5.3.3.exe
2014-12-20 10:06 - 2014-12-28 01:12 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Ewqztion
2014-12-20 00:24 - 2014-12-20 00:24 - 02385724 _____ () C:\Users\janeisklar\Downloads\AMIDST-3.6.exe
2014-12-17 12:40 - 2014-12-17 12:41 - 02104188 _____ () C:\Users\janeisklar\Downloads\SkyBlock-Map.zip
2014-12-17 12:37 - 2014-12-17 12:37 - 03103454 _____ () C:\Users\janeisklar\Downloads\SkyBlock 2.1.zip
2014-12-16 08:27 - 2014-12-16 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-16 08:27 - 2014-12-16 08:27 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-14 16:47 - 2014-12-14 16:47 - 00001625 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-12-14 16:46 - 2014-12-14 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-12-14 12:40 - 2014-12-26 19:15 - 00000000 ____D () C:\Users\janeisklar\Downloads\WoW_3.3.5a_rising-gods.de
2014-12-14 11:05 - 2014-12-14 11:08 - 80461108 _____ () C:\Users\janeisklar\Downloads\Broken Bells - After The Disco [2014].rar
2014-12-13 17:01 - 2014-12-13 17:01 - 00045112 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2014-12-13 16:11 - 2014-12-13 16:11 - 00394754 _____ () C:\Users\janeisklar\Downloads\soundboard-1.0b5-win64.ts3_plugin
2014-12-13 13:45 - 2014-12-13 13:45 - 00066728 _____ (Eugene V. Muzychenko) C:\WINDOWS\system32\Drivers\vrtaucbl.sys
2014-12-13 13:45 - 2014-12-13 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-12-13 13:45 - 2014-12-13 13:45 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-12-13 13:43 - 2014-12-13 13:44 - 00000000 ____D () C:\Users\janeisklar\Desktop\vac
2014-12-13 13:42 - 2014-12-13 13:42 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\WinRAR
2014-12-13 13:42 - 2014-12-13 13:42 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-13 13:42 - 2014-12-13 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-13 13:42 - 2014-12-13 13:42 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-12-13 13:41 - 2014-12-13 13:41 - 01870680 _____ () C:\Users\janeisklar\Downloads\wrar520d.exe
2014-12-13 13:41 - 2014-12-13 13:41 - 00281432 _____ () C:\Users\janeisklar\Downloads\Virtual-Audio-Cable-4.10.7z
2014-12-09 19:41 - 2014-12-09 19:41 - 00001189 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-12-09 19:41 - 2014-12-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-12-09 19:41 - 2014-12-09 19:41 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-12-09 19:38 - 2014-12-09 19:39 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\janeisklar\Downloads\TeamSpeak3-Client-win32-3.0.16(1).exe
2014-12-09 16:33 - 2014-12-09 16:35 - 30668968 _____ (Riot Games) C:\Users\janeisklar\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe
2014-12-09 13:44 - 2014-12-09 13:44 - 00675988 _____ () C:\Users\janeisklar\Desktop\Minecraft.exe
2014-12-09 13:19 - 2014-12-09 13:46 - 00000013 _____ () C:\Users\janeisklar\Desktop\Neues Textdokument.txt
2014-12-08 22:54 - 2014-12-08 22:55 - 00002017 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2014-12-08 22:54 - 2014-12-08 22:55 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-12-08 22:54 - 2014-12-08 22:54 - 00002064 _____ () C:\Users\janeisklar\Desktop\JDownloader.lnk
2014-12-08 22:54 - 2014-12-08 22:54 - 00002028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2014-12-08 22:54 - 2014-12-08 22:54 - 00001951 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2014-12-08 22:50 - 2014-12-08 22:50 - 00296144 _____ () C:\Users\janeisklar\Downloads\install_jd_one.exe
2014-12-07 23:52 - 2014-12-07 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-04 18:27 - 2014-12-29 11:41 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\LogMeIn Hamachi
2014-12-04 18:27 - 2014-12-04 18:27 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\LogMeIn
2014-12-04 18:27 - 2014-12-04 18:27 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-04 10:21 - 2014-12-16 08:27 - 00000949 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-12-04 07:54 - 2014-12-04 07:54 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\java
2014-12-04 07:53 - 2014-12-30 03:48 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\.minecraft
2014-12-04 07:53 - 2014-12-04 07:53 - 00000000 ____D () C:\ProgramData\Sun
2014-12-04 07:53 - 2014-12-04 07:52 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-12-04 07:52 - 2014-12-04 07:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-04 07:52 - 2014-12-04 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-04 07:52 - 2014-12-04 07:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-04 07:51 - 2014-12-04 07:51 - 00638888 _____ (Oracle Corporation) C:\Users\janeisklar\Downloads\jxpiinstall.exe
2014-12-03 10:15 - 2014-12-30 13:32 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-03 10:15 - 2014-12-09 18:32 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-02 21:16 - 2014-12-02 21:19 - 49942613 _____ () C:\Users\janeisklar\Downloads\chrismiles - fuckitep.zip
2014-12-01 11:21 - 2014-12-01 11:29 - 00000000 ____D () C:\rads

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 13:32 - 2014-11-15 18:16 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2855763909-2318779563-1536155455-1002
2014-12-30 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-30 12:13 - 2014-11-19 20:13 - 00009216 ___SH () C:\Users\janeisklar\Desktop\Thumbs.db
2014-12-30 12:12 - 2014-08-14 13:10 - 02043354 _____ () C:\WINDOWS\SysWOW64\rootpa.e2e
2014-12-30 12:11 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-30 05:06 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-30 04:15 - 2014-11-16 13:24 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\foobar2000
2014-12-30 02:23 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\TS3Client
2014-12-29 11:50 - 2014-08-14 13:23 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-12-29 03:58 - 2014-11-15 18:09 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Pokki
2014-12-28 14:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-28 14:26 - 2014-11-26 09:56 - 00001795 _____ () C:\Users\janeisklar\Desktop\CyberGhost 5.lnk
2014-12-28 14:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\InputMethod
2014-12-28 13:45 - 2014-11-15 18:09 - 00000000 ____D () C:\Users\janeisklar
2014-12-28 11:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-28 05:46 - 2013-08-22 15:44 - 00374456 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-28 00:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2014-12-26 18:08 - 2014-08-14 13:33 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-12-21 15:51 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-12-21 15:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-12-21 15:48 - 2014-11-17 21:47 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\uTorrent
2014-12-21 15:48 - 2014-11-16 20:17 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-21 15:48 - 2014-04-02 18:34 - 00000000 ____D () C:\WINDOWS\Panther
2014-12-21 14:37 - 2014-11-15 18:13 - 00002352 _____ () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-18 11:55 - 2014-08-14 22:50 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-18 11:55 - 2014-08-14 22:50 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-18 11:55 - 2014-03-18 10:53 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-18 11:53 - 2014-11-17 07:04 - 00002181 _____ () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startmenü.lnk
2014-12-14 16:47 - 2014-11-15 18:47 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Riot Games
2014-12-08 15:14 - 2014-11-16 08:42 - 00000000 ____D () C:\mukke
2014-12-08 07:35 - 2014-11-15 18:20 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Nitro PDF
2014-12-07 23:52 - 2014-11-16 13:22 - 00000000 ____D () C:\Program Files (x86)\EA Games

Some content of TEMP:
====================
C:\Users\janeisklar\AppData\Local\Temp\Quarantine.exe
C:\Users\janeisklar\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-30 13:24

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by janeisklar at 2014-12-30 13:35:56
Running from C:\Users\janeisklar\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\uTorrent) (Version: 3.4.2.36044 - BitTorrent Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A0EE5DB1-8E1F-7BB2-6734-9CDC5E8DF0DD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
BEACON (HKLM-x32\...\{259BF8E7-28DB-461F-8D7F-7B6E267D2502}_is1) (Version: 1.4.0509.0 - Lenovo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
foobar2000 v1.3.5 (HKLM-x32\...\foobar2000) (Version: 1.3.5 - Peter Pawlowski)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.32.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Web Start (HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
NVIDIA PhysX v8.10.17 (HKLM-x32\...\{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}) (Version: 8.10.17 - NVIDIA Corporation)
Ozone Radon (HKLM-x32\...\{B50AB875-64A2-4D12-BB48-B15611B48CE0}) (Version: 1.0.0 - Ozone Gaming)
PSP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Startmenü (HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\Pokki_Start_Menu) (Version: 0.269.5.339 - Pokki)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2855763909-2318779563-1536155455-1002_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\d3d10core.dll No File

==================== Restore Points  =========================

04-12-2014 07:50:08 Removed League of Legends
07-12-2014 23:43:08 Removed League of Legends
09-12-2014 16:36:04 Installed League of Legends
14-12-2014 10:12:30 Removed League of Legends
21-12-2014 13:54:31 Geplanter Prüfpunkt
28-12-2014 01:01:26 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1BF15E35-6C57-4143-A8D2-22256A26BFBD} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-11-21] ()
Task: {2DE04A1D-3348-4F5C-9C97-FF04EC86E86C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-18] (Lenovo)
Task: {464A35AC-CCE4-4586-8E62-E0FA3347F006} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {4DE59D33-0C16-4EED-89C4-A7DF60D88847} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2014-12-26] (Lenovo)
Task: {ACE739DD-9ED2-4603-8DD5-467E977FD591} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {AED31EE3-96A9-4ABC-A62D-8AF5B95834E4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-28] (AVAST Software)
Task: {EE666853-5A11-4810-ADE1-C19E2AC22B91} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-10-31 23:27 - 2014-10-31 23:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-12-28 01:23 - 2014-12-28 01:23 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-28 01:23 - 2014-12-28 01:23 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-03-25 09:23 - 2014-03-25 09:23 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-11-07 03:23 - 2014-11-07 03:23 - 00289792 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2014-12-28 01:23 - 2014-12-28 01:23 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-30 12:11 - 2014-12-30 12:11 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14123000\algo.dll
2014-12-28 01:23 - 2014-12-28 01:23 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-18 23:28 - 2014-01-04 01:20 - 34755072 _____ () C:\Users\janeisklar\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-11-07 03:21 - 2014-11-07 03:21 - 00193024 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2014-11-18 23:28 - 2014-01-04 01:20 - 00970240 _____ () C:\Users\janeisklar\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll
2014-09-24 15:35 - 2014-09-24 15:35 - 00569856 _____ () C:\Users\janeisklar\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2014-09-24 15:35 - 2014-09-24 15:35 - 01400846 _____ () C:\Users\janeisklar\AppData\Local\Pokki\Engine\avcodec-54.dll
2014-09-24 15:35 - 2014-09-24 15:35 - 00151054 _____ () C:\Users\janeisklar\AppData\Local\Pokki\Engine\avutil-51.dll
2014-09-24 15:35 - 2014-09-24 15:35 - 00222734 _____ () C:\Users\janeisklar\AppData\Local\Pokki\Engine\avformat-54.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: Lenovo System Agent Service => 2
MSCONFIG\Services: MpsSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "FamilySafetyGuide.lnk"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "LVT"
HKLM\...\StartupApproved\Run32: => "jmekey"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "jmesoft"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SPDriver"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "Ewqztion"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "SPDriver"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "Ovqkics"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "Eldltion"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "YTDownloader"

========================= Accounts: ==========================

Administrator (S-1-5-21-2855763909-2318779563-1536155455-500 - Administrator - Disabled)
Gast (S-1-5-21-2855763909-2318779563-1536155455-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2855763909-2318779563-1536155455-1004 - Limited - Enabled)
janeisklar (S-1-5-21-2855763909-2318779563-1536155455-1002 - Administrator - Enabled) => C:\Users\janeisklar

==================== Faulty Device Manager Devices =============

Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2014 01:28:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 01:25:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 00:26:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 00:26:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 00:26:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 00:26:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 00:26:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 00:26:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/29/2014 07:10:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.


System errors:
=============
Error: (12/30/2014 01:24:55 PM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/30/2014 01:24:25 PM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/30/2014 00:11:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%2147944153

Error: (12/30/2014 05:06:06 AM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/30/2014 05:06:06 AM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/30/2014 05:05:53 AM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/30/2014 05:05:53 AM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/30/2014 04:57:24 AM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/30/2014 04:56:54 AM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/30/2014 04:56:24 AM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (12/30/2014 01:28:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/30/2014 01:25:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/30/2014 00:26:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\janeisklar\Downloads\esetsmartinstaller_deu.exe

Error: (12/30/2014 00:26:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\janeisklar\Downloads\esetsmartinstaller_deu.exe

Error: (12/30/2014 00:26:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\janeisklar\Downloads\esetsmartinstaller_deu.exe

Error: (12/30/2014 00:26:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\janeisklar\Downloads\esetsmartinstaller_deu.exe

Error: (12/30/2014 00:26:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\janeisklar\Downloads\esetsmartinstaller_deu.exe

Error: (12/30/2014 00:26:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\janeisklar\Downloads\esetsmartinstaller_deu.exe

Error: (12/29/2014 07:10:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\janeisklar\AppData\Local\Pokki\Engine\HostAppService.exe


==================== Memory info =========================== 

Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics 
Percentage of memory in use: 46%
Total physical RAM: 3518.09 MB
Available physical RAM: 1891.45 MB
Total Pagefile: 4606.09 MB
Available Pagefile: 2526.16 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:316.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 880B7167)

Partition: GPT Partition Type.

==================== End Of Log ============================
         


Alt 31.12.2014, 13:25   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8 - Versuchte Registryänderung - Standard

Win 8 - Versuchte Registryänderung



Java nd Flash updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B49597FAE.lnk
ShortcutTarget: B49597FAE.lnk -> C:\PROGRA~3\EAF79594B.cpp (No File)
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:60267;https=127.0.0.1:60267
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte.
__________________
--> Win 8 - Versuchte Registryänderung

Alt 02.01.2015, 21:10   #7
Naxus
 
Win 8 - Versuchte Registryänderung - Standard

Win 8 - Versuchte Registryänderung



Hier der FRST Fix:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by janeisklar at 2015-01-02 11:29:49 Run:1
Running from C:\Users\janeisklar\Desktop
Loaded Profile: janeisklar (Available profiles: janeisklar & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B49597FAE.lnk
ShortcutTarget: B49597FAE.lnk -> C:\PROGRA~3\EAF79594B.cpp (No File)
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:60267;https=127.0.0.1:60267
Emptytemp:
*****************

C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B49597FAE.lnk => Moved successfully.
C:\PROGRA~3\EAF79594B.cpp not found.
"HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 459.6 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 11:31:56 ====
         
Und hier der FRST Log

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by janeisklar (administrator) on PIZZAPLANET on 02-01-2015 21:04:30
Running from C:\Users\janeisklar\Desktop
Loaded Profile: janeisklar (Available profiles: janeisklar & Gast)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Dragon)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NOX) C:\Program Files (x86)\Ozone Gaming\Ozone Radon\Ozone_Radon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\janeisklar\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [Ozone Radon Gaming Mouse] => C:\Program Files (x86)\Ozone Gaming\Ozone Radon\Ozone_Radon.exe [25473024 2011-09-28] (NOX)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-28] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:60267;https=127.0.0.1:60267
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2855763909-2318779563-1536155455-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2855763909-2318779563-1536155455-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2855763909-2318779563-1536155455-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\janeisklar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: cookiekillerjosephmoran - C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default\Extensions\cookiekiller@joseph.moran [2014-12-27]
FF Extension: 2e17e2b2b8d44a678d7bfafa6cc9d1d0 - C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0} [2014-12-27]
FF Extension: Adblock Edge - C:\Users\janeisklar\AppData\Roaming\Mozilla\Firefox\Profiles\kmpgplgm.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-28]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-28] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-28] (Avast Software)
S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
S4 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-11-21] (LENOVO INCORPORATED.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-16] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-04-16] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-16] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-28] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-28] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 21:04 - 2015-01-02 21:05 - 00013271 _____ () C:\Users\janeisklar\Desktop\FRST.txt
2015-01-02 20:58 - 2015-01-02 20:58 - 00000247 _____ () C:\WINDOWS\system32\2015-01-02-19-58-34.083-aswFe.exe-5952.log
2015-01-02 20:49 - 2015-01-02 20:58 - 00000247 _____ () C:\WINDOWS\system32\2015-01-02-19-49-38.023-aswFe.exe-5448.log
2015-01-02 20:49 - 2015-01-02 20:49 - 00000197 _____ () C:\WINDOWS\system32\2015-01-02-19-49-36.018-AvastVBoxSVC.exe-4800.log
2015-01-02 17:50 - 2015-01-02 17:50 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-01-02 17:50 - 2015-01-02 17:50 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-01-02 17:50 - 2015-01-02 17:50 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2015-01-02 17:50 - 2015-01-02 17:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-01-02 17:50 - 2015-01-02 17:50 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-01-02 17:50 - 2015-01-02 17:50 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2015-01-02 17:50 - 2015-01-02 17:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-01-02 17:50 - 2015-01-02 17:50 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-01-02 17:50 - 2015-01-02 17:50 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2015-01-02 17:50 - 2015-01-02 17:50 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2015-01-02 17:50 - 2015-01-02 17:50 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-01-02 17:50 - 2015-01-02 17:50 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-01-02 17:50 - 2015-01-02 17:50 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-01-02 17:50 - 2015-01-02 17:50 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-01-02 11:53 - 2015-01-02 11:53 - 00000247 _____ () C:\WINDOWS\system32\2015-01-02-10-53-51.072-aswFe.exe-3376.log
2015-01-02 11:48 - 2015-01-02 11:53 - 00000247 _____ () C:\WINDOWS\system32\2015-01-02-10-48-00.004-aswFe.exe-2464.log
2015-01-02 11:47 - 2015-01-02 11:48 - 00000197 _____ () C:\WINDOWS\system32\2015-01-02-10-47-58.044-AvastVBoxSVC.exe-3412.log
2015-01-02 11:28 - 2015-01-02 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-02 11:28 - 2015-01-02 11:27 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-02 11:27 - 2015-01-02 11:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-02 11:23 - 2015-01-02 11:23 - 00638888 _____ (Oracle Corporation) C:\Users\janeisklar\Downloads\chromeinstall-8u25.exe
2015-01-02 11:17 - 2015-01-02 11:17 - 00000247 _____ () C:\WINDOWS\system32\2015-01-02-10-17-38.019-aswFe.exe-5012.log
2015-01-02 11:11 - 2015-01-02 11:17 - 00000247 _____ () C:\WINDOWS\system32\2015-01-02-10-11-57.006-aswFe.exe-5588.log
2015-01-02 11:11 - 2015-01-02 11:11 - 00000197 _____ () C:\WINDOWS\system32\2015-01-02-10-11-55.020-AvastVBoxSVC.exe-3532.log
2015-01-01 23:17 - 2015-01-01 23:17 - 00000247 _____ () C:\WINDOWS\system32\2015-01-01-22-17-07.068-aswFe.exe-1420.log
2015-01-01 23:09 - 2015-01-01 23:16 - 00000247 _____ () C:\WINDOWS\system32\2015-01-01-22-09-29.003-aswFe.exe-5236.log
2015-01-01 23:09 - 2015-01-01 23:09 - 00000197 _____ () C:\WINDOWS\system32\2015-01-01-22-09-26.030-AvastVBoxSVC.exe-3840.log
2014-12-31 11:23 - 2014-12-31 11:23 - 00000247 _____ () C:\WINDOWS\system32\2014-12-31-10-23-31.005-aswFe.exe-3840.log
2014-12-31 11:17 - 2014-12-31 11:23 - 00000247 _____ () C:\WINDOWS\system32\2014-12-31-10-17-35.087-aswFe.exe-5052.log
2014-12-31 11:17 - 2014-12-31 11:17 - 00000197 _____ () C:\WINDOWS\system32\2014-12-31-10-17-33.041-AvastVBoxSVC.exe-5828.log
2014-12-30 14:03 - 2014-12-30 15:50 - 00000050 _____ () C:\Users\janeisklar\Desktop\mc.txt
2014-12-30 13:35 - 2014-12-30 13:56 - 00000168 _____ () C:\Users\janeisklar\Desktop\bewerbung.txt
2014-12-30 13:35 - 2014-12-30 13:36 - 00030732 _____ () C:\Users\janeisklar\Downloads\Addition.txt
2014-12-30 13:34 - 2014-12-30 13:39 - 00040648 _____ () C:\Users\janeisklar\Downloads\FRST.txt
2014-12-30 13:32 - 2014-12-30 13:32 - 00001186 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-30 13:32 - 2014-12-30 13:32 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-30 13:32 - 2014-12-30 13:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-30 13:32 - 2014-12-30 13:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-30 12:54 - 2014-12-30 12:54 - 00852505 _____ () C:\Users\janeisklar\Desktop\SecurityCheck.exe
2014-12-30 12:51 - 2014-12-30 12:51 - 00244264 _____ () C:\Users\janeisklar\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-30 12:31 - 2014-12-30 12:31 - 00000247 _____ () C:\WINDOWS\system32\2014-12-30-11-31-08.003-aswFe.exe-2560.log
2014-12-30 12:24 - 2014-12-30 12:30 - 00000247 _____ () C:\WINDOWS\system32\2014-12-30-11-24-11.007-aswFe.exe-4884.log
2014-12-30 12:24 - 2014-12-30 12:24 - 02347384 _____ (ESET) C:\Users\janeisklar\Downloads\esetsmartinstaller_deu.exe
2014-12-30 12:24 - 2014-12-30 12:24 - 00000197 _____ () C:\WINDOWS\system32\2014-12-30-11-24-06.076-AvastVBoxSVC.exe-3268.log
2014-12-30 04:54 - 2014-12-30 04:54 - 00000000 ____D () C:\Users\janeisklar\Documents\MCEdit
2014-12-30 04:53 - 2014-12-30 04:54 - 00000000 ____D () C:\Program Files\mcedit
2014-12-30 04:49 - 2014-12-30 04:52 - 32214425 _____ () C:\Users\janeisklar\Downloads\MCEdit.v1.2.4.0.Win.64bit.exe
2014-12-29 16:31 - 2015-01-02 03:59 - 00000273 _____ () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2014-12-29 16:26 - 2014-12-29 16:26 - 00031768 _____ () C:\Users\janeisklar\Downloads\VillageInfo_1.8.zip
2014-12-29 16:24 - 2014-12-29 16:24 - 00029515 _____ () C:\Users\janeisklar\Downloads\SlimeMod_1.8.zip
2014-12-29 12:12 - 2014-12-29 12:12 - 00000247 _____ () C:\WINDOWS\system32\2014-12-29-11-12-44.082-aswFe.exe-34732.log
2014-12-29 12:11 - 2015-01-02 21:04 - 00000000 ____D () C:\FRST
2014-12-29 12:06 - 2014-12-29 12:06 - 02123264 _____ (Farbar) C:\Users\janeisklar\Desktop\FRST64.exe
2014-12-29 12:04 - 2014-12-29 12:12 - 00000247 _____ () C:\WINDOWS\system32\2014-12-29-11-04-36.093-aswFe.exe-34804.log
2014-12-29 12:04 - 2014-12-29 12:04 - 00000197 _____ () C:\WINDOWS\system32\2014-12-29-11-04-34.064-AvastVBoxSVC.exe-3440.log
2014-12-29 11:56 - 2014-12-29 11:56 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-29 11:47 - 2014-12-29 11:51 - 00000000 ____D () C:\AdwCleaner
2014-12-29 11:47 - 2014-12-29 11:47 - 01707939 _____ (Thisisu) C:\Users\janeisklar\Downloads\JRT.exe
2014-12-29 11:46 - 2014-12-29 11:46 - 02173952 _____ () C:\Users\janeisklar\Downloads\adwcleaner_4.106.exe
2014-12-29 11:43 - 2014-12-29 11:44 - 00000247 _____ () C:\WINDOWS\system32\2014-12-29-10-43-59.005-aswFe.exe-5148.log
2014-12-29 11:42 - 2014-12-30 13:46 - 00000000 ____D () C:\Users\janeisklar\Desktop\Viren
2014-12-29 11:33 - 2014-12-29 11:43 - 00000247 _____ () C:\WINDOWS\system32\2014-12-29-10-33-47.069-aswFe.exe-4384.log
2014-12-29 11:33 - 2014-12-29 11:33 - 00000197 _____ () C:\WINDOWS\system32\2014-12-29-10-33-45.036-AvastVBoxSVC.exe-1952.log
2014-12-28 15:17 - 2014-12-28 15:17 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\WinRAR
2014-12-28 14:40 - 2013-08-22 14:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141228-144030.backup
2014-12-28 14:28 - 2014-12-28 14:32 - 02239542 _____ () C:\regsvr32.bmp
2014-12-28 14:26 - 2014-12-28 14:32 - 02239542 _____ () C:\Users\janeisklar\Desktop\regsvr32.bmp
2014-12-28 14:20 - 2014-12-28 14:21 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-13-20-58.021-aswFe.exe-3108.log
2014-12-28 14:19 - 2014-12-28 14:19 - 00380416 _____ () C:\Users\Gast\Downloads\2ff1hzu4.exe
2014-12-28 14:15 - 2014-12-28 14:20 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-13-15-33.004-aswFe.exe-3056.log
2014-12-28 14:15 - 2014-12-28 14:15 - 00000197 _____ () C:\WINDOWS\system32\2014-12-28-13-15-30.089-AvastVBoxSVC.exe-724.log
2014-12-28 14:13 - 2014-12-28 14:13 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nitro PDF
2014-12-28 14:12 - 2014-12-28 14:12 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieUserList
2014-12-28 14:12 - 2014-12-28 14:12 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieSiteList
2014-12-28 14:10 - 2014-12-28 14:23 - 00000000 ____D () C:\Users\Gast\Desktop\scan files
2014-12-28 14:08 - 2014-12-28 14:08 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Macromedia
2014-12-28 14:03 - 2014-12-28 14:21 - 00000000 ____D () C:\Users\Gast\AppData\Local\LogMeIn Hamachi
2014-12-28 14:03 - 2014-12-28 14:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\LogMeIn
2014-12-28 14:00 - 2014-12-28 14:01 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\TS3Client
2014-12-28 13:47 - 2014-12-28 13:47 - 02122752 _____ (Farbar) C:\Users\Gast\Downloads\FRST64.exe
2014-12-28 13:45 - 2014-12-28 13:45 - 00000000 _____ () C:\Users\janeisklar\defogger_reenable
2014-12-28 13:44 - 2014-12-28 13:44 - 00050477 _____ () C:\Users\Gast\Downloads\Defogger.exe
2014-12-28 13:39 - 2014-12-29 11:19 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 13:39 - 2014-12-28 13:39 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-28 13:39 - 2014-12-28 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-28 13:39 - 2014-12-28 13:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-28 13:39 - 2014-12-28 13:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-28 13:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-28 13:39 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-28 13:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-28 13:30 - 2014-12-28 13:31 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Gast\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-28 13:23 - 2014-12-28 13:23 - 00000000 ____D () C:\Users\Public\Pokki
2014-12-28 13:23 - 2014-12-28 13:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-12-28 13:22 - 2014-12-28 14:43 - 00002171 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2014-12-28 13:22 - 2014-12-28 13:22 - 00002402 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk
2014-12-28 13:22 - 2014-12-28 13:22 - 00002342 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\AVAST Software
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\ATI
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Local\Razer
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Local\ATI
2014-12-28 13:20 - 2014-12-28 13:20 - 00000000 ____D () C:\Users\Gast\AppData\Local\AMD
2014-12-28 13:19 - 2014-12-28 13:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Pokki
2014-12-28 13:19 - 2014-12-28 13:19 - 00001461 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-28 13:19 - 2014-12-28 13:19 - 00000020 ___SH () C:\Users\Gast\ntuser.ini
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Vorlagen
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Startmenü
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Lokale Einstellungen
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Eigene Dateien
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Anwendungsdaten
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 _SHDL () C:\Users\Gast\Anwendungsdaten
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore
2014-12-28 13:19 - 2014-12-28 13:19 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-12-28 13:19 - 2014-03-18 11:06 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-28 13:19 - 2014-03-18 11:06 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-28 13:19 - 2014-03-18 10:54 - 00000369 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-28 13:19 - 2014-03-18 10:54 - 00000369 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-28 13:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-28 13:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-28 13:18 - 2014-12-28 13:19 - 00000000 ____D () C:\Users\Gast
2014-12-28 13:12 - 2014-12-28 13:12 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-12-12-13.060-aswFe.exe-4244.log
2014-12-28 13:04 - 2014-12-29 11:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-28 13:04 - 2014-12-28 15:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-28 13:04 - 2014-12-28 13:12 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-12-04-46.021-aswFe.exe-4964.log
2014-12-28 13:04 - 2014-12-28 13:04 - 00000197 _____ () C:\WINDOWS\system32\2014-12-28-12-04-42.094-AvastVBoxSVC.exe-1504.log
2014-12-28 13:04 - 2014-12-28 13:04 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-12-28 12:59 - 2014-12-28 13:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\janeisklar\Downloads\spybot-2.4.exe
2014-12-28 05:45 - 2015-01-02 11:33 - 00010670 _____ () C:\WINDOWS\PFRO.log
2014-12-28 02:48 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-28 02:23 - 2014-12-28 02:23 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-01-23-41.042-aswFe.exe-8084.log
2014-12-28 02:11 - 2014-12-28 02:23 - 00000247 _____ () C:\WINDOWS\system32\2014-12-28-01-11-56.015-aswFe.exe-4244.log
2014-12-28 02:10 - 2014-12-28 02:10 - 00000197 _____ () C:\WINDOWS\system32\2014-12-28-01-10-36.020-AvastVBoxSVC.exe-8052.log
2014-12-28 01:27 - 2014-12-28 01:27 - 00001899 _____ () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2014-12-28 01:23 - 2014-12-28 01:23 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-12-28 01:23 - 2014-12-28 01:23 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-12-28 01:10 - 2014-12-28 01:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2014-12-28 01:10 - 2014-12-28 01:11 - 00000000 ____D () C:\WINDOWS\system32\vbox
2014-12-28 01:08 - 2014-12-28 01:23 - 00001991 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-28 01:08 - 2014-12-28 01:08 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\AVAST Software
2014-12-28 01:08 - 2014-12-28 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-28 01:07 - 2015-01-02 20:41 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-12-28 01:04 - 2014-12-28 01:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-28 01:04 - 2014-12-28 01:28 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Google
2014-12-28 01:03 - 2014-12-28 01:23 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-12-28 01:03 - 2014-12-28 01:23 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-12-28 01:03 - 2014-12-28 01:03 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\LockHunter
2014-12-28 01:03 - 2014-12-28 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2014-12-28 01:03 - 2014-12-28 01:03 - 00000000 ____D () C:\Program Files\LockHunter
2014-12-28 01:02 - 2014-12-28 01:02 - 03029032 _____ (Crystal Rich Ltd ) C:\Users\janeisklar\Downloads\lockhuntersetup_3-1-1.exe
2014-12-28 01:02 - 2014-12-28 01:02 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-28 01:00 - 2014-12-28 01:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-28 00:46 - 2014-12-28 14:26 - 00000000 ____D () C:\ProgramData\MojjUtaw
2014-12-28 00:45 - 2014-12-28 00:45 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-12-28 00:44 - 2014-12-28 14:02 - 00000000 ___HD () C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2014-12-28 00:44 - 2014-12-28 00:44 - 00000000 ____D () C:\ProgramData\poeecxg
2014-12-28 00:39 - 2014-12-28 05:44 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Iquqbepy
2014-12-27 22:57 - 2014-12-27 22:57 - 00057096 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2014-12-27 22:57 - 2014-12-27 22:57 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\SysWOW64\certsentry.dll
2014-12-27 22:57 - 2014-12-27 22:57 - 00001147 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2014-12-27 22:57 - 2014-12-27 22:57 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Comodo
2014-12-27 22:57 - 2014-12-27 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-12-27 22:57 - 2014-12-27 22:57 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-12-27 22:56 - 2014-12-27 22:56 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2014-12-27 22:52 - 2014-12-27 22:55 - 53161456 _____ (Comodo) C:\Users\janeisklar\Downloads\dragonsetup.exe
2014-12-27 20:16 - 2015-01-02 20:48 - 00565518 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-27 12:30 - 2014-12-27 12:30 - 00083380 _____ () C:\Users\janeisklar\Documents\naxusqt.xml
2014-12-27 11:04 - 2014-12-27 11:04 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Rawr
2014-12-26 18:47 - 2014-12-26 18:48 - 16521403 _____ () C:\Users\janeisklar\Downloads\Rawr v2.3.22.zip
2014-12-22 12:02 - 2015-01-02 21:03 - 00043520 ___SH () C:\Users\janeisklar\Downloads\Thumbs.db
2014-12-21 15:47 - 2014-12-21 15:47 - 00002782 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-21 15:47 - 2014-12-21 15:47 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-21 15:47 - 2014-12-21 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-21 15:47 - 2014-12-21 15:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-21 15:46 - 2014-12-21 15:46 - 04036200 _____ (Piriform Ltd) C:\Users\janeisklar\Downloads\ccsetup500_slim.exe
2014-12-21 15:07 - 2014-12-21 15:07 - 00000000 _____ () C:\autoexec.bat
2014-12-21 15:04 - 2014-12-21 15:04 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\janeisklar\Downloads\SpyHunter-Installer.exe
2014-12-21 14:23 - 2014-12-21 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-21 14:23 - 2014-12-21 14:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-21 11:02 - 2014-12-21 11:15 - 131078000 _____ (AVAST Software) C:\Users\janeisklar\Downloads\avast_free_antivirus_setup.exe
2014-12-21 10:38 - 2014-12-28 01:12 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Ovqkics
2014-12-20 17:13 - 2014-12-20 17:14 - 00000285 _____ () C:\Users\janeisklar\.dsa4.properties
2014-12-20 17:13 - 2014-12-20 17:14 - 00000000 ____D () C:\Users\janeisklar\helden
2014-12-20 17:13 - 2014-12-20 17:13 - 00002789 _____ () C:\Users\janeisklar\.heldEinstellungen4_1.xml
2014-12-20 17:09 - 2014-12-20 17:09 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Helden-Software
2014-12-20 17:09 - 2014-12-20 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helden-Software
2014-12-20 17:09 - 2014-12-20 17:09 - 00000000 ____D () C:\Program Files (x86)\Helden-Software
2014-12-20 17:07 - 2014-12-20 17:07 - 07560776 _____ (www.helden-software.de) C:\Users\janeisklar\Downloads\setup-helden-software-5.3.3.exe
2014-12-20 10:06 - 2014-12-28 01:12 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Ewqztion
2014-12-20 00:24 - 2014-12-20 00:24 - 02385724 _____ () C:\Users\janeisklar\Downloads\AMIDST-3.6.exe
2014-12-17 12:40 - 2014-12-17 12:41 - 02104188 _____ () C:\Users\janeisklar\Downloads\SkyBlock-Map.zip
2014-12-17 12:37 - 2014-12-17 12:37 - 03103454 _____ () C:\Users\janeisklar\Downloads\SkyBlock 2.1.zip
2014-12-16 08:27 - 2014-12-16 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-16 08:27 - 2014-12-16 08:27 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-14 16:47 - 2014-12-14 16:47 - 00001625 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-12-14 16:46 - 2014-12-14 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-12-14 12:40 - 2014-12-26 19:15 - 00000000 ____D () C:\Users\janeisklar\Downloads\WoW_3.3.5a_rising-gods.de
2014-12-14 11:05 - 2014-12-14 11:08 - 80461108 _____ () C:\Users\janeisklar\Downloads\Broken Bells - After The Disco [2014].rar
2014-12-13 17:01 - 2014-12-13 17:01 - 00045112 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2014-12-13 16:11 - 2014-12-13 16:11 - 00394754 _____ () C:\Users\janeisklar\Downloads\soundboard-1.0b5-win64.ts3_plugin
2014-12-13 13:45 - 2014-12-13 13:45 - 00066728 _____ (Eugene V. Muzychenko) C:\WINDOWS\system32\Drivers\vrtaucbl.sys
2014-12-13 13:45 - 2014-12-13 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-12-13 13:45 - 2014-12-13 13:45 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-12-13 13:43 - 2014-12-13 13:44 - 00000000 ____D () C:\Users\janeisklar\Desktop\vac
2014-12-13 13:42 - 2014-12-13 13:42 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\WinRAR
2014-12-13 13:42 - 2014-12-13 13:42 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-13 13:42 - 2014-12-13 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-13 13:42 - 2014-12-13 13:42 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-12-13 13:41 - 2014-12-13 13:41 - 01870680 _____ () C:\Users\janeisklar\Downloads\wrar520d.exe
2014-12-13 13:41 - 2014-12-13 13:41 - 00281432 _____ () C:\Users\janeisklar\Downloads\Virtual-Audio-Cable-4.10.7z
2014-12-09 19:41 - 2014-12-09 19:41 - 00001189 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-12-09 19:41 - 2014-12-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-12-09 19:41 - 2014-12-09 19:41 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-12-09 19:38 - 2014-12-09 19:39 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\janeisklar\Downloads\TeamSpeak3-Client-win32-3.0.16(1).exe
2014-12-09 16:33 - 2014-12-09 16:35 - 30668968 _____ (Riot Games) C:\Users\janeisklar\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe
2014-12-09 13:44 - 2014-12-09 13:44 - 00675988 _____ () C:\Users\janeisklar\Desktop\Minecraft.exe
2014-12-09 13:19 - 2014-12-09 13:46 - 00000013 _____ () C:\Users\janeisklar\Desktop\Neues Textdokument.txt
2014-12-08 22:54 - 2014-12-08 22:55 - 00002017 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2014-12-08 22:54 - 2014-12-08 22:55 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-12-08 22:54 - 2014-12-08 22:54 - 00002064 _____ () C:\Users\janeisklar\Desktop\JDownloader.lnk
2014-12-08 22:54 - 2014-12-08 22:54 - 00002028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2014-12-08 22:54 - 2014-12-08 22:54 - 00001951 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2014-12-08 22:50 - 2014-12-08 22:50 - 00296144 _____ () C:\Users\janeisklar\Downloads\install_jd_one.exe
2014-12-07 23:52 - 2014-12-07 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-04 18:27 - 2014-12-31 14:08 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\LogMeIn Hamachi
2014-12-04 18:27 - 2014-12-04 18:27 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\LogMeIn
2014-12-04 18:27 - 2014-12-04 18:27 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-04 10:21 - 2014-12-16 08:27 - 00000949 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-12-04 07:54 - 2014-12-04 07:54 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\java
2014-12-04 07:53 - 2015-01-02 03:19 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\.minecraft
2014-12-04 07:53 - 2014-12-04 07:53 - 00000000 ____D () C:\ProgramData\Sun
2014-12-04 07:52 - 2014-12-04 07:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-04 07:51 - 2014-12-04 07:51 - 00638888 _____ (Oracle Corporation) C:\Users\janeisklar\Downloads\jxpiinstall.exe
2014-12-03 10:15 - 2015-01-02 20:32 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-03 10:15 - 2015-01-02 11:20 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 21:04 - 2014-11-16 11:12 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\TS3Client
2015-01-02 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-02 20:35 - 2014-08-14 13:10 - 02205505 _____ () C:\WINDOWS\SysWOW64\rootpa.e2e
2015-01-02 20:34 - 2014-11-15 18:09 - 00000000 ____D () C:\Users\janeisklar
2015-01-02 20:34 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-02 20:33 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-01-02 20:27 - 2014-11-16 13:24 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\foobar2000
2015-01-02 17:50 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-02 14:30 - 2014-11-15 18:16 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2855763909-2318779563-1536155455-1002
2015-01-02 13:25 - 2014-11-15 18:20 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Nitro PDF
2015-01-02 11:34 - 2014-11-19 20:13 - 00009216 ___SH () C:\Users\janeisklar\Desktop\Thumbs.db
2015-01-02 11:22 - 2014-11-15 18:30 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Adobe
2014-12-31 14:47 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-29 11:50 - 2014-08-14 13:23 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-12-29 03:58 - 2014-11-15 18:09 - 00000000 ____D () C:\Users\janeisklar\AppData\Local\Pokki
2014-12-28 14:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-28 14:26 - 2014-11-26 09:56 - 00001795 _____ () C:\Users\janeisklar\Desktop\CyberGhost 5.lnk
2014-12-28 14:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\InputMethod
2014-12-28 11:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-28 05:46 - 2013-08-22 15:44 - 00374456 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-28 00:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2014-12-26 18:08 - 2014-08-14 13:33 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-12-21 15:51 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-12-21 15:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-12-21 15:48 - 2014-11-17 21:47 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\uTorrent
2014-12-21 15:48 - 2014-11-16 20:17 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-21 15:48 - 2014-04-02 18:34 - 00000000 ____D () C:\WINDOWS\Panther
2014-12-21 14:37 - 2014-11-15 18:13 - 00002352 _____ () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-18 11:55 - 2014-08-14 22:50 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-18 11:55 - 2014-08-14 22:50 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-18 11:55 - 2014-03-18 10:53 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-18 11:53 - 2014-11-17 07:04 - 00002181 _____ () C:\Users\janeisklar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startmenü.lnk
2014-12-14 16:47 - 2014-11-15 18:47 - 00000000 ____D () C:\Users\janeisklar\AppData\Roaming\Riot Games
2014-12-08 15:14 - 2014-11-16 08:42 - 00000000 ____D () C:\mukke
2014-12-07 23:52 - 2014-11-16 13:22 - 00000000 ____D () C:\Program Files (x86)\EA Games

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-30 13:24

==================== End Of Log ============================
         
--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by janeisklar at 2015-01-02 21:06:21
Running from C:\Users\janeisklar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\uTorrent) (Version: 3.4.2.36044 - BitTorrent Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A0EE5DB1-8E1F-7BB2-6734-9CDC5E8DF0DD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
BEACON (HKLM-x32\...\{259BF8E7-28DB-461F-8D7F-7B6E267D2502}_is1) (Version: 1.4.0509.0 - Lenovo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
foobar2000 v1.3.5 (HKLM-x32\...\foobar2000) (Version: 1.3.5 - Peter Pawlowski)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.32.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Web Start (HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
NVIDIA PhysX v8.10.17 (HKLM-x32\...\{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}) (Version: 8.10.17 - NVIDIA Corporation)
Ozone Radon (HKLM-x32\...\{B50AB875-64A2-4D12-BB48-B15611B48CE0}) (Version: 1.0.0 - Ozone Gaming)
PSP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
Startmenü (HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\Pokki_Start_Menu) (Version: 0.269.5.339 - Pokki)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2855763909-2318779563-1536155455-1002_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\d3d10core.dll No File

==================== Restore Points  =========================

04-12-2014 07:50:08 Removed League of Legends
07-12-2014 23:43:08 Removed League of Legends
09-12-2014 16:36:04 Installed League of Legends
14-12-2014 10:12:30 Removed League of Legends
21-12-2014 13:54:31 Geplanter Prüfpunkt
28-12-2014 01:01:26 avast! antivirus system restore point
02-01-2015 11:23:41 Removed Java 8 Update 25

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1BF15E35-6C57-4143-A8D2-22256A26BFBD} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-11-21] ()
Task: {2DE04A1D-3348-4F5C-9C97-FF04EC86E86C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-18] (Lenovo)
Task: {464A35AC-CCE4-4586-8E62-E0FA3347F006} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {4DE59D33-0C16-4EED-89C4-A7DF60D88847} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2014-12-26] (Lenovo)
Task: {ACE739DD-9ED2-4603-8DD5-467E977FD591} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-02] (Adobe Systems Incorporated)
Task: {AED31EE3-96A9-4ABC-A62D-8AF5B95834E4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-28] (AVAST Software)
Task: {EE666853-5A11-4810-ADE1-C19E2AC22B91} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-10-31 23:27 - 2014-10-31 23:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-03-25 09:23 - 2014-03-25 09:23 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-11-07 03:23 - 2014-11-07 03:23 - 00289792 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2014-12-28 01:23 - 2014-12-28 01:23 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-28 01:23 - 2014-12-28 01:23 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-01-02 11:01 - 2015-01-02 11:01 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010200\algo.dll
2014-12-28 01:23 - 2014-12-28 01:23 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-02 20:35 - 2015-01-02 20:35 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010201\algo.dll
2014-12-28 01:23 - 2014-12-28 01:23 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-18 23:28 - 2014-01-04 01:20 - 34755072 _____ () C:\Users\janeisklar\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-11-07 03:21 - 2014-11-07 03:21 - 00193024 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2014-11-18 23:28 - 2014-01-04 01:20 - 00970240 _____ () C:\Users\janeisklar\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll
2014-11-27 14:42 - 2014-11-27 14:42 - 00879808 _____ () C:\Program Files (x86)\Comodo\Dragon\libglesv2.dll
2014-11-27 14:33 - 2014-11-27 14:33 - 00134848 _____ () C:\Program Files (x86)\Comodo\Dragon\libegl.dll
2014-11-27 14:34 - 2014-11-27 14:34 - 00956608 _____ () C:\Program Files (x86)\Comodo\Dragon\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: Lenovo System Agent Service => 2
MSCONFIG\Services: MpsSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "FamilySafetyGuide.lnk"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "LVT"
HKLM\...\StartupApproved\Run32: => "jmekey"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "jmesoft"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SPDriver"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "Ewqztion"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "SPDriver"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "Ovqkics"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "Eldltion"
HKU\S-1-5-21-2855763909-2318779563-1536155455-1002\...\StartupApproved\Run: => "YTDownloader"

========================= Accounts: ==========================

Administrator (S-1-5-21-2855763909-2318779563-1536155455-500 - Administrator - Disabled)
Gast (S-1-5-21-2855763909-2318779563-1536155455-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2855763909-2318779563-1536155455-1004 - Limited - Enabled)
janeisklar (S-1-5-21-2855763909-2318779563-1536155455-1002 - Administrator - Enabled) => C:\Users\janeisklar

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2015 08:13:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 11:23:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17037, Zeitstempel: 0x5312c26d
Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.17031, Zeitstempel: 0x53087867
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000175964
ID des fehlerhaften Prozesses: 0x1430
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (01/01/2015 11:07:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ts3client_win32.exe, Version 3.0.16.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1648

Startzeit: 01d0260eef43b53a

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe

Berichts-ID: 819139ce-9202-11e4-8298-448a5be186c0

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/30/2014 01:28:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 01:25:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 00:26:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 00:26:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 00:26:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 00:26:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 00:26:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (01/02/2015 08:35:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%2147944153

Error: (01/02/2015 08:35:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/02/2015 08:35:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (01/02/2015 08:34:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎02.‎01.‎2015 um 20:13:20 unerwartet heruntergefahren.

Error: (01/02/2015 02:31:25 PM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/02/2015 02:30:55 PM) (Source: DCOM) (EventID: 10010) (User: Pizzaplanet)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/02/2015 11:33:40 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%2147944153

Error: (01/02/2015 11:01:07 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%2147944153

Error: (01/01/2015 10:46:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%2147944153

Error: (12/31/2014 11:06:45 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%2147944153


Microsoft Office Sessions:
=========================
Error: (01/02/2015 08:13:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\janeisklar\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 11:23:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.170375312c26dcombase.dll6.3.9600.1703153087867c00000050000000000175964143001d02675f2dd4d4cC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\combase.dll5f07f203-9269-11e4-8299-448a5be186c0

Error: (01/01/2015 11:07:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ts3client_win32.exe3.0.16.0164801d0260eef43b53a4294967295C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe819139ce-9202-11e4-8298-448a5be186c0

Error: (12/30/2014 01:28:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/30/2014 01:25:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/30/2014 00:26:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\janeisklar\Downloads\esetsmartinstaller_deu.exe

Error: (12/30/2014 00:26:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\janeisklar\Downloads\esetsmartinstaller_deu.exe

Error: (12/30/2014 00:26:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\janeisklar\Downloads\esetsmartinstaller_deu.exe

Error: (12/30/2014 00:26:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\janeisklar\Downloads\esetsmartinstaller_deu.exe

Error: (12/30/2014 00:26:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\janeisklar\Downloads\esetsmartinstaller_deu.exe


==================== Memory info =========================== 

Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics 
Percentage of memory in use: 44%
Total physical RAM: 3518.09 MB
Available physical RAM: 1955.58 MB
Total Pagefile: 4606.09 MB
Available Pagefile: 2390.59 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:313.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 880B7167)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Die Fehlermeldungen beim Start sind endlich verschwunden, die Win Firewall will immer noch nicht.

Alt 03.01.2015, 11:38   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8 - Versuchte Registryänderung - Standard

Win 8 - Versuchte Registryänderung



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:60267;https=127.0.0.1:60267
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





  • Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
  • Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
  • Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
  • Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
  • Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
  • Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.01.2015, 18:54   #9
Naxus
 
Win 8 - Versuchte Registryänderung - Standard

Win 8 - Versuchte Registryänderung



Hier der Fixlog:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by janeisklar at 2015-01-03 14:36:19 Run:2
Running from C:\Users\janeisklar\Desktop
Loaded Profile: janeisklar (Available profiles: janeisklar & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:60267;https=127.0.0.1:60267
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

==== End of Fixlog 14:36:19 ====
         
Firewall funktioniert wieder. Sollten die Logs nicht noch was Zeigen hab ich nichts mehr zu beanstanden, vielen Dank.

Alt 04.01.2015, 20:05   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8 - Versuchte Registryänderung - Standard

Win 8 - Versuchte Registryänderung



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.01.2015, 18:21   #11
Naxus
 
Win 8 - Versuchte Registryänderung - Standard

Win 8 - Versuchte Registryänderung



Da ich die letzten Tage keine Probleme mehr hatte scheint alles erledigt zu sein.
Vielen vielen dank für die Hilfe.

Alt 09.01.2015, 19:52   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8 - Versuchte Registryänderung - Standard

Win 8 - Versuchte Registryänderung



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win 8 - Versuchte Registryänderung
cyberghost, fehlercode 22, flash player, internet explorer, js:scriptip-inf, programme im hintergrund, pup.optional.crossrider.a, pup.optional.geforce.a, pup.optional.hqvideo.a, pup.optional.sense.a, pup.optional.shopperpro, pup.optional.shoppinghelper.a, pup.optional.smartbar, pup.optional.snapdo.a, pup.optional.snapdo.t, pup.optional.websearch.a, safer networking, spyhunter, spyhunter entfernen, svchost.exe, this device is disabled. (code 22), trojan.agent.ed, trojan.fakems.ed, trojan.ransom.ed, win32/downloadsponsor.c, win32/filecoder.ea.gen, win32/kryptik.cugy, win32/toolbar.crossrider.bm, ytdownloader




Zum Thema Win 8 - Versuchte Registryänderung - Ok, habe seid einigen Tagen massive Virenprobleme (gehabt), auf meinem Mainacc haben sich immer mehr Programme im Hintergrund geöffnet, danach hat Avast im Sekundentakt Schadsoftware geblockt, und ein paar Stunden - Win 8 - Versuchte Registryänderung...
Archiv
Du betrachtest: Win 8 - Versuchte Registryänderung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.