Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Pc voll mit Malware (https://www.trojaner-board.de/162004-pc-voll-malware.html)

Crounty 19.12.2014 16:37
Pc voll mit Malware
 
Hallo Leute,
hab einen Pc voll mit Malware gefunden, brauche deswegen eure Hilfe damit dieser wieder läuft.


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Pk (administrator) on OUAILS-PC on 19-12-2014 16:30:53
Running from C:\Users\Pk\Downloads
Loaded Profile: Pk (Available profiles: Pk & ouali_000)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\PC Speed Up\PCSUService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\LPT\srpts.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Object Browser) C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6.exe
() C:\Program Files (x86)\LPT\srptsl.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\Pk\AppData\Local\Smartbar\Application\Lrcnta.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-10-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-11-17] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90368 2014-11-20] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [403568 2014-04-14] (CyberGhost S.R.L.)
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Pk\AppData\Local\Smartbar\Application\Smartbar.exe [28192 2014-11-19] (Smartbar)
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader)
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [300840 2014-08-08] ()
AppInit_DLLs: C:\Users\Pk\AppData\Local\Smartbar\Application\Resources\crdlil64.dll => C:\Users\Pk\AppData\Local\Smartbar\Application\Resources\crdlil64.dll [71680 2014-12-03] ()
AppInit_DLLs-x32: C:\Users\Pk\AppData\Local\Smartbar\Application\Resources\crdlil.dll => C:\Users\Pk\AppData\Local\Smartbar\Application\Resources\crdlil.dll [60416 2014-12-03] ()
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2902429972-443509965-4274997157-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2902429972-443509965-4274997157-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2902429972-443509965-4274997157-1001] => http=127.0.0.1:49763;https=127.0.0.1:49763
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kTAeo-yisldtUXwYZM4gk781H07MAE8GscmBuBf3AobnTPL3xS6USzQr3hdsNA,
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2902429972-443509965-4274997157-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2902429972-443509965-4274997157-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}
BHO: Ge-Force -> {11111111-1111-1111-1111-110611191111} -> C:\Program Files (x86)\Ge-Force\Ge-Force-bho64.dll No File
BHO: Sense -> {11111111-1111-1111-1111-110611811153} -> C:\Program Files (x86)\Sense\Sense-bho64.dll (Object Browser)
BHO: No Name -> {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} ->  No File
BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Sense -> {11111111-1111-1111-1111-110611811153} -> C:\Program Files (x86)\Sense\Sense-bho.dll (Object Browser)
BHO-x32: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Caramava -> {f0913486-1b23-46b2-a8ad-dbfc98421f73} -> C:\Program Files (x86)\Caramava\Caramavabho.dll (Caramava)
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2902429972-443509965-4274997157-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MB3038653-7474-418E-BF69-1EF568F15448&SearchSource=55&CUI=&UM=5&UP=SP59E9C460-1DD9-413E-AB72-B1C5C5FEBACB&SSPV=
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://www.sweet-page.com/?type=hp&ts=1402321604&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402323183&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402324645&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402328681&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402331885&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402338859&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402339144&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402354800&from=cor&uid=ST9500325AS_6VEF8HFW"
CHR Profile: C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Google Drive) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Battlefield Heroes) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-05-24]
CHR Extension: (Google-Suche) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (deoodoglhbmpafkajmlggnjnngdclnie) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoodoglhbmpafkajmlggnjnngdclnie [2014-12-09]
CHR Extension: (Sense) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdiimmpmdoofmahingpgabiikimjgcia [2014-12-10]
CHR Extension: (V-bates) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip [2014-04-23]
CHR Extension: (Google Wallet) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Google Mail) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-17] (Acer Incorporated)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-14] (CyberGhost S.R.L)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-10-02] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-09-20] (WildTangent)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-03] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-03] (globalUpdate) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-11-14] (LogMeIn, Inc.)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32800 2014-11-19] () <==== ATTENTION
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [430888 2014-08-08] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-25] ()
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-01] (LogMeIn Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2014-08-25] (YTDownloader)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
R4 SPDRIVER_1.38.0.1425; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1425\jsdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-19 16:30 - 2014-12-19 16:32 - 00023792 _____ () C:\Users\Pk\Downloads\FRST.txt
2014-12-19 16:30 - 2014-12-19 16:31 - 00000000 ___DC () C:\FRST
2014-12-19 16:18 - 2014-12-19 16:18 - 02121216 _____ (Farbar) C:\Users\Pk\Downloads\FRST64.exe
2014-12-19 16:17 - 2014-12-19 16:17 - 00001284 _____ () C:\Users\Pk\Desktop\Revo Uninstaller.lnk
2014-12-19 16:17 - 2014-12-19 16:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-16 16:15 - 2014-12-16 16:15 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
2014-12-14 11:23 - 2014-12-14 11:38 - 00000459 _____ () C:\Users\Pk\.swfinfo
2014-12-10 19:32 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 19:32 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 19:31 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 19:31 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 19:31 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 19:31 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 18:12 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 18:12 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 18:12 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 18:12 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 18:12 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 18:12 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 18:12 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 18:12 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 18:12 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 18:12 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 18:12 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-10 18:11 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 18:11 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 18:11 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 18:11 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 18:11 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 18:11 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 18:11 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 18:11 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 18:11 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 18:11 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 18:11 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 18:11 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 18:11 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 18:11 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 18:11 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 18:11 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 18:11 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 18:11 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 18:11 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 18:11 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 18:11 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 18:11 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 18:11 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 18:11 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 18:11 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 18:11 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 18:11 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 18:11 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 18:11 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 18:11 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 18:11 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-06 12:51 - 2014-12-06 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-06 12:49 - 2014-12-06 12:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-06 12:49 - 2014-12-06 12:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-06 11:59 - 2014-12-06 11:59 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\.technic
2014-12-03 15:32 - 2014-12-19 15:39 - 00003416 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-1.job
2014-12-03 15:32 - 2014-12-19 15:39 - 00002778 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5_user.job
2014-12-03 15:32 - 2014-12-19 15:39 - 00002778 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5.job
2014-12-03 15:32 - 2014-12-19 15:39 - 00002772 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5_user.job
2014-12-03 15:32 - 2014-12-19 15:39 - 00002772 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5.job
2014-12-03 15:32 - 2014-12-19 15:39 - 00002434 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-2.job
2014-12-03 15:32 - 2014-12-19 15:39 - 00002428 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2.job
2014-12-03 15:32 - 2014-12-03 15:32 - 01363424 _____ (Object Browser) C:\Users\Pk\AppData\Roaming\UQ.exe
2014-12-03 15:32 - 2014-12-03 15:32 - 00006420 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-1
2014-12-03 15:32 - 2014-12-03 15:32 - 00005782 _____ () C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5
2014-12-03 15:32 - 2014-12-03 15:32 - 00005776 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5
2014-12-03 15:32 - 2014-12-03 15:32 - 00005438 _____ () C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-2
2014-12-03 15:32 - 2014-12-03 15:32 - 00005432 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2
2014-12-03 15:31 - 2014-12-19 16:31 - 00005850 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-6.job
2014-12-03 15:31 - 2014-12-19 16:31 - 00005844 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00005844 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00005508 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-11.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00005506 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-7.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00005502 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00004482 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-4.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00004476 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00003796 _____ () C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00003772 _____ () C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-1.job
2014-12-03 15:31 - 2014-12-19 15:39 - 00000918 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-12-03 15:31 - 2014-12-16 15:36 - 00000922 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-12-03 15:31 - 2014-12-03 15:31 - 02002912 _____ (Object Browser) C:\Users\Pk\AppData\Roaming\WEFLS.exe
2014-12-03 15:31 - 2014-12-03 15:31 - 00008854 _____ () C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-6
2014-12-03 15:31 - 2014-12-03 15:31 - 00008848 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7
2014-12-03 15:31 - 2014-12-03 15:31 - 00008848 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6
2014-12-03 15:31 - 2014-12-03 15:31 - 00008512 _____ () C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-11
2014-12-03 15:31 - 2014-12-03 15:31 - 00008510 _____ () C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-7
2014-12-03 15:31 - 2014-12-03 15:31 - 00008506 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11
2014-12-03 15:31 - 2014-12-03 15:31 - 00007486 _____ () C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-4
2014-12-03 15:31 - 2014-12-03 15:31 - 00007480 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4
2014-12-03 15:31 - 2014-12-03 15:31 - 00006800 _____ () C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3
2014-12-03 15:31 - 2014-12-03 15:31 - 00006776 _____ () C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-1
2014-12-03 15:31 - 2014-12-03 15:31 - 00003894 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-12-03 15:31 - 2014-12-03 15:31 - 00003658 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-12-03 15:31 - 2014-12-03 15:31 - 00000000 ____D () C:\Program Files (x86)\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8
2014-12-03 15:31 - 2014-12-03 15:31 - 00000000 ____D () C:\Program Files (x86)\3a61f36b-5e00-4615-847d-0d7a34dfcb15
2014-12-03 15:30 - 2014-12-19 16:18 - 00000354 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2014-12-03 15:30 - 2014-12-19 15:43 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-12-03 15:30 - 2014-12-03 15:32 - 00000000 ____D () C:\Program Files (x86)\Sense
2014-12-03 15:30 - 2014-12-03 15:30 - 00002716 _____ () C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator
2014-12-03 15:30 - 2014-12-03 15:30 - 00001064 _____ () C:\Users\Pk\Desktop\PC Speed Up.lnk
2014-12-03 15:30 - 2014-12-03 15:30 - 00000000 ____D () C:\Users\Pk\Documents\PCSpeedUp
2014-12-03 15:30 - 2014-12-03 15:30 - 00000000 ____D () C:\Users\Pk\AppData\Local\globalUpdate
2014-12-03 15:30 - 2014-12-03 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
2014-12-03 15:30 - 2014-12-03 15:30 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-03 15:28 - 2014-12-03 15:28 - 00003718 _____ () C:\Windows\System32\Tasks\SMupdate1
2014-12-03 15:28 - 2014-12-03 15:28 - 00003578 _____ () C:\Windows\System32\Tasks\YTDownloader
2014-12-03 15:28 - 2014-12-03 15:28 - 00003568 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-12-03 15:28 - 2014-12-03 15:28 - 00001965 _____ () C:\Users\Pk\Desktop\YTDownloader.lnk
2014-12-03 15:28 - 2014-12-03 15:28 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-12-03 15:28 - 2014-12-03 15:28 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-12-03 15:28 - 2014-12-03 15:28 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2014-12-03 15:27 - 2014-12-03 15:27 - 00000000 ____D () C:\Users\Pk\AppData\Local\CrashRpt
2014-12-03 15:26 - 2014-12-03 15:26 - 00004320 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-12-03 15:26 - 2014-12-03 15:26 - 00003534 _____ () C:\Windows\System32\Tasks\RocketTab
2014-12-03 15:26 - 2014-12-03 15:26 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-12-03 15:26 - 2014-12-03 15:26 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-12-03 15:24 - 2014-12-03 15:25 - 00000000 ____D () C:\Users\Pk\AppData\Local\LPT
2014-12-03 15:24 - 2014-12-03 15:24 - 00000000 ____D () C:\Users\Pk\AppData\Local\Smartbar
2014-12-02 22:23 - 2014-12-02 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-02 22:22 - 2014-12-02 22:23 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-01 15:51 - 2014-12-01 15:51 - 00045112 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-11-24 09:46 - 2014-11-24 09:46 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
2014-11-19 13:32 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 13:32 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 13:32 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 13:32 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 14:36 - 2013-12-19 22:21 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2013-12-19 22:21 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2014-12-19 16:33 - 2014-03-19 18:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-19 16:32 - 2014-03-19 18:19 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2902429972-443509965-4274997157-1001
2014-12-19 16:29 - 2014-10-07 20:18 - 02011733 _____ () C:\Windows\WindowsUpdate.log
2014-12-19 16:28 - 2014-04-22 19:28 - 00000296 _____ () C:\Windows\Tasks\FF Watcher {B2AB07AB-FEC9-4CBA-87F4-2F55FF6D8165}.job
2014-12-19 16:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-19 16:28 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\ProgramData\Acer
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-12-19 16:27 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-19 16:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-12-19 16:23 - 2014-06-21 18:06 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21.job
2014-12-19 16:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-19 15:53 - 2014-03-23 18:24 - 00000000 ____D () C:\Users\Pk\AppData\Local\CrashDumps
2014-12-19 15:52 - 2014-03-19 18:09 - 00000000 ____D () C:\Users\Pk\AppData\Local\Pokki
2014-12-19 15:51 - 2014-05-13 18:22 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\uTorrent
2014-12-19 15:45 - 2014-03-27 18:09 - 00000000 ___DO () C:\Users\Pk\SkyDrive
2014-12-19 15:44 - 2013-12-20 06:42 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-19 15:44 - 2013-12-20 06:42 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-19 15:44 - 2013-11-27 10:55 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-19 15:40 - 2014-10-20 16:32 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\.minecraft
2014-12-19 15:40 - 2014-03-20 19:50 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 15:39 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 16:08 - 2014-08-13 16:00 - 00000000 ____D () C:\Users\Pk\AppData\Local\LogMeIn Hamachi
2014-12-16 16:13 - 2014-03-19 18:12 - 00000000 ____D () C:\Users\Pk\AppData\Local\clear.fi
2014-12-14 11:23 - 2014-03-19 18:09 - 00000000 ____D () C:\Users\Pk
2014-12-12 11:25 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 19:14 - 2014-03-22 19:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 19:05 - 2014-03-22 19:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 18:33 - 2014-03-19 18:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-03 15:31 - 2014-05-11 17:26 - 00000000 ____D () C:\Program Files (x86)\AMX Mod X
2014-12-03 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-26 22:10 - 2014-11-14 22:54 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-11-14 22:54 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-21 07:14 - 2013-11-27 10:40 - 00000000 ___HD () C:\OEM

Files to move or delete:
====================
C:\Users\Pk\jagex_cl_runescape_LIVE.dat
C:\Users\Pk\random.dat


Some content of TEMP:
====================
C:\Users\Pk\AppData\Local\Temp\h_keixo5.dll
C:\Users\Pk\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\Pk\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Pk\AppData\Local\Temp\System.Data.SQLitef8540cf9-92f7-4c52-9842-74687b7729a5.dll
C:\Users\Pk\AppData\Local\Temp\tu17p84.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 21:02

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Pk at 2014-12-19 16:33:42
Running from C:\Users\Pk\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2001.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2013.0 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.03.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Air Control Simulator (x32 Version: 3.0.2.59 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMX Mod X Installer 1.8.2 (HKLM-x32\...\AMX Mod X Installer) (Version: 1.8.2 - AMX Mod X Dev Team)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.03.2001.0 - Acer Incorporated)
AssaultCube v1.2.0.2 (HKLM-x32\...\AssaultCube) (Version: 1.2.0.2 - )
Battlefield Heroes (Pk) (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Caramava (HKLM\...\Caramava) (Version: 2014.04.18.223704 - Caramava) <==== ATTENTION!
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Elsword (HKLM-x32\...\Elsword_de_is1) (Version:  - )
ETDWare PS/2-X64 11.6.28.201_WHQL (HKLM\...\Elantech) (Version: 11.6.28.201 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GameTracker Lite (HKLM-x32\...\GameTracker Lite) (Version:  - ClanServers Hosting LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3349 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.279 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.279 - LogMeIn, Inc.) Hidden
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
MinecraftAlpha (HKLM-x32\...\MinecraftAlpha) (Version:  - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MTA:SA v1.3.5 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OPERATION7 (HKLM-x32\...\OPERATION7) (Version:  - )
PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.6.6.0 - Speedchecker Limited) <==== ATTENTION
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Pokki) (Version: 0.266.1.172 - Pokki) <==== ATTENTION!
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27041 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RocketTab (HKLM-x32\...\RocketTab) (Version:  - RocketTab) <==== ATTENTION!
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.0.260 - Client Connect LTD) <==== ATTENTION
Sense (HKLM-x32\...\Sense) (Version: 1.35.11.26 - Object Browser) <==== ATTENTION
Shopping Helper Smartbar (HKLM-x32\...\{DD4CA175-B85B-434A-8A3B-7E04CDD1741F}) (Version: 11.126.63.20709 - ReSoft Ltd.) <==== ATTENTION
Shopping Helper Smartbar Engine (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\{c67f3378-9788-4884-8ea0-03dbbdc440ef}) (Version: 11.126.63.20709 - ReSoft Ltd.) <==== ATTENTION
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Spielkanäle (x32 Version: 9.2.0.11 - WildTangent, Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Ultimate Naruto (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Pokki_6dd6415c7ca59a3afaff86950eac7bceb240f3f1) (Version: 1.0.1.55415 - Pokki)
Unity Web Player (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
Wizard101(DE) (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Wizard101(DE)_is1) (Version:  - Gameforge 4D GmbH)
YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader) <==== ATTENTION!

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-10-2014 10:11:02 Windows Update
19-10-2014 18:50:34 Windows Update
14-11-2014 14:45:02 Windows Modules Installer
19-11-2014 16:38:15 Windows Update
27-11-2014 18:26:00 Windows Update
06-12-2014 12:47:12 Windows Update
11-12-2014 19:00:42 Windows Update
19-12-2014 16:21:30 Revo Uninstaller's restore point - abDocs

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03AA69E7-60BC-417E-940F-40468EE2C8FA} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2014-08-25] (YTDownloader) <==== ATTENTION
Task: {14FA1028-9F98-4956-946D-4B13E30B19BE} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {1F7C0A08-85F8-45B8-B900-26F0E7DF6C9D} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-11-19] (Acer)
Task: {2BEADDA2-8973-4583-8A41-E2F57BEC150E} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6 => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {2F950441-C496-43B9-A51A-D42CC33CB522} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {31FF8399-464D-4F8E-9314-FF1D80C8C903} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11 => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {32257870-A173-4068-A461-6E35A2CC695D} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5_user => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {3416F7D6-66CB-4824-B085-073F95DE385D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {368D6236-321B-4AC2-B348-8796C857C2C2} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5 => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-5.exe <==== ATTENTION
Task: {4BCFC6B6-D5B1-4476-956E-942E0CAC718A} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2014-08-08] () <==== ATTENTION
Task: {57DAD70C-B499-49E1-942C-F232B8C7D0D5} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {59B4F9A5-81FA-4E32-8831-5E56E223D3B2} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {5A568646-CF36-46A2-8F3A-E7DFCF893D05} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {5ED6B805-0097-40DB-AB19-7023F4E02AC3} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-4 => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-4.exe <==== ATTENTION
Task: {5F4790CD-49CE-41A8-AECB-53198541A8BE} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-2 => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-2.exe <==== ATTENTION
Task: {651690BE-2E60-4F34-A09F-E81B2189388D} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-1 => C:\Program Files (x86)\Ge-Force\Ge-Force-codedownloader.exe <==== ATTENTION
Task: {713953D2-06B9-413F-A48E-9BA158555536} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7 => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {761446A4-0F14-4DC4-96CF-08FB7B999D5E} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2 => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {876BC0C0-A1A0-4A86-AB3B-347F1C029029} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-1 => C:\Program Files (x86)\Sense\Sense-codedownloader.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {89991028-D088-4F27-9195-15EB8658E4E3} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-7 => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-7.exe <==== ATTENTION
Task: {92D9011F-99FA-4B50-9578-247E9D4ECA7E} - System32\Tasks\FF Watcher {B2AB07AB-FEC9-4CBA-87F4-2F55FF6D8165} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: {991AD5E5-DFB6-48E0-83AF-1AE8142A87A2} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {A229167D-9C35-4545-AF3E-FE0BB1CFC224} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4 => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {A573131A-9906-4248-A9AE-6B1A4A8813D5} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2014-08-25] (Goobzo) <==== ATTENTION
Task: {AAB21B27-A0E0-491B-A015-173E960F4884} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-12-03] () <==== ATTENTION
Task: {AB7C8488-2452-423D-AF3A-FEB988CE38B8} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated)
Task: {B32DAFAB-564B-43C1-8F47-460696108ACA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {BB10A4CD-5ADB-4737-AD50-CFDD782EB4B8} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5_user => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-5.exe <==== ATTENTION
Task: {CB3CA836-7BCF-4D29-B667-68D82873A013} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3 => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {CDEC366F-05C1-4BA5-873E-36A4EECA4EAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {D5A8973B-2E07-4A3D-B8E2-40979811DF1B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {E3F71571-747F-4BFE-A045-EADC33BFB6BF} - System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5 => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5.exe [2014-12-03] (Object Browser) <==== ATTENTION
Task: {E8EABC65-13D0-49EE-9429-D489742A1066} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-03] (globalUpdate) <==== ATTENTION
Task: {EF16EDD9-5973-4020-90F4-1BCEFC4E1198} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
Task: {EFBF6778-C5DB-47CC-91BA-40249952974B} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-03] (globalUpdate) <==== ATTENTION
Task: {F02E1173-F1F4-4D95-8274-BFBAC23B21CA} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2902429972-443509965-4274997157-1001
Task: {F87573BC-CECB-4475-8F62-99A521859FD0} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-6 => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-6.exe <==== ATTENTION
Task: {FE862EEC-F3FB-4D81-B359-1881263C482D} - System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-11 => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-1.job => C:\Program Files (x86)\Ge-Force\Ge-Force-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-11.job => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-2.job => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-4.job => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5.job => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5_user.job => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-6.job => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-7.job => C:\Program Files (x86)\Ge-Force\111dad0a-f07a-4197-9153-9d7ba0082052-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-1.job => C:\Program Files (x86)\Sense\Sense-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5_user.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7.job => C:\Program Files (x86)\Sense\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FF Watcher {B2AB07AB-FEC9-4CBA-87F4-2F55FF6D8165}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-12-03 15:30 - 2014-08-08 13:43 - 00430888 _____ () C:\Program Files (x86)\PC Speed Up\PCSUService.exe
2014-11-19 15:20 - 2014-11-19 15:20 - 00032800 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-05-24 21:03 - 2014-05-25 13:06 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-19 22:46 - 2013-07-30 18:11 - 00110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-11-19 15:20 - 2014-11-19 15:20 - 00034848 _____ () C:\Program Files (x86)\LPT\srptsl.exe
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-12-03 15:26 - 2014-12-03 15:26 - 05812224 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2014-11-19 15:18 - 2014-11-19 15:18 - 00023584 _____ () C:\Users\Pk\AppData\Local\Smartbar\Application\Lrcnta.exe
2014-12-03 15:30 - 2014-08-08 13:43 - 00585600 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll
2014-11-19 15:20 - 2014-11-19 15:20 - 00042528 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-11-19 15:19 - 2014-11-19 15:19 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-11-19 15:20 - 2014-11-19 15:20 - 00070688 _____ () C:\Program Files (x86)\LPT\srut.dll
2014-11-21 07:16 - 2014-11-21 07:16 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2014-11-17 10:57 - 2014-11-17 10:57 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-09-16 09:15 - 2014-09-16 09:15 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2014-11-17 10:53 - 2014-11-17 10:53 - 00279296 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-11-19 15:20 - 2014-11-19 15:20 - 00070688 _____ () C:\Users\Pk\AppData\Local\Smartbar\Application\srut.dll
2014-11-19 15:18 - 2014-11-19 15:18 - 00033312 _____ () C:\Users\Pk\AppData\Local\Smartbar\Application\lrcnt.dll
2014-11-19 15:20 - 2014-11-19 15:20 - 00067616 _____ () C:\Users\Pk\AppData\Local\Smartbar\Application\sppsm.dll
2014-11-19 15:19 - 2014-11-19 15:19 - 00027168 _____ () C:\Users\Pk\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-11-19 15:19 - 2014-11-19 15:19 - 00165920 _____ () C:\Users\Pk\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-12-03 15:31 - 2014-12-03 15:31 - 00135136 _____ () C:\Program Files (x86)\Sense\60b17b6c-638c-45c8-9f8b-a1284ee1f328.dll
2013-12-19 22:46 - 2013-07-30 18:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\ouali_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Pk\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Pk\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\Pk\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Pk\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\Pk\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Pk\AppData\Roaming:NT2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\StartupApproved\Run: => "CyberGhost"

========================= Accounts: ==========================

Administrator (S-1-5-21-2902429972-443509965-4274997157-500 - Administrator - Disabled)
Gast (S-1-5-21-2902429972-443509965-4274997157-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2902429972-443509965-4274997157-1007 - Limited - Enabled)
ouali_000 (S-1-5-21-2902429972-443509965-4274997157-1002 - Limited - Enabled) => C:\Users\ouali_000
Pk (S-1-5-21-2902429972-443509965-4274997157-1001 - Administrator - Enabled) => C:\Users\Pk

==================== Faulty Device Manager Devices =============

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2014 03:53:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.6, Zeitstempel: 0x546963f7
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b1d
ID des fehlerhaften Prozesses: 0x154c
Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0
Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1
Pfad des fehlerhaften Moduls: BackgroundAgent.exe2
Berichtskennung: BackgroundAgent.exe3
Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5

Error: (12/19/2014 03:50:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm CCleaner64.exe, Version 4.13.0.4693 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b24

Startzeit: 01d01b9acc55c20f

Endzeit: 5

Anwendungspfad: C:\Program Files\CCleaner\CCleaner64.exe

Berichts-ID: 5ad445c4-878e-11e4-83b0-201a06cb959b

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/19/2014 03:50:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm CCleaner64.exe, Version 4.13.0.4693 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 90c

Startzeit: 01d01b9acc56d3d8

Endzeit: 6

Anwendungspfad: C:\Program Files\CCleaner\CCleaner64.exe

Berichts-ID: 55f48bb3-878e-11e4-83b0-201a06cb959b

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/19/2014 03:49:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm QuickAccess.exe, Version 1.0.3000.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1518

Startzeit: 01d01b99cc2b6b9a

Endzeit: 160

Anwendungspfad: C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe

Berichts-ID: 45e2ff68-878e-11e4-83b0-201a06cb959b

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/19/2014 03:47:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 39.0.2171.95 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1af4

Startzeit: 01d01b9a6a041284

Endzeit: 8

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: d14837e6-878d-11e4-83b0-201a06cb959b

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/19/2014 03:43:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (12/19/2014 03:43:51 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (12/19/2014 03:43:51 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (12/19/2014 03:43:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

Error: (12/19/2014 03:43:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4


System errors:
=============
Error: (12/19/2014 03:39:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (12/19/2014 03:39:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (12/19/2014 03:38:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎18.‎12.‎2014 um 20:47:48 unerwartet heruntergefahren.

Error: (12/18/2014 04:07:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LPT System Updater Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (12/18/2014 04:07:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LPT System Updater Service erreicht.

Error: (12/18/2014 04:06:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎17.‎12.‎2014 um 21:20:54 unerwartet heruntergefahren.

Error: (12/15/2014 03:51:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (12/15/2014 03:51:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (12/15/2014 03:51:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LPT System Updater Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (12/15/2014 03:51:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LPT System Updater Service erreicht.


Microsoft Office Sessions:
=========================
Error: (12/19/2014 03:53:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.6546963f7MSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d154c01d01b99be746da7C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dllca1af314-878e-11e4-83b0-201a06cb959b

Error: (12/19/2014 03:50:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CCleaner64.exe4.13.0.46931b2401d01b9acc55c20f5C:\Program Files\CCleaner\CCleaner64.exe5ad445c4-878e-11e4-83b0-201a06cb959b

Error: (12/19/2014 03:50:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CCleaner64.exe4.13.0.469390c01d01b9acc56d3d86C:\Program Files\CCleaner\CCleaner64.exe55f48bb3-878e-11e4-83b0-201a06cb959b

Error: (12/19/2014 03:49:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: QuickAccess.exe1.0.3000.0151801d01b99cc2b6b9a160C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe45e2ff68-878e-11e4-83b0-201a06cb959b

Error: (12/19/2014 03:47:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.951af401d01b9a6a0412848C:\Program Files (x86)\Google\Chrome\Application\chrome.exed14837e6-878d-11e4-83b0-201a06cb959b

Error: (12/19/2014 03:43:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (12/19/2014 03:43:51 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (12/19/2014 03:43:51 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (12/19/2014 03:43:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

Error: (12/19/2014 03:43:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4


CodeIntegrity Errors:
===================================
  Date: 2014-12-08 21:36:08.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:36:07.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:36:06.978
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:35:34.466
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:35:33.682
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:02.863
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:02.289
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:01.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:10:59.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:10:57.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz
Percentage of memory in use: 52%
Total physical RAM: 3979.34 MB
Available physical RAM: 1899.99 MB
Total Pagefile: 8331.34 MB
Available Pagefile: 6189.91 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.19 GB) (Free:350.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 811F8FD7)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber 19.12.2014 18:24
hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Caramava

    LPT System Updater Service

    PC Speed Up

    Pokki

    RocketTab

    Search Protect

    Sense

    Shopping Helper Smartbar

    Shopping Helper Smartbar Engine (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\{c67f3378-9788-4884-8ea0-03dbbdc440ef}) (Version: 11.126.63.20709 - ReSoft Ltd.) <==== ATTENTION

    YTDownloader


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Crounty 20.12.2014 15:59
Revo fand alles bis auf Caramava, LPT Sstem Updater Service und PC Speed Up, weshalb ich diese nicht deinstallieren konnte.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 20.12.2014
Suchlauf-Zeit: 14:28:18
Logdatei:
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.20.01
Rootkit Datenbank: v2014.12.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Pk

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 362008
Verstrichene Zeit: 30 Min, 7 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 57
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [fa1781e4ccb0102659e156b7ac578779],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [fa1781e4ccb0102659e156b7ac578779],
PUP.Optional.Caramava.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{f0913486-1b23-46b2-a8ad-dbfc98421f73}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73],
PUP.Optional.Caramava.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{BC97FB79-D445-4222-83E2-4D6638804806}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73],
PUP.Optional.Caramava.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F75432CE-D1E0-42B0-BC6F-1DD84781CFCA}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73],
PUP.Optional.Caramava.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F75432CE-D1E0-42B0-BC6F-1DD84781CFCA}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73],
PUP.Optional.Caramava.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{BC97FB79-D445-4222-83E2-4D6638804806}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73],
PUP.Optional.Caramava.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F0913486-1B23-46B2-A8AD-DBFC98421F73}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73],
PUP.Optional.Caramava.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F0913486-1B23-46B2-A8AD-DBFC98421F73}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73],
PUP.Optional.Caramava.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F0913486-1B23-46B2-A8AD-DBFC98421F73}, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [967bb1b4ed8f092d5d4140d030d31fe1],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [967bb1b4ed8f092d5d4140d030d31fe1],
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [020f8dd8b5c70d291d8c6079a55d60a0],
PUP.Optional.Caramava.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Caramava, In Quarantäne, [040dafb60e6e1e18b41d523c3cc79967],
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, In Quarantäne, [59b8630235470a2ccdfd2e28996adc24],
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\V-bates, In Quarantäne, [c8492c3964180b2b1a9536631ee51ee2],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\20891, In Quarantäne, [d63b4d18b9c342f47376c2c93ec58a76],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21836, In Quarantäne, [1cf5cb9a6c10d3639f4ad1ba05fe2cd4],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [ed2488dd5a22bd79300cc30fa95bda26],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [d63b67fe58241e1893a8c111996b21df],
PUP.Optional.Caramava.A, HKLM\SOFTWARE\WOW6432NODE\Caramava, In Quarantäne, [bd54d29389f304326073078752b1bc44],
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\WOW6432NODE\Speedchecker Limited, In Quarantäne, [59b82b3ae39910265b6f183eab58b44c],
PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\WOW6432NODE\V-bates, In Quarantäne, [69a8f17492ead85eb8f70d8c19ea37c9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [47ca83e25725300614082a4720e38a76],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\20891, In Quarantäne, [41d05411b7c5e94de7021873b15201ff],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21836, In Quarantäne, [cc456ef7ccb011256386cac1867d09f7],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, In Quarantäne, [f81970f59fdd0f278889f0e109fbc838],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, In Quarantäne, [b75ae481710bb680e230d7fa05ffac54],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, In Quarantäne, [6ba6a8bd720a3cfa8a57c4ae7a8933cd],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [759c6cf9aad2c175da5bfb78fd067e82],
PUP.Optional.GeForce.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, In Quarantäne, [937ec0a5ed8f63d3d73c22ad877d847c],
PUP.Optional.Caramava.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Caramava, In Quarantäne, [5db4164f4d2f47efe2f092fc0ef5cf31],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [3ed387de8defbe78cf8ea22053b120e0],
PUP.Optional.GeForce.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, In Quarantäne, [50c1a9bcd5a78da94bc8547bf410a858],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\20891, In Quarantäne, [e42d461f9ddf48ee42b4501481825da3],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21836, In Quarantäne, [63ae194c6c10f640d62014500df65ba5],
PUP.Optional.iWebar.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\iWebar, In Quarantäne, [b25fa5c02e4e999dbe341183f40f23dd],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Object Browser, In Quarantäne, [749d99cc2953d066b08daf1458ac6799],
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, In Quarantäne, [68a92441f7859d991064f5da32d211ef],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [9d746500cfad56e06a62c0f321e323dd],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [15fc34312d4fa98d42f21360ce3529d7],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, In Quarantäne, [2ae75c091666a591caa5205c60a56b95],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, In Quarantäne, [2ae75c091666a591caa5205c60a56b95],

Registrierungswerte: 9
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [020f8dd8b5c70d291d8c6079a55d60a0]
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [020f8dd8b5c70d291d8c6079a55d60a0]
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [45cc4b1a4834ec4a7039954448ba51af],
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [45cc9fc6710bcd69f0b9637611f10000],
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [40d13233cab2e650ee941e4946bdc63a]
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [47ca83e25725300614082a4720e38a76]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [28e96df81d5fb77f8002a4c310f331cf]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [88891451b8c4d66077a6afc2d42f827e]
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, ShoppingHelper, In Quarantäne, [68a92441f7859d991064f5da32d211ef]

Registrierungsdaten: 7
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsI,&q={searchTerms}),Ersetzt,[4cc5b5b0f488ec4ae038e88243c2d729]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}),Ersetzt,[37dae184d0ac979f69b24c1e9174a957]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kTAeo-yisldtUXwYZM4gk781H07MAE8GscmBuBf3AobnTPL3xS6USzQr3hdsNc,, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kTAeo-yisldtUXwYZM4gk781H07MAE8GscmBuBf3AobnTPL3xS6USzQr3hdsNc,),Ersetzt,[4dc476ef91eb290dd5474c1edb2acd33]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}),Ersetzt,[2de49dc8c2ba85b1fd1dc1a90ff6d030]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}),Ersetzt,[4ec37bea7ffdf04606178edce12415eb]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}),Ersetzt,[5bb643221e5e14225ac43d2df4118c74]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2902429972-443509965-4274997157-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZLLx3LpAeVW-lRGGSHpxmTbfKJHlnyK_aDwNHQILJCOs5WF4O8WajHmvrZxXYtvOGU6mUMpcjELtMpsJpqvbLLTzC9tU_ND2EOUP4kjHJLV2CaYrA9kTwYKmeDnDoBZRad1ddGv6yo0DtZc76f7hM8DFkaf5d8EZqsU,&q={searchTerms}),Ersetzt,[020f60052656a88e12073f2b788d7b85]

Ordner: 26
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro, In Quarantäne, [db36cc99b7c5ef473f236e1248bb6997],
PUP.Optional.Caramava.A, C:\Program Files (x86)\Caramava, In Quarantäne, [040dafb60e6e1e18b41d523c3cc79967],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\Partial Backups, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\voice, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\voice\de, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997],
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\SearchProtect, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997],
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997],
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\SearchProtect\STG, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997],
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\UI, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997],
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997],
PUP.Optional.SearchProtect.A, C:\Users\Pk\AppData\Local\SearchProtect, In Quarantäne, [c8499dc8374534024229989e11f2f808],
PUP.Optional.SystemSpeedup, C:\Users\Pk\AppData\Roaming\systweak\ssd, In Quarantäne, [878a630248346ccad19741f8d13209f7],
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8],
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8],
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\libraries, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8],
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\resources, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{887DCFDB-C6BF-4AA8-BDDE-B889716A2D7E}, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader, In Quarantäne, [4fc2f372f48804324707eb5a996ae51b],

Dateien: 101
PUP.Optional.Caramava.A, C:\Program Files (x86)\Caramava\CaramavaBHO.dll, In Quarantäne, [b0617beaf488a4929ac2cf089b678d73],
PUP.Optional.Sense.A, C:\Users\Pk\AppData\Roaming\UQ.exe, In Quarantäne, [2be604613e3e61d53cc374f46a9755ab],
PUP.Optional.Sense.A, C:\Users\Pk\AppData\Roaming\WEFLS.exe, In Quarantäne, [38d94b1a433974c230cf4e1ae81927d9],
PUP.Optional.Nova.A, C:\Program Files (x86)\3a61f36b-5e00-4615-847d-0d7a34dfcb15\60e03062-9aa0-4f1b-bab1-739a3231ca5e.dll, In Quarantäne, [7c95a6bf97e50b2b43f574811ae721df],
PUP.Optional.Crossrider, C:\Program Files (x86)\3a61f36b-5e00-4615-847d-0d7a34dfcb15\fcbbbec9-0975-4c68-9ba2-4a70c9d2ebad.dll, In Quarantäne, [98799bcaf9837abc516f29bb986c28d8],
PUP.Optional.Nova.A, C:\Program Files (x86)\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8\00f6ff79-c308-4537-ada6-740d49eefaf8.dll, In Quarantäne, [67aa0560c1bb9c9ae454d520728f1ce4],
PUP.Optional.Crossrider, C:\Program Files (x86)\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8.dll, In Quarantäne, [cd447de8b9c35fd7a61af7ed1ce8a25e],
PUP.Optional.Nova.A, C:\Program Files (x86)\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8\9124dc78-6d21-42dd-b7e3-3813518da944.dll, In Quarantäne, [40d11e47d8a42a0c54e4db1ab150d62a],
PUP.Optional.Crossrider, C:\Program Files (x86)\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8\d5d8a6bb-476f-4bb9-8cf2-6081992ad6f6.dll, In Quarantäne, [9a774a1b5824181ecdf36a7a8b79d828],
PUP.Optional.Crossrider, C:\Program Files (x86)\AMX Mod X\3a61f36b-5e00-4615-847d-0d7a34dfcb15.dll, In Quarantäne, [7f92bca95824f145912fbb29cc38649c],
PUP.Optional.Nova.A, C:\Program Files (x86)\AMX Mod X\b942e87d-c421-464b-b95d-ab6924e42901.dll, In Quarantäne, [19f8e67fb6c6c670bf79c035d42d5ba5],
PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\VCLdr64.dll, In Quarantäne, [a66b2b3a3646181e0fbc3c6ea75a19e7],
PUP.Optional.SmartBar, C:\Windows\Installer\MSIF4EC.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [7d94acb957253303ccb2d7573cc49868],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI77DB.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [cf42f07586f6f44266180727ce3225db],
PUP.Optional.VBates, C:\Windows\Tasks\FF Watcher {B2AB07AB-FEC9-4CBA-87F4-2F55FF6D8165}.job, In Quarantäne, [828f96cfff7dc5712d6f81ea669d46ba],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-1, In Quarantäne, [a0717ee7453793a376a11958ba49cd33],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-11, In Quarantäne, [29e8ee779eded462f81f0a676a99758b],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-2, In Quarantäne, [e9287beaa9d3e74fa374bfb2d72c3ec2],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-4, In Quarantäne, [be53cb9abbc1cb6b57c0f879a063b64a],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5, In Quarantäne, [51c088dd3d3ff14560b71b56e91ae11f],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5_user, In Quarantäne, [59b8d2930874f046d14685ec0ef55fa1],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-6, In Quarantäne, [7d9478ed44382b0be433a2cf21e2e11f],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-7, In Quarantäne, [5cb5580d7804270f62b56809be4516ea],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-1, In Quarantäne, [e52c8ed7374555e1cc4bdf92a45fcd33],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11, In Quarantäne, [4cc5ff66cfad2b0b96813839aa5923dd],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2, In Quarantäne, [17fa7bead9a316202ee97af762a1a858],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3, In Quarantäne, [0b0681e4cdaf1d19799efa77649fdb25],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4, In Quarantäne, [d23f01649fdd7abc9285f57ca0639c64],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5, In Quarantäne, [957cde87c8b4dc5a5bbc1d5403002cd4],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5_user, In Quarantäne, [020f5f06b7c543f337e0adc4e61dfe02],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6, In Quarantäne, [68a9184dacd056e057c0ff72ba49b64a],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7, In Quarantäne, [4dc4273e3e3e6acc68af541d4ab99070],
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljmibnagodajacnnbifpamhggcohblip_0.localstorage, In Quarantäne, [c34e6203a1dbba7cddfddd944fb442be],
PUP.Optional.SelectNGo.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Löschen bei Neustart, [b859e67f49337bbb48d8e09d44bf9b65],
PUP.Optional.SelectNGo.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Löschen bei Neustart, [13fee382adcf2f0747d90a7315ee7987],
PUP.Optional.ShoppingGate.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, In Quarantäne, [a26f75f0512bd6601bf53c4415ee46ba],
PUP.Optional.ShoppingGate.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, In Quarantäne, [8988b3b2225a1c1ab759ceb2966ddf21],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk, In Quarantäne, [db36cc99b7c5ef473f236e1248bb6997],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro entfernen.lnk, In Quarantäne, [db36cc99b7c5ef473f236e1248bb6997],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk, In Quarantäne, [db36cc99b7c5ef473f236e1248bb6997],
PUP.Optional.Caramava.A, C:\Program Files (x86)\Caramava\Caramava.ico, In Quarantäne, [040dafb60e6e1e18b41d523c3cc79967],
PUP.Optional.Caramava.A, C:\Program Files (x86)\Caramava\CaramavaUninstall.exe, In Quarantäne, [040dafb60e6e1e18b41d523c3cc79967],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-1.job, In Quarantäne, [59b8f471e09c1620901d3f8fe321d828],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-11.job, In Quarantäne, [0d042b3a7dffc96de0cd2ca27e8657a9],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-2.job, In Quarantäne, [aa6750156b113df926874c82c93b22de],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-4.job, In Quarantäne, [af622d38126a50e6822bbc12a163b54b],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5.job, In Quarantäne, [e32e2f3637452214c0ed824c8b79e11f],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-5_user.job, In Quarantäne, [51c01e47fd7fa88ec3ea5579ef15cd33],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-6.job, In Quarantäne, [7a97e87d5527191d6c41e6e8778d09f7],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\111dad0a-f07a-4197-9153-9d7ba0082052-7.job, In Quarantäne, [9c75016483f962d4228b9737c83c3dc3],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-1.job, In Quarantäne, [9c753d2892ea45f1e9c47e50f80cd22e],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-11.job, In Quarantäne, [1df46afb314b3df97c31a02efb095fa1],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-2.job, In Quarantäne, [b859372e205c1422f3ba7658a75d52ae],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-3.job, In Quarantäne, [fc15f96c215b2214e3ca7e50ef15d62a],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-4.job, In Quarantäne, [53befa6b5c209b9b2c816c6238cc2ad6],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5.job, In Quarantäne, [4ac75e07295374c21499a62862a258a8],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-5_user.job, In Quarantäne, [3dd4bda8d4a881b5753848862cd8d828],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-6.job, In Quarantäne, [b061f66fd7a5c96d07a6a7275ca8cb35],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\abe04cdc-0acd-46dd-bce2-6b442ae049e9-7.job, In Quarantäne, [2be6bea71e5e1b1b3a73824c040008f8],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, In Quarantäne, [d63bf273502cff37378cbc123cc804fc],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, In Quarantäne, [f61b7ce91666db5b784c17b74fb5be42],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, In Quarantäne, [ba57eb7a522a5bdbcef737976a9ad42c],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, In Quarantäne, [7c95b8ad126a92a409bd5c72ff05cd33],
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [3fd21b4a710bbd794bf4854d659fab55],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\ExcludeList.rcp, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\German_rcp.dat, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\log_04-25-2014.log, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\log_04-27-2014.log, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\log_04-28-2014.log, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\log_04-29-2014.log, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\log_04-30-2014.log, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\rcpupdate.ini, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\results.rcp, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\TempHLList.rcp, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rmx, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rxb, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.RegCleanerPro.A, C:\Users\Pk\AppData\Roaming\systweak\RegClean Pro\Version 6.1\voice\de\voice.wav, In Quarantäne, [8e83bbaa106c5fd75023a0812ad97789],
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997],
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997],
PUP.Optional.SearchProtect.A, C:\Users\ouali_000\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [2fe22540adcfc86e0a61a98d887b6997],
PUP.Optional.SystemSpeedup, C:\Users\Pk\AppData\Roaming\systweak\ssd\SSDPTstub.exe, In Quarantäne, [878a630248346ccad19741f8d13209f7],
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\background.html, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8],
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\logo_128.png, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8],
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\main.html, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8],
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\main.js, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8],
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\manifest.json, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8],
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\NMHClient.json, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8],
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\libraries\ContentScript.js, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8],
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\libraries\DataExchangeScript.js, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8],
PUP.Optional.Vbates.A, C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip\2.0.0.438_0\resources\LocalScript.js, In Quarantäne, [d8394e1793e97db9d94faf8b000358a8],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, In Quarantäne, [0b06b6af7804ce68cdcca892ce352bd5],
PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader\EZDownloader.lnk, In Quarantäne, [4fc2f372f48804324707eb5a996ae51b],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
# AdwCleaner v4.105 - Bericht erstellt am 20/12/2014 um 15:30:09
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-16.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Pk - OUAILS-PC
# Gestartet von : C:\Users\Pk\Desktop\AdwCleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : pcsuservice

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\pc speed up
Ordner Gelöscht : C:\Users\Pk\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Pk\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
Ordner Gelöscht : C:\Users\Pk\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Pk\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Pk\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Pk\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Pk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Ordner Gelöscht : C:\Users\Pk\Documents\PCSpeedUp
Ordner Gelöscht : C:\Users\Public\Documents\ShopperPro
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Pk\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\Pk\AppData\Roaming\regsvr32.exe_log.txt
Datei Gelöscht : C:\Users\Pk\Desktop\PC Speed Up.lnk
Datei Gelöscht : C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : PC SpeedUp Service Deactivator
Task Gelöscht : YTDownloader

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [pcspeedup]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\lnkfile\shell\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\LiveSupport
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\Speedchecker Limited
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Sense
Schlüssel Gelöscht : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ShopperPro
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\YTDownloader
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v39.0.2171.95

[C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1402354800&from=cor&uid=ST9500325AS_6VEF8HFW&q={searchTerms}

*************************

AdwCleaner[R0].txt - [8895 octets] - [01/05/2014 09:28:39]
AdwCleaner[R1].txt - [10442 octets] - [20/12/2014 15:26:09]
AdwCleaner[S0].txt - [782 octets] - [01/05/2014 09:29:56]
AdwCleaner[S1].txt - [9858 octets] - [20/12/2014 15:30:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9918 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by Pk on 20.12.2014 at 15:34:13,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.12.2014 at 15:45:57,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by Pk (administrator) on OUAILS-PC on 20-12-2014 15:53:51
Running from C:\Users\Pk\Desktop
Loaded Profile: Pk (Available profiles: Pk & ouali_000)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Dropbox, Inc.) C:\Users\Pk\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-10-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-11-17] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90368 2014-11-20] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [403568 2014-04-14] (CyberGhost S.R.L.)
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2902429972-443509965-4274997157-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Ge-Force -> {11111111-1111-1111-1111-110611191111} -> C:\Program Files (x86)\Ge-Force\Ge-Force-bho64.dll No File
BHO: Sense -> {11111111-1111-1111-1111-110611811153} -> C:\Program Files (x86)\Sense\Sense-bho64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2902429972-443509965-4274997157-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MB3038653-7474-418E-BF69-1EF568F15448&SearchSource=55&CUI=&UM=5&UP=SP59E9C460-1DD9-413E-AB72-B1C5C5FEBACB&SSPV=
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://www.sweet-page.com/?type=hp&ts=1402321604&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402323183&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402324645&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402328681&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402331885&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402338859&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402339144&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402354800&from=cor&uid=ST9500325AS_6VEF8HFW"
CHR Profile: C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Google Drive) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Battlefield Heroes) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-05-24]
CHR Extension: (Google-Suche) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (deoodoglhbmpafkajmlggnjnngdclnie) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoodoglhbmpafkajmlggnjnngdclnie [2014-12-09]
CHR Extension: (Sense) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdiimmpmdoofmahingpgabiikimjgcia [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Google Mail) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-17] (Acer Incorporated)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-14] (CyberGhost S.R.L)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-10-02] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-09-20] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-25] ()
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 15:53 - 2014-12-20 15:55 - 00018199 _____ () C:\Users\Pk\Desktop\FRST.txt
2014-12-20 15:53 - 2014-12-20 15:53 - 00000000 ____D () C:\Users\Pk\Desktop\FRST-OlderVersion
2014-12-20 15:45 - 2014-12-20 15:45 - 00000611 _____ () C:\Users\Pk\Desktop\JRT.txt
2014-12-20 15:34 - 2014-12-20 15:34 - 00000000 ____D () C:\Windows\ERUNT
2014-12-20 13:30 - 2014-12-20 15:33 - 00000000 ___RD () C:\Users\Pk\Dropbox
2014-12-20 13:30 - 2014-12-20 13:30 - 00001171 _____ () C:\Users\Pk\Desktop\Dropbox.lnk
2014-12-20 13:28 - 2014-12-20 13:28 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-20 13:24 - 2014-12-20 15:33 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\Dropbox
2014-12-20 13:22 - 2014-12-20 13:23 - 00324224 _____ (Dropbox, Inc.) C:\Users\Pk\Downloads\DropboxInstaller.exe
2014-12-19 18:59 - 2014-12-20 15:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 18:59 - 2014-12-19 18:59 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-19 18:59 - 2014-12-19 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-19 18:58 - 2014-12-19 18:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-19 18:58 - 2014-12-19 18:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-19 18:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-19 18:58 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-19 18:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-19 18:56 - 2014-12-19 18:56 - 02166272 _____ () C:\Users\Pk\Desktop\AdwCleaner_4.105.exe
2014-12-19 18:55 - 2014-12-19 18:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Pk\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-19 18:55 - 2014-12-19 18:56 - 01707646 _____ (Thisisu) C:\Users\Pk\Desktop\JRT.exe
2014-12-19 18:08 - 2014-12-19 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-19 18:08 - 2014-12-19 18:08 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-19 18:07 - 2014-12-20 15:31 - 00039424 _____ () C:\Windows\PFRO.log
2014-12-19 16:30 - 2014-12-20 15:54 - 00000000 ___DC () C:\FRST
2014-12-19 16:18 - 2014-12-20 15:53 - 02122240 ____C (Farbar) C:\Users\Pk\Desktop\FRST64.exe
2014-12-19 16:17 - 2014-12-19 16:17 - 00001284 _____ () C:\Users\Pk\Desktop\Revo Uninstaller.lnk
2014-12-19 16:17 - 2014-12-19 16:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-16 16:15 - 2014-12-16 16:15 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
2014-12-14 11:23 - 2014-12-14 11:38 - 00000459 _____ () C:\Users\Pk\.swfinfo
2014-12-13 17:01 - 2014-12-13 17:01 - 00045112 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-12-10 19:32 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 19:32 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 19:31 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 19:31 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 19:31 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 19:31 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 18:12 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 18:12 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 18:12 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 18:12 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 18:12 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 18:12 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 18:12 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 18:12 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 18:12 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 18:12 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 18:12 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-10 18:11 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 18:11 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 18:11 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 18:11 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 18:11 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 18:11 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 18:11 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 18:11 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 18:11 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 18:11 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 18:11 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 18:11 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 18:11 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 18:11 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 18:11 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 18:11 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 18:11 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 18:11 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 18:11 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 18:11 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 18:11 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 18:11 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 18:11 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 18:11 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 18:11 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 18:11 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 18:11 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 18:11 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 18:11 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 18:11 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 18:11 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-06 12:51 - 2014-12-06 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-06 12:49 - 2014-12-06 12:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-06 12:49 - 2014-12-06 12:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-06 11:59 - 2014-12-06 11:59 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\.technic
2014-12-03 15:31 - 2014-12-20 15:19 - 00000000 ____D () C:\Program Files (x86)\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8
2014-12-03 15:31 - 2014-12-20 15:19 - 00000000 ____D () C:\Program Files (x86)\3a61f36b-5e00-4615-847d-0d7a34dfcb15
2014-11-24 09:46 - 2014-11-24 09:46 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 14:36 - 2013-12-19 22:21 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2013-12-19 22:21 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2014-12-20 15:45 - 2014-10-07 20:18 - 01519558 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 15:36 - 2013-12-20 06:42 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-20 15:36 - 2013-12-20 06:42 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-20 15:36 - 2013-11-27 10:55 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 15:34 - 2014-03-23 18:24 - 00000000 ____D () C:\Users\Pk\AppData\Local\CrashDumps
2014-12-20 15:33 - 2014-03-27 18:09 - 00000000 ___DO () C:\Users\Pk\SkyDrive
2014-12-20 15:33 - 2014-03-19 18:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-20 15:32 - 2014-03-20 19:50 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-20 15:31 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 15:30 - 2014-05-01 09:24 - 00000000 ___DC () C:\AdwCleaner
2014-12-20 15:30 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-12-20 15:27 - 2014-03-19 18:19 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2902429972-443509965-4274997157-1001
2014-12-20 15:23 - 2014-06-21 18:06 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21.job
2014-12-20 15:20 - 2014-03-19 18:09 - 00000000 ____D () C:\Users\Pk
2014-12-20 15:19 - 2014-05-11 17:26 - 00000000 ____D () C:\Program Files (x86)\AMX Mod X
2014-12-20 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-20 13:59 - 2014-10-20 16:32 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\.minecraft
2014-12-20 12:49 - 2014-08-13 16:00 - 00000000 ____D () C:\Users\Pk\AppData\Local\LogMeIn Hamachi
2014-12-19 20:50 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-19 18:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-19 18:39 - 2014-03-19 18:09 - 00000000 ____D () C:\Users\Pk\AppData\Local\Pokki
2014-12-19 18:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\ProgramData\Acer
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-12-19 16:27 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-19 16:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-12-19 15:51 - 2014-05-13 18:22 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\uTorrent
2014-12-16 16:13 - 2014-03-19 18:12 - 00000000 ____D () C:\Users\Pk\AppData\Local\clear.fi
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 19:14 - 2014-03-22 19:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 19:05 - 2014-03-22 19:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 18:33 - 2014-03-19 18:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 22:10 - 2014-11-14 22:54 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-11-14 22:54 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-21 07:14 - 2013-11-27 10:40 - 00000000 ___HD () C:\OEM

Files to move or delete:
====================
C:\Users\Pk\jagex_cl_runescape_LIVE.dat
C:\Users\Pk\random.dat


Some content of TEMP:
====================
C:\Users\Pk\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqrfbsd.dll
C:\Users\Pk\AppData\Local\Temp\h_keixo5.dll
C:\Users\Pk\AppData\Local\Temp\Quarantine.exe
C:\Users\Pk\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\Pk\AppData\Local\Temp\sqlite3.dll
C:\Users\Pk\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Pk\AppData\Local\Temp\System.Data.SQLitef8540cf9-92f7-4c52-9842-74687b7729a5.dll
C:\Users\Pk\AppData\Local\Temp\tu17p84.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 21:02

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by Pk at 2014-12-20 15:57:00
Running from C:\Users\Pk\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2001.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2013.0 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.03.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Air Control Simulator (x32 Version: 3.0.2.59 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMX Mod X Installer 1.8.2 (HKLM-x32\...\AMX Mod X Installer) (Version: 1.8.2 - AMX Mod X Dev Team)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.03.2001.0 - Acer Incorporated)
AssaultCube v1.2.0.2 (HKLM-x32\...\AssaultCube) (Version: 1.2.0.2 - )
Battlefield Heroes (Pk) (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Elsword (HKLM-x32\...\Elsword_de_is1) (Version:  - )
ETDWare PS/2-X64 11.6.28.201_WHQL (HKLM\...\Elantech) (Version: 11.6.28.201 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GameTracker Lite (HKLM-x32\...\GameTracker Lite) (Version:  - ClanServers Hosting LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3349 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
MinecraftAlpha (HKLM-x32\...\MinecraftAlpha) (Version:  - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MTA:SA v1.3.5 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OPERATION7 (HKLM-x32\...\OPERATION7) (Version:  - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27041 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Spielkanäle (x32 Version: 9.2.0.11 - WildTangent, Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
Wizard101(DE) (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Wizard101(DE)_is1) (Version:  - Gameforge 4D GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-10-2014 10:11:02 Windows Update
19-10-2014 18:50:34 Windows Update
14-11-2014 14:45:02 Windows Modules Installer
19-11-2014 16:38:15 Windows Update
27-11-2014 18:26:00 Windows Update
06-12-2014 12:47:12 Windows Update
11-12-2014 19:00:42 Windows Update
19-12-2014 16:21:30 Revo Uninstaller's restore point - abDocs

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14FA1028-9F98-4956-946D-4B13E30B19BE} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {1F7C0A08-85F8-45B8-B900-26F0E7DF6C9D} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-11-19] (Acer)
Task: {2F950441-C496-43B9-A51A-D42CC33CB522} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {3416F7D6-66CB-4824-B085-073F95DE385D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {59B4F9A5-81FA-4E32-8831-5E56E223D3B2} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {991AD5E5-DFB6-48E0-83AF-1AE8142A87A2} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {AB7C8488-2452-423D-AF3A-FEB988CE38B8} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated)
Task: {B32DAFAB-564B-43C1-8F47-460696108ACA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {CDEC366F-05C1-4BA5-873E-36A4EECA4EAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {D5A8973B-2E07-4A3D-B8E2-40979811DF1B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {EF16EDD9-5973-4020-90F4-1BCEFC4E1198} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
Task: {F02E1173-F1F4-4D95-8274-BFBAC23B21CA} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2902429972-443509965-4274997157-1001
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-24 21:03 - 2014-05-25 13:06 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-11-20 13:06 - 2014-11-20 13:06 - 00090368 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2014-11-20 13:06 - 2014-11-20 13:06 - 00089856 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2014-11-21 07:16 - 2014-11-21 07:16 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2014-11-17 10:57 - 2014-11-17 10:57 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-09-16 09:15 - 2014-09-16 09:15 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2014-11-17 10:53 - 2014-11-17 10:53 - 00279296 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-11-20 13:06 - 2014-11-20 13:06 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2014-12-20 13:28 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Pk\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-20 15:33 - 2014-12-20 15:33 - 00043008 _____ () c:\users\pk\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqrfbsd.dll
2014-12-20 13:28 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Pk\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-12-20 13:28 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Pk\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-12-20 13:28 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Pk\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-20 13:28 - 2014-10-22 01:22 - 00118784 _____ () C:\Users\Pk\AppData\Roaming\Dropbox\bin\plugins\accessible\qtaccessiblewidgets.dll
2013-12-19 22:46 - 2013-07-30 18:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\ouali_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Pk\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Pk\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\Pk\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Pk\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\Pk\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Pk\AppData\Roaming:NT2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\StartupApproved\Run: => "CyberGhost"

========================= Accounts: ==========================

Administrator (S-1-5-21-2902429972-443509965-4274997157-500 - Administrator - Disabled)
Gast (S-1-5-21-2902429972-443509965-4274997157-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2902429972-443509965-4274997157-1007 - Limited - Enabled)
ouali_000 (S-1-5-21-2902429972-443509965-4274997157-1002 - Limited - Enabled) => C:\Users\ouali_000
Pk (S-1-5-21-2902429972-443509965-4274997157-1001 - Administrator - Enabled) => C:\Users\Pk

==================== Faulty Device Manager Devices =============

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-08 21:36:08.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:36:07.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:36:06.978
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:35:34.466
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:35:33.682
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:02.863
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:02.289
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:01.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:10:59.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:10:57.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz
Percentage of memory in use: 42%
Total physical RAM: 3979.34 MB
Available physical RAM: 2301.97 MB
Total Pagefile: 8331.34 MB
Available Pagefile: 6268.24 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.19 GB) (Free:350.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 811F8FD7)

Partition: GPT Partition Type.

==================== End Of Log ============================

Crounty 20.12.2014 16:02
...

schrauber 21.12.2014 09:41

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Crounty 21.12.2014 19:37
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ebef5bea6993594f96ee82c602a50196
# engine=21656
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-21 06:19:15
# local_time=2014-12-21 07:19:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 34008 9490274 0 0
# scanned=244124
# found=40
# cleaned=39
# scan_time=13230
sh=F4BBB551315DBE49911663D85F079AFE8B5F8F51 ft=1 fh=96414ff33da39282 vn="Variante von Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\update[1]"
sh=80970B977AB0EA9A04CBE2D461BCF2906E76B9DF ft=1 fh=c71c001159c7ad58 vn="Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\v-bates\DGChrome.exe.vir"
sh=A865E3D38BB6E80925CE0ED3302F63216F5BD742 ft=1 fh=c71c0011f664ecf3 vn="Variante von Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\v-bates\Extension32.dll.vir"
sh=085B93C8E1DB2DB2246EEF48A924FDE02E58B3B1 ft=1 fh=72cc119c6c0cf2fa vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\v-bates\Extension64.dll.vir"
sh=F01B2664D8FF5A98DF177B7A4407065C32D124EF ft=1 fh=c71c0011fee765ee vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\v-bates\ExtensionUpdaterService.exe.vir"
sh=A5BCC1074522EA9F1EDB2D1C01F603F0C1EC6BA0 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\v-bates\Firefox\chrome\content\main.js.vir"
sh=1F6F1F2989F733607A7230A4DC4A54A62023A4EB ft=1 fh=7d9488d6dd82b054 vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\pc speed up\PCSUSD.exe.vir"
sh=E0965E7B73C8E8D95728A71853CD9997001590BC ft=1 fh=b51dafac565cd70b vn="Win32/Systweak.O evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\CleanSchedule.exe.vir"
sh=DF45A5201604D7986E3153BE2998619ECB5E6551 ft=1 fh=29969ff45a549a07 vn="Variante von Win32/Systweak.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\RCPUninstall.exe.vir"
sh=F4977A23C6895A68D1F2B53AF88D52DE6DFB998F ft=1 fh=2ecd3c6af0f1e8dc vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\RegCleanPro.exe.vir"
sh=476063885747EDD774A6B8CB2790703503A75A55 ft=1 fh=d7bb79193adaee2e vn="Win32/Systweak.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\SSDPTstub.exe.vir"
sh=6B8066AEE7C8FAE3ECB7D6D6FD83B4D425F811A2 ft=1 fh=98e0bbcb76eeca04 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\systweakasp.exe.vir"
sh=53708CCF2410434187CA268A7A724A3992C0FC65 ft=1 fh=a6207637a02e9db4 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=D30BAC56E88EDAEF64D8813330D1FB24921088FA ft=1 fh=5da947440ba8911d vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=4539C49EE54EF49172ADAA38B553E38FDF347C80 ft=1 fh=ab01c90ebcba11aa vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=1E3BA56AFE7F70CA844E8330E38FD662A4B41790 ft=1 fh=9c60344bfd510269 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=33093FCFDCE7C07DD5886ECC4DA42672E5314B09 ft=1 fh=d3cea830025d3e5f vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3D6705DAB5126B0393B6FF5C26484B0899A3D125 ft=1 fh=51586fa0d05d1c4e vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=DE134CEDD3AE537C91B6196D66BFCB0FD7DFE550 ft=1 fh=a9eb9770e77ea827 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=856E28D7768BB8C0CD7F1E4355A810D8DB55F6B0 ft=1 fh=1f4105694a25c3d7 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=D4CC48D139C141781B8D9EC5330FDB3057D3DF88 ft=1 fh=34d17fc7c29d944b vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=5F3FBCA00AA8DEE17FF34FC6D0CB7E3F55314B73 ft=1 fh=1e4266cc5aaaaecd vn="Win32/HackTool.Steam.E Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Games\Rust.Client.v25.02.2014\Rust Client.exe"
sh=03517F89D3F20D2D4E2B1A956F8248C9DA9FFC18 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdiimmpmdoofmahingpgabiikimjgcia\15427.9892.6193_0\extensionData\plugins\91.js"
sh=9806CA9C846454A49F22249E83A2E43993B047BA ft=1 fh=237168f980092527 vn="Variante von Win32/SpeedBit.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Pk\AppData\Local\Temp\ShopperProJSINJFull.exe"
sh=976BFE19D4FD2C4B051AE49C952038651956AD3B ft=1 fh=3fa81d351a31970a vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Pk\AppData\Local\Temp\tu17p84.exe"
sh=6F6B9B1EBAD0E8694711735030222E2A961080DD ft=1 fh=65f8a3aa4e632c4f vn="Variante von Win32/Adware.iBryte.BX Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Pk\Downloads\Nicht bestätigt 231185.crdownload"
sh=AC9000BC7034A767CC842DBF75F694FDEB0BD539 ft=1 fh=05d94f6d18135325 vn="Variante von Win32/Adware.iBryte.BX Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Pk\Downloads\Nicht bestätigt 871388.crdownload"
sh=083E59D5CD3500CF0BBDFC59CC4B39645C5CA83A ft=1 fh=1b7719d2674458f9 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI77DB.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=4D19E1FC12C9F2D1BB673CB02511E4EE86B87EBE ft=1 fh=ec73789bd2de0d47 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI77DB.tmp-\sppsm.dll"
sh=B9E7A461796E22B87226172152D83213002081AC ft=1 fh=74353f1bba4f89f2 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI77DB.tmp-\spusm.dll"
sh=7D37E07482CA5D2EDC014784A215917F63A294F5 ft=1 fh=a9866ae28e6f19a4 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI77DB.tmp-\srbu.dll"
sh=90948FD08FA61D38913DC0D988B830C55D0A45EC ft=1 fh=ed3bd3e2a46ff9be vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI77DB.tmp-\srptc.dll"
sh=083E59D5CD3500CF0BBDFC59CC4B39645C5CA83A ft=1 fh=1b7719d2674458f9 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIF4EC.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=8B6287A98E7CC7403B070D2EF07C4E2BFCEF0403 ft=1 fh=c04b514b90e70a4d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIF4EC.tmp-\spbe.dll"
sh=4D19E1FC12C9F2D1BB673CB02511E4EE86B87EBE ft=1 fh=ec73789bd2de0d47 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIF4EC.tmp-\sppsm.dll"
sh=B9E7A461796E22B87226172152D83213002081AC ft=1 fh=74353f1bba4f89f2 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIF4EC.tmp-\spusm.dll"
sh=0993C65D332068F7DC335AD6C7EBB8E89B515CF0 ft=1 fh=4c6549bbd2148752 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIF4EC.tmp-\srbs.dll"
sh=7D37E07482CA5D2EDC014784A215917F63A294F5 ft=1 fh=a9866ae28e6f19a4 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIF4EC.tmp-\srbu.dll"
sh=90948FD08FA61D38913DC0D988B830C55D0A45EC ft=1 fh=ed3bd3e2a46ff9be vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIF4EC.tmp-\srptc.dll"
sh=F4BBB551315DBE49911663D85F079AFE8B5F8F51 ft=1 fh=96414ff33da39282 vn="Variante von Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\update[1]"
Code:
Results of screen317's Security Check version 0.99.93 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25 
 Java version 32-bit out of Date!
  Adobe Flash Player        15.0.0.246 Flash Player out of Date! 
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
 Norton Online Backup ARA Engine 4.5.0.9 ARA.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by Pk (administrator) on OUAILS-PC on 21-12-2014 19:30:53
Running from C:\Users\Pk\Desktop
Loaded Profile: Pk (Available profiles: Pk & ouali_000)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\ARA.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-10-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-11-17] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90368 2014-11-20] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [403568 2014-04-14] (CyberGhost S.R.L.)
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2902429972-443509965-4274997157-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Ge-Force -> {11111111-1111-1111-1111-110611191111} -> C:\Program Files (x86)\Ge-Force\Ge-Force-bho64.dll No File
BHO: Sense -> {11111111-1111-1111-1111-110611811153} -> C:\Program Files (x86)\Sense\Sense-bho64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2902429972-443509965-4274997157-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MB3038653-7474-418E-BF69-1EF568F15448&SearchSource=55&CUI=&UM=5&UP=SP59E9C460-1DD9-413E-AB72-B1C5C5FEBACB&SSPV=
CHR StartupUrls: Default -> "https://www.google.de/", "hxxp://www.sweet-page.com/?type=hp&ts=1402321604&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402323183&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402324645&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402328681&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402331885&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402338859&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402339144&from=cor&uid=ST9500325AS_6VEF8HFW", "hxxp://www.sweet-page.com/?type=hppp&ts=1402354800&from=cor&uid=ST9500325AS_6VEF8HFW"
CHR Profile: C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Google Drive) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Battlefield Heroes) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-05-24]
CHR Extension: (Google-Suche) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (deoodoglhbmpafkajmlggnjnngdclnie) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoodoglhbmpafkajmlggnjnngdclnie [2014-12-09]
CHR Extension: (Sense) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdiimmpmdoofmahingpgabiikimjgcia [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Google Mail) - C:\Users\Pk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-17] (Acer Incorporated)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-14] (CyberGhost S.R.L)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-10-02] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-09-20] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-25] ()
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-21 19:30 - 2014-12-21 19:32 - 00018268 _____ () C:\Users\Pk\Desktop\FRST.txt
2014-12-21 15:34 - 2014-12-21 15:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-21 15:33 - 2014-12-21 15:33 - 00852505 _____ () C:\Users\Pk\Downloads\SecurityCheck.exe
2014-12-21 15:32 - 2014-12-21 15:33 - 02347384 _____ (ESET) C:\Users\Pk\Downloads\esetsmartinstaller_deu.exe
2014-12-20 15:53 - 2014-12-20 15:53 - 00000000 ____D () C:\Users\Pk\Desktop\FRST-OlderVersion
2014-12-20 15:45 - 2014-12-20 15:45 - 00000611 _____ () C:\Users\Pk\Desktop\JRT.txt
2014-12-20 15:34 - 2014-12-20 15:34 - 00000000 ____D () C:\Windows\ERUNT
2014-12-20 13:30 - 2014-12-20 15:33 - 00000000 ___RD () C:\Users\Pk\Dropbox
2014-12-20 13:30 - 2014-12-20 13:30 - 00001171 _____ () C:\Users\Pk\Desktop\Dropbox.lnk
2014-12-20 13:28 - 2014-12-20 13:28 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-20 13:24 - 2014-12-20 15:33 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\Dropbox
2014-12-20 13:22 - 2014-12-20 13:23 - 00324224 _____ (Dropbox, Inc.) C:\Users\Pk\Downloads\DropboxInstaller.exe
2014-12-19 18:59 - 2014-12-21 18:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 18:59 - 2014-12-19 18:59 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-19 18:59 - 2014-12-19 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-19 18:58 - 2014-12-19 18:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-19 18:58 - 2014-12-19 18:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-19 18:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-19 18:58 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-19 18:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-19 18:56 - 2014-12-19 18:56 - 02166272 _____ () C:\Users\Pk\Desktop\AdwCleaner_4.105.exe
2014-12-19 18:55 - 2014-12-19 18:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Pk\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-19 18:55 - 2014-12-19 18:56 - 01707646 _____ (Thisisu) C:\Users\Pk\Desktop\JRT.exe
2014-12-19 18:08 - 2014-12-19 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-19 18:08 - 2014-12-19 18:08 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-19 18:07 - 2014-12-20 15:31 - 00039424 _____ () C:\Windows\PFRO.log
2014-12-19 16:30 - 2014-12-21 19:31 - 00000000 ___DC () C:\FRST
2014-12-19 16:18 - 2014-12-20 15:53 - 02122240 ____C (Farbar) C:\Users\Pk\Desktop\FRST64.exe
2014-12-19 16:17 - 2014-12-19 16:17 - 00001284 _____ () C:\Users\Pk\Desktop\Revo Uninstaller.lnk
2014-12-19 16:17 - 2014-12-19 16:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-16 16:15 - 2014-12-16 16:15 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
2014-12-14 11:23 - 2014-12-14 11:38 - 00000459 _____ () C:\Users\Pk\.swfinfo
2014-12-13 17:01 - 2014-12-13 17:01 - 00045112 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-12-10 19:32 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 19:32 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 19:31 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 19:31 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 19:31 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 19:31 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 18:12 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 18:12 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 18:12 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 18:12 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 18:12 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 18:12 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 18:12 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 18:12 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 18:12 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 18:12 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 18:12 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 18:12 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-10 18:11 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 18:11 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 18:11 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 18:11 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 18:11 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 18:11 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 18:11 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 18:11 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 18:11 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 18:11 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 18:11 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 18:11 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 18:11 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 18:11 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 18:11 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 18:11 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 18:11 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 18:11 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 18:11 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 18:11 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 18:11 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 18:11 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 18:11 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 18:11 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 18:11 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 18:11 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 18:11 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 18:11 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 18:11 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 18:11 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 18:11 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-06 12:51 - 2014-12-06 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-06 12:49 - 2014-12-06 12:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-06 12:49 - 2014-12-06 12:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-06 11:59 - 2014-12-06 11:59 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\.technic
2014-12-03 15:31 - 2014-12-20 15:19 - 00000000 ____D () C:\Program Files (x86)\89399ccd-6ae8-4042-8f69-a6ac4bfe5ed8
2014-12-03 15:31 - 2014-12-20 15:19 - 00000000 ____D () C:\Program Files (x86)\3a61f36b-5e00-4615-847d-0d7a34dfcb15
2014-11-24 09:46 - 2014-11-24 09:46 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 14:36 - 2013-12-19 22:21 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2013-12-19 22:21 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2014-12-21 19:33 - 2014-03-19 18:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-21 19:23 - 2014-06-21 18:06 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21.job
2014-12-21 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-21 18:18 - 2014-03-19 18:19 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2902429972-443509965-4274997157-1001
2014-12-21 18:02 - 2014-10-07 20:18 - 01694330 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 17:55 - 2014-03-23 18:24 - 00000000 ____D () C:\Users\Pk\AppData\Local\CrashDumps
2014-12-21 15:31 - 2013-12-20 06:42 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-21 15:31 - 2013-12-20 06:42 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-21 15:31 - 2013-11-27 10:55 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 15:27 - 2014-03-27 18:09 - 00000000 ___DO () C:\Users\Pk\SkyDrive
2014-12-21 15:26 - 2014-03-20 19:50 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 15:25 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-21 14:38 - 2014-10-20 16:32 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\.minecraft
2014-12-21 10:45 - 2014-03-19 18:09 - 00000000 ____D () C:\Users\Pk
2014-12-20 15:30 - 2014-05-01 09:24 - 00000000 ___DC () C:\AdwCleaner
2014-12-20 15:30 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-12-20 15:19 - 2014-05-11 17:26 - 00000000 ____D () C:\Program Files (x86)\AMX Mod X
2014-12-20 12:49 - 2014-08-13 16:00 - 00000000 ____D () C:\Users\Pk\AppData\Local\LogMeIn Hamachi
2014-12-19 20:50 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-19 18:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-19 18:39 - 2014-03-19 18:09 - 00000000 ____D () C:\Users\Pk\AppData\Local\Pokki
2014-12-19 18:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\ProgramData\Acer
2014-12-19 16:27 - 2013-11-27 11:20 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-12-19 16:27 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-19 16:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-12-19 15:51 - 2014-05-13 18:22 - 00000000 ____D () C:\Users\Pk\AppData\Roaming\uTorrent
2014-12-16 16:13 - 2014-03-19 18:12 - 00000000 ____D () C:\Users\Pk\AppData\Local\clear.fi
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-12 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 19:14 - 2014-03-22 19:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 19:05 - 2014-03-22 19:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 18:33 - 2014-03-19 18:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 22:10 - 2014-11-14 22:54 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-11-14 22:54 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-21 07:14 - 2013-11-27 10:40 - 00000000 ___HD () C:\OEM

Files to move or delete:
====================
C:\Users\Pk\jagex_cl_runescape_LIVE.dat
C:\Users\Pk\random.dat


Some content of TEMP:
====================
C:\Users\Pk\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqrfbsd.dll
C:\Users\Pk\AppData\Local\Temp\h_keixo5.dll
C:\Users\Pk\AppData\Local\Temp\Quarantine.exe
C:\Users\Pk\AppData\Local\Temp\sqlite3.dll
C:\Users\Pk\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Pk\AppData\Local\Temp\System.Data.SQLitef8540cf9-92f7-4c52-9842-74687b7729a5.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 21:02

==================== End Of Log ============================
--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by Pk at 2014-12-21 19:33:25
Running from C:\Users\Pk\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2001.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2013.0 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.03.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Air Control Simulator (x32 Version: 3.0.2.59 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMX Mod X Installer 1.8.2 (HKLM-x32\...\AMX Mod X Installer) (Version: 1.8.2 - AMX Mod X Dev Team)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.03.2001.0 - Acer Incorporated)
AssaultCube v1.2.0.2 (HKLM-x32\...\AssaultCube) (Version: 1.2.0.2 - )
Battlefield Heroes (Pk) (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Elsword (HKLM-x32\...\Elsword_de_is1) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.6.28.201_WHQL (HKLM\...\Elantech) (Version: 11.6.28.201 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GameTracker Lite (HKLM-x32\...\GameTracker Lite) (Version:  - ClanServers Hosting LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3349 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
MinecraftAlpha (HKLM-x32\...\MinecraftAlpha) (Version:  - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MTA:SA v1.3.5 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OPERATION7 (HKLM-x32\...\OPERATION7) (Version:  - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27041 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Spielkanäle (x32 Version: 9.2.0.11 - WildTangent, Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
Wizard101(DE) (HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\Wizard101(DE)_is1) (Version:  - Gameforge 4D GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2902429972-443509965-4274997157-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-10-2014 10:11:02 Windows Update
19-10-2014 18:50:34 Windows Update
14-11-2014 14:45:02 Windows Modules Installer
19-11-2014 16:38:15 Windows Update
27-11-2014 18:26:00 Windows Update
06-12-2014 12:47:12 Windows Update
11-12-2014 19:00:42 Windows Update
19-12-2014 16:21:30 Revo Uninstaller's restore point - abDocs

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14FA1028-9F98-4956-946D-4B13E30B19BE} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {1F7C0A08-85F8-45B8-B900-26F0E7DF6C9D} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-11-19] (Acer)
Task: {2F950441-C496-43B9-A51A-D42CC33CB522} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {3416F7D6-66CB-4824-B085-073F95DE385D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {59B4F9A5-81FA-4E32-8831-5E56E223D3B2} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {991AD5E5-DFB6-48E0-83AF-1AE8142A87A2} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {AB7C8488-2452-423D-AF3A-FEB988CE38B8} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated)
Task: {B32DAFAB-564B-43C1-8F47-460696108ACA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {CDEC366F-05C1-4BA5-873E-36A4EECA4EAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {D5A8973B-2E07-4A3D-B8E2-40979811DF1B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {EF16EDD9-5973-4020-90F4-1BCEFC4E1198} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
Task: {F02E1173-F1F4-4D95-8274-BFBAC23B21CA} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2902429972-443509965-4274997157-1001
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d7320aa4f21.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-24 21:03 - 2014-05-25 13:06 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-11-20 13:06 - 2014-11-20 13:06 - 00090368 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2014-11-20 13:06 - 2014-11-20 13:06 - 00089856 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2014-11-21 07:16 - 2014-11-21 07:16 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2014-11-17 10:57 - 2014-11-17 10:57 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-09-16 09:15 - 2014-09-16 09:15 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2014-09-16 09:16 - 2014-09-16 09:16 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2014-11-17 10:53 - 2014-11-17 10:53 - 00279296 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-11-20 13:06 - 2014-11-20 13:06 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2013-12-19 22:46 - 2013-07-30 18:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 12:25 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\ouali_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Pk\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Pk\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\Pk\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Pk\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\Pk\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Pk\AppData\Roaming:NT2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2902429972-443509965-4274997157-1001\...\StartupApproved\Run: => "CyberGhost"

========================= Accounts: ==========================

Administrator (S-1-5-21-2902429972-443509965-4274997157-500 - Administrator - Disabled)
Gast (S-1-5-21-2902429972-443509965-4274997157-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2902429972-443509965-4274997157-1007 - Limited - Enabled)
ouali_000 (S-1-5-21-2902429972-443509965-4274997157-1002 - Limited - Enabled) => C:\Users\ouali_000
Pk (S-1-5-21-2902429972-443509965-4274997157-1001 - Administrator - Enabled) => C:\Users\Pk

==================== Faulty Device Manager Devices =============

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2014 07:24:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/21/2014 05:52:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.6, Zeitstempel: 0x546963f7
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b1d
ID des fehlerhaften Prozesses: 0x115c
Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0
Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1
Pfad des fehlerhaften Moduls: BackgroundAgent.exe2
Berichtskennung: BackgroundAgent.exe3
Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5

Error: (12/21/2014 03:34:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/21/2014 03:34:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/21/2014 03:34:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/21/2014 03:27:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.3.2000, Zeitstempel: 0x546c82a9
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001bf5f0
ID des fehlerhaften Prozesses: 0xf00
Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0
Pfad der fehlerhaften Anwendung: AcerPortal.exe1
Pfad des fehlerhaften Moduls: AcerPortal.exe2
Berichtskennung: AcerPortal.exe3
Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5

Error: (12/21/2014 01:42:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.6, Zeitstempel: 0x546963f7
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b1d
ID des fehlerhaften Prozesses: 0x1714
Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0
Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1
Pfad des fehlerhaften Moduls: BackgroundAgent.exe2
Berichtskennung: BackgroundAgent.exe3
Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5

Error: (12/21/2014 10:47:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.3.2000, Zeitstempel: 0x546c82a9
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001bf5f0
ID des fehlerhaften Prozesses: 0x1988
Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0
Pfad der fehlerhaften Anwendung: AcerPortal.exe1
Pfad des fehlerhaften Moduls: AcerPortal.exe2
Berichtskennung: AcerPortal.exe3
Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5

Error: (12/20/2014 04:45:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.6, Zeitstempel: 0x546963f7
Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b1d
ID des fehlerhaften Prozesses: 0x16d8
Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0
Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1
Pfad des fehlerhaften Moduls: BackgroundAgent.exe2
Berichtskennung: BackgroundAgent.exe3
Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5


System errors:
=============
Error: (12/21/2014 03:26:20 PM) (Source: DCOM) (EventID: 10016) (User: OUAILS-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Ouails-PCPkS-1-5-21-2902429972-443509965-4274997157-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/21/2014 03:26:20 PM) (Source: DCOM) (EventID: 10016) (User: OUAILS-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Ouails-PCPkS-1-5-21-2902429972-443509965-4274997157-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/21/2014 03:26:20 PM) (Source: DCOM) (EventID: 10016) (User: OUAILS-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Ouails-PCPkS-1-5-21-2902429972-443509965-4274997157-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/21/2014 03:26:19 PM) (Source: DCOM) (EventID: 10016) (User: OUAILS-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Ouails-PCPkS-1-5-21-2902429972-443509965-4274997157-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/21/2014 03:26:19 PM) (Source: DCOM) (EventID: 10016) (User: OUAILS-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Ouails-PCPkS-1-5-21-2902429972-443509965-4274997157-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/21/2014 03:26:19 PM) (Source: DCOM) (EventID: 10016) (User: OUAILS-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Ouails-PCPkS-1-5-21-2902429972-443509965-4274997157-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/21/2014 03:26:19 PM) (Source: DCOM) (EventID: 10016) (User: OUAILS-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Ouails-PCPkS-1-5-21-2902429972-443509965-4274997157-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/21/2014 03:25:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (12/21/2014 03:25:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (12/21/2014 03:25:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎21.‎12.‎2014 um 15:21:51 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (12/21/2014 07:24:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/21/2014 05:52:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.6546963f7MSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d115c01d01d2a2143c545C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dllb2a5e4c8-8931-11e4-83b6-201a06cb959b

Error: (12/21/2014 03:34:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Pk\Downloads\esetsmartinstaller_deu.exe

Error: (12/21/2014 03:34:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Pk\Downloads\esetsmartinstaller_deu.exe

Error: (12/21/2014 03:34:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Pk\Downloads\esetsmartinstaller_deu.exe

Error: (12/21/2014 03:27:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.3.2000546c82a9SHELL32.dll6.3.9600.1733154023318c0000005001bf5f0f0001d01d2a4f39569eC:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll8f40c593-891d-11e4-83b6-201a06cb959b

Error: (12/21/2014 01:42:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.6546963f7MSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d171401d01d02f5233571C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dlle2e2408a-890e-11e4-83b5-201a06cb959b

Error: (12/21/2014 10:47:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.3.2000546c82a9SHELL32.dll6.3.9600.1733154023318c0000005001bf5f0198801d01d031f0c2635C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll5f5520ac-88f6-11e4-83b5-201a06cb959b

Error: (12/20/2014 04:45:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.6546963f7MSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d16d801d01c61d2d7a9caC:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dll277dca97-885f-11e4-83b4-201a06cb959b


CodeIntegrity Errors:
===================================
  Date: 2014-12-08 21:36:08.302
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:36:07.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:36:06.978
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:35:34.466
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-08 21:35:33.682
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:02.863
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:02.289
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:11:01.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:10:59.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-07 12:10:57.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz
Percentage of memory in use: 52%
Total physical RAM: 3979.34 MB
Available physical RAM: 1886.7 MB
Total Pagefile: 8331.34 MB
Available Pagefile: 5679.25 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.19 GB) (Free:349.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 811F8FD7)

Partition: GPT Partition Type.

==================== End Of Log ============================
Immernoch die ADS :(

schrauber 22.12.2014 16:30
in welchem Browser?

Crounty 23.12.2014 17:08
Nur in Chrome, da kommen die Ads by Info und Senseplus.
Hab auch den Internet Explorer versucht und da kam nichts.

schrauber 24.12.2014 16:05
Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de


Frisches FRST log bitte. Noch Probleme?


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:19 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58