Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Weißer bildschirm nach anmeldung (https://www.trojaner-board.de/163647-weisser-bildschirm-anmeldung.html)

azarak 05.02.2015 18:13
Weißer bildschirm nach anmeldung
 
Also, seit gestern bekomme ich nachdem ich mich mit meinem Konto auf meinem Pc anmelde sofort einen weißen Bildschirm und kann nichts mehr tun, außer den Task manager zu öffnen.Dadurch habe ich schon herausgefunden, dass der weiße Bildschirm verschwindet, wenn ich im Task Manager den "Wscript.exe" Prozess beende. Da ich im Internet gelesen habe, dass dies auf einen Virus hindeutet (meine Anti-Virus Programme,Spybot und Avast, haben allerdings nichts gefunden) wollte ich hier mal um hilfe bitten :).

schrauber 05.02.2015 18:33
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


azarak 05.02.2015 18:43
Danke schonmal für die schnelle Hilfe :)
Hier die beiden logdateien:



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01
Ran by kevin (administrator) on KEVIN-PC on 05-02-2015 18:35:41
Running from C:\Users\kevin\Desktop
Loaded Profiles: kevin (Available profiles: kevin)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\bin32\nSvcAppFlt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\bin32\nSvcIp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\kevin\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Spotify Ltd) C:\Users\kevin\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [EasySettingBox] => C:\Program Files\Samsung\Easy Setting Box\EasySettingBox.exe [457728 2013-12-26] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [WSE_Taplika] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\kevin\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [F.lux] => C:\Users\kevin\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [XBGameingMouse] => C:\Program Files\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe [2450432 2010-12-24] ()
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [OscarEditor] => "C:\Program Files\OSCAR Editor X7\\OscarEditor.exe" Minimum
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [Spotify] => C:\Users\kevin\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-01-22] (Spotify Ltd)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [Spotify Web Helper] => C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-22] (Spotify Ltd)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\RunOnce: [WSE_Taplika] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\kevin\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\RunOnce: [Adobe Speed Launcher] => 1423157424
Startup: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-459672416-1117457801-2427277308-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tlk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyByD0FtCyCzz0EyBzytBtN0D0Tzu0StCtCtBzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyDzztCtB0D0CtDtGtA0AyE0AtGzy0B0DzytGtAtC0E0BtGyC0FtA0C0BtDyB0E0EyCyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtDzzyEyC0CtB0DtGtCyEtByDtGyE0C0BzytG0B0ByD0BtG0FtD0AyBzyyCyD0Bzy0FzytB2Q&cr=168279905&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tlk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyByD0FtCyCzz0EyBzytBtN0D0Tzu0StCtCtBzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyDzztCtB0D0CtDtGtA0AyE0AtGzy0B0DzytGtAtC0E0BtGyC0FtA0C0BtDyB0E0EyCyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtDzzyEyC0CtB0DtGtCyEtByDtGyE0C0BzytG0B0ByD0BtG0FtD0AyBzyyCyD0Bzy0FzytB2Q&cr=168279905&ir=
SearchScopes: HKLM -> {8A96AF9E-4074-43b7-BEA3-87217BDA7406} URL = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-459672416-1117457801-2427277308-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-459672416-1117457801-2427277308-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{26C80488-5331-4561-80C5-DD7FDB3C9693}: [NameServer] 8.8.4.4,8.8.8.8
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124
FF Homepage: hxxp://taplika.com/?f=1&a=tlk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyByD0FtCyCzz0EyBzytBtN0D0Tzu0StCtCtBzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyDzztCtB0D0CtDtGtA0AyE0AtGzy0B0DzytGtAtC0E0BtGyC0FtA0C0BtDyB0E0EyCyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtDzzyEyC0CtB0DtGtCyEtByDtGyE0C0BzytG0B0ByD0BtG0FtD0AyBzyyCyD0Bzy0FzytB2Q&cr=168279905&ir=
FF SelectedSearchEngine: Taplika
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.0 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin: @esn.me/esnsonar,version=0.70.3 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll No File
FF Plugin: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=0.80.0 -> C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.102.0 -> C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.104.0 -> C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.122.0 -> C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.96.0 -> C:\Program Files\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> D:\Firefox\plugins\npyaxmpb.dll No File
FF Plugin HKU\S-1-5-21-459672416-1117457801-2427277308-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kevin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124\user.js
FF SearchPlugin: C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124\searchplugins\Taplika.xml
FF Extension: Twitch.tv Stream Browser - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124\Extensions\jid0-5q424C3HVeyE2T4d9bkO7CpXNjU@jetpack.xpi [2013-12-22]
FF Extension: Stream Notifier - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124\Extensions\jid0-z2wAjbeFD5dTCgsj70eQ6UAqQl4@jetpack.xpi [2013-12-22]
FF Extension: Adblock Plus - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-17]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2015-01-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-12]
FF HKLM\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files\Iminent\webbooster@iminent.com
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-07]
FF HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Firefox\Extensions: [lwoofer@lyricswoofer.co] - C:\Program Files\LyricsWoofer\122.xpi
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tlk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyByD0FtCyCzz0EyBzytBtN0D0Tzu0StCtCtBzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyDzztCtB0D0CtDtGtA0AyE0AtGzy0B0DzytGtAtC0E0BtGyC0FtA0C0BtDyB0E0EyCyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtDzzyEyC0CtB0DtGtCyEtByDtGyE0C0BzytG0B0ByD0BtG0FtD0AyBzyyCyD0Bzy0FzytB2Q&cr=168279905&ir=
CHR StartupUrls: Default -> "chrome://apps/"
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-02-03]
CHR Extension: (South Park) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiakcboakkfknbginpmpfkcdmcmpnfm [2015-02-03]
CHR Extension: (Adblock Plus) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-03]
CHR Extension: (Avast Online Security) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-03]
CHR Extension: (Twitch Live) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2015-02-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-18]
CHR HKLM\...\Chrome\Extension: [jnikkfemnfogahcandhlchoengjbeaij] - C:\Program Files\LyricsWoofer\122.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files\1ClickDownload\1click12.crx [Not Found]
StartMenuInternet: Google Chrome - chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-18] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-18] (Avast Software)
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-07-28] () [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [598016 2008-01-29] () [File not signed]
R2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [163840 2008-01-29] () [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-10-12] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 usbglcsservice; C:\Program Files\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe [5865289 2010-12-24] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 HiPatchService; D:\Spiele\Smite\HiPatchService.exe [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS.sys [29184 2007-02-08] (Thesycon GmbH, Germany)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-18] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-18] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2015-01-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-18] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2015-01-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-18] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [97296 2010-11-17] (Advanced Micro Devices)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53976 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [335064 2010-09-29] (Logitech)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-17] ()
S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34384 2009-12-01] (Screaming Bee LLC)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-05-04] (Duplex Secure Ltd.)
R3 usbglcs1080101; C:\Windows\System32\Drivers\usbglcs1080101.sys [18432 2010-12-24] (Windows (R) Win 7 DDK provider) [File not signed]
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-18] (Avast Software)
S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1067008 2009-07-10] (VIA Technologies, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-21] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Windows\TEMP\ALSysIO.sys [X]
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

-------------------------

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-02-2015 01
Ran by kevin at 2015-02-05 18:36:23
Running from C:\Users\kevin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Action Replay Code Manager (HKLM\...\Action Replay Code Manager_is1) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BattlEye (A2Free) Uninstall (HKLM\...\BattlEye A2 Free) (Version:  - )
BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM\...\BattlEye for A2) (Version:  - )
Beat Hazard (HKLM\...\Steam App 49600) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Castle Crashers (HKLM\...\Steam App 204360) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Core Temp version 0.99.8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.8 - Arthur Liberman)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.56 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Cube World version 0.0.1 (HKLM\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Curse (HKLM\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DARK SOULS™ II (HKLM\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Diablo II (HKLM\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
Dojotech Spotify Recorder (HKLM\...\{D149DB2E-392E-48CC-8036-88BECC09C50A}) (Version: 3.2 - Dojotech Software)
Easy Setting Box (HKLM\...\{7E750925-00C9-4B23-A1E8-BBFC0955CFD8}) (Version: 1.0.00 - Samsung)
ELECOM E-Force Laser Gaming Mouse (HKLM\...\ELECOM E-Force Laser Gaming Mouse14101) (Version: 14101 - )
ESN Sonar (HKLM\...\ESN Sonar-0.70.0) (Version: 0.70.0 - ESN Social Software AB)
ESN Sonar (HKLM\...\ESN Sonar-0.70.3) (Version: 0.70.3 - ESN Social Software AB)
ESN Sonar (HKLM\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
f.lux (HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Flux) (Version:  - )
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FINAL FANTASY VIII (HKLM\...\Steam App 39150) (Version:  - SQUARE ENIX)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
League of Legends (HKLM\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 2.1.0 (HKLM\...\Afterburner) (Version: 2.1.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM\...\Steam App 234670) (Version:  - CyberConnect 2)
Nosgoth (HKLM\...\Steam App 200110) (Version: 150126.100925 - Square Enix Ltd)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.6776 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
oZone3D.Net FurMark v1.8.2 (HKLM\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - oZone3D.Net)
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5350) (Version:  - )
Pflanzen gegen Zombies™ (HKLM\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
Project 64 version 2.0.0.14 (HKLM\...\Project 64_is1) (Version: 2.0.0.14 - )
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rapture3D 2.5.1 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Shank (HKLM\...\Steam App 6120) (Version:  - Electronic Arts)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
South Park™: The Stick of Truth™ (HKLM\...\Steam App 213670) (Version:  - Obsidian Entertainment)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Super Meat Boy (HKLM\...\Steam App 40800) (Version:  - )
Super Meat Boy Editor (HKLM\...\Steam App 40810) (Version:  - )
System Requirements Lab (HKLM\...\{92482FB3-C05B-41C6-89E7-75D985602A6E}) (Version: 4.1.72.0 - Husdawg, LLC)
System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM\...\{AFD98C63-5054-4F69-A711-32E888FF42AF}) (Version: 2.2.4.0 - Husdawg, LLC)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The War Z version alpha (HKLM\...\{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1) (Version: alpha - Arktos Entertainment Group LLC)
Torchlight II (HKLM\...\Steam App 200710) (Version:  - )
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ultimate Extras sounds from Microsoft® Tinker™ (HKLM\...\UltSounds2) (Version:  - Microsoft Corporation)
Unity Web Player (HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Soundschemas (HKLM\...\UltSounds) (Version:  - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2015-02-03 09:15 - 00450811 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        localhost
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {075078CA-10C2-4987-A118-5B91D006E39C} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {0DE43AF0-EB0A-493A-8182-94E60A6F21CB} - System32\Tasks\{11807FDF-E590-48B6-94A8-4B92836B8C30} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {13A8B080-F297-490F-B4D3-BD38DE4CA05D} - System32\Tasks\Game_Booster_Startup => C:\Program Files\IObit\Game Booster 3\gbtray.exe
Task: {25ADFA9A-5664-48FD-AABE-E8E1728AC9BF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-18] (AVAST Software)
Task: {67799037-E22C-41E4-881A-2806E72D3972} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {7021CDA1-1C4C-4718-98CF-04470F06638B} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {7489F6D1-F0F9-44D1-AACA-B454EB1F29A9} - \DealPly No Task File <==== ATTENTION
Task: {74C05813-ADDE-49C9-B95D-6B8E5E8340FA} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {85819F50-32D0-4559-8CAC-16DBDEDA4A19} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {A7B3F370-C82E-4F01-825E-1C9417FBF6EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-27] (Google Inc.)
Task: {A860EDAD-5C2C-4B91-B6EC-D4DF78129F50} - System32\Tasks\{49725FC4-D9D4-41CC-A8F2-BE99A03115F7} => pcalua.exe -a C:\Users\kevin\Downloads\everesthome220(2).exe -d D:\Firefox
Task: {B2AD62DC-1D30-4E55-B068-D78C18C41171} - System32\Tasks\{08210AC9-E452-40CC-BFAB-916923209471} => pcalua.exe -a C:\Users\kevin\AppData\Local\Temp\Temp1_VIA_Win7-64_Win7_Vista64_Vista(v7300a).zip\VIA_Win7-64_Win7_Vista64_Vista(v7300a)\INSTMSIW.EXE
Task: {B62899B1-E294-47C9-B293-860A8139010A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-459672416-1117457801-2427277308-1000Core => C:\Users\kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-04] (Google Inc.)
Task: {B9CA8F60-EF6C-40D4-B45C-5C603C3F93F4} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {BB4BB9F2-326F-4001-AEF2-7DC0000C350C} - System32\Tasks\WSE_Taplika => C:\Users\kevin\AppData\Roaming\WSE_Taplika\UpdateProc\UpdateTask.exe [2015-02-03] () <==== ATTENTION
Task: {BB6E889D-3527-4298-9535-FA5FDC81F4E0} - System32\Tasks\{37FA499E-B013-4483-ACBA-F65095450B72} => pcalua.exe -a E:\install.exe -d E:\
Task: {BBCC2780-997D-47E4-A0CC-BC7E0247C2B6} - System32\Tasks\{18B84C47-C769-43A7-B8C7-C9BAE1AEA37C} => pcalua.exe -a C:\Users\kevin\Downloads\Impact_3_In_1_Wheel_Drivers.exe -d D:\Firefox
Task: {C70823ED-2234-41AB-A1D4-CDB825ED8A4E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-459672416-1117457801-2427277308-1000UA => C:\Users\kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-04] (Google Inc.)
Task: {C7FFC1F1-0717-4209-B2D5-308AF0D78519} - System32\Tasks\QtraxPlayer => 855115058.portal.qtrax.com
Task: {CC173A9C-AEEA-405E-A6C8-EDE61AFA07A1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D49645E9-3E49-4BA0-A074-8CA48130C032} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-27] (Google Inc.)
Task: {E1A77F7A-A1C6-4E97-B36A-DE52D3CCA535} - System32\Tasks\MSIAfterburner => C:\Program Files\MSI Afterburner\MSIAfterburner.exe [2011-02-15] ()
Task: {EDA24E43-CE1D-422E-AD8C-CE4B2B76AA76} - System32\Tasks\ASRSetup => E:\ASRSetup.exe
Task: {F0946A13-1938-45C0-BAED-D4AF8312AAC8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-459672416-1117457801-2427277308-1000Core.job => C:\Users\kevin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-459672416-1117457801-2427277308-1000UA.job => C:\Users\kevin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\WSE_Taplika.job => C:\Users\kevin\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-02-05 16:40 - 2015-02-05 16:40 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020500\algo.dll
2015-01-18 02:23 - 2015-01-18 02:23 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2015-01-18 02:23 - 2015-01-18 02:23 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2015-01-18 02:23 - 2015-01-18 02:23 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-30 12:44 - 2013-10-12 07:29 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2013-12-26 00:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-12-26 00:04 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-26 00:04 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-12-26 00:04 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-12-26 00:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-12-24 05:55 - 2010-12-24 05:55 - 05865289 _____ () C:\Program Files\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe
2008-01-29 12:25 - 2008-01-29 12:25 - 00598016 _____ () C:\Program Files\bin32\nSvcAppFlt.exe
2008-01-29 12:17 - 2008-01-29 12:17 - 00102400 _____ () C:\Program Files\bin32\nv_common.dll
2008-01-29 12:18 - 2008-01-29 12:18 - 00454656 _____ () C:\Program Files\bin32\SpecialCase.dll
2008-01-29 12:24 - 2008-01-29 12:24 - 00163840 _____ () C:\Program Files\bin32\nSvcIp.exe
2015-01-18 02:23 - 2015-01-18 02:23 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2013-11-19 14:14 - 2015-01-18 02:24 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-12-24 07:15 - 2010-12-24 07:14 - 02450432 _____ () C:\Program Files\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe
2010-12-24 05:55 - 2010-12-24 05:55 - 00518656 _____ () C:\Program Files\ELECOM E-Force Laser Gaming Mouse\KHKEY.dll
2015-01-22 19:13 - 2015-01-22 19:13 - 36966968 _____ () C:\Users\kevin\AppData\Roaming\Spotify\Data\libcef.dll
2015-01-22 19:13 - 2015-01-22 19:13 - 00374840 _____ () C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2015-01-22 19:13 - 2015-01-22 19:13 - 00867896 _____ () C:\Users\kevin\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2015-01-22 19:13 - 2015-01-22 19:13 - 00886840 _____ () C:\Users\kevin\AppData\Roaming\Spotify\Data\libglesv2.dll
2015-01-22 19:13 - 2015-01-22 19:13 - 00108600 _____ () C:\Users\kevin\AppData\Roaming\Spotify\Data\libegl.dll
2015-02-01 16:06 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.94\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-459672416-1117457801-2427277308-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kevin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-459672416-1117457801-2427277308-500 - Administrator - Disabled)
Gast (S-1-5-21-459672416-1117457801-2427277308-501 - Limited - Disabled)
kevin (S-1-5-21-459672416-1117457801-2427277308-1000 - Administrator - Enabled) => C:\Users\kevin

==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2015 06:35:14 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 06:35:14 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 06:27:04 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 06:27:01 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 06:27:00 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 06:25:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2015 06:21:32 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 06:21:32 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 05:50:01 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 05:50:01 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.


System errors:
=============
Error: (02/05/2015 06:25:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWType%%5

Error: (02/05/2015 06:25:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
SBRE

Error: (02/05/2015 06:25:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: AODDriver4.01%%3

Error: (02/05/2015 06:25:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Treiber für parallelen Anschluss%%1058

Error: (02/05/2015 05:43:07 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWType%%5

Error: (02/05/2015 05:43:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
SBRE

Error: (02/05/2015 05:43:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: AODDriver4.01%%3

Error: (02/05/2015 05:43:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Treiber für parallelen Anschluss%%1058

Error: (02/05/2015 04:44:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: iPod-Dienst%%1053

Error: (02/05/2015 04:44:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000iPod-Dienst


Microsoft Office Sessions:
=========================
Error: (02/05/2015 06:35:14 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 06:35:14 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 06:27:04 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 06:27:01 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 06:27:00 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 06:25:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2015 06:21:32 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 06:21:32 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 05:50:01 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.

Error: (02/05/2015 05:50:01 PM) (Source: profsvc) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Das System kann die angegebene Datei nicht finden.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 49%
Total physical RAM: 3326.24 MB
Available physical RAM: 1676.08 MB
Total Pagefile: 16472.5 MB
Available Pagefile: 14293.51 MB
Total Virtual: 3071.88 MB
Available Virtual: 2914.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:23.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:232.88 GB) (Free:53.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: E10EE10E)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 49D949D8)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 06.02.2015 07:45
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

azarak 06.02.2015 16:22
hat alles soweit geklappt ohne dass das Programm gemeckert hat :)

hier die logdatei:

Code:
ComboFix 15-02-02.01 - kevin 06.02.2015  15:52:55.1.4 - x86
Microsoft® Windows Vista™ Ultimate  6.0.6002.2.1252.49.1031.18.3326.1908 [GMT 1:00]
ausgeführt von:: c:\users\kevin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LyricsFan
c:\users\kevin\AppData\Local\Savings Explorer
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-01-06 bis 2015-02-06  ))))))))))))))))))))))))))))))
.
.
2015-02-06 15:04 . 2015-02-06 15:04        --------        d-----w-        c:\users\kevin\AppData\Local\temp
2015-02-06 15:04 . 2015-02-06 15:04        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-02-06 14:43 . 2014-12-02 11:01        9054624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCA54C7D-9AEC-47DA-AD34-AB708CA9CDF7}\mpengine.dll
2015-02-05 17:35 . 2015-02-05 17:36        --------        d-----w-        C:\FRST
2015-02-05 15:55 . 2015-02-05 16:04        --------        d-----w-        c:\programdata\SecTaskMan
2015-02-03 22:03 . 2015-02-03 22:03        --------        d-----w-        c:\users\kevin\AppData\Roaming\WSE_Taplika
2015-02-03 22:02 . 2015-02-05 09:32        --------        d-----w-        c:\programdata\0780f478-67ce-4ec3-98db-39a65f4618ce
2015-02-01 09:57 . 2015-02-06 14:50        --------        d-----w-        c:\users\Public
2015-01-31 12:59 . 2015-01-31 12:59        --------        d-----w-        c:\programdata\Package Cache
2015-01-22 18:13 . 2015-02-05 15:45        --------        d-----w-        c:\users\kevin\AppData\Local\Spotify
2015-01-22 18:12 . 2015-02-06 14:42        --------        d-----w-        c:\users\kevin\AppData\Roaming\Spotify
2015-01-18 08:25 . 2015-01-18 08:26        --------        d-----w-        c:\windows\system32\vbox
2015-01-18 01:24 . 2015-01-18 01:24        291352        ----a-w-        c:\windows\system32\aswBoot.exe
2015-01-18 01:24 . 2015-01-18 01:24        43152        ----a-w-        c:\windows\avastSS.scr
2015-01-14 17:05 . 2014-12-19 00:25        115200        ----a-w-        c:\windows\system32\drivers\mrxdav.sys
2015-01-14 17:00 . 2014-12-06 03:14        48640        ----a-w-        c:\windows\system32\nlaapi.dll
2015-01-14 17:00 . 2014-12-06 03:14        174080        ----a-w-        c:\windows\system32\nlasvc.dll
2015-01-14 17:00 . 2014-12-06 03:14        93184        ----a-w-        c:\windows\system32\ncsi.dll
2015-01-14 17:00 . 2014-12-06 03:14        153600        ----a-w-        c:\windows\system32\profsvc.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 17:28 . 2013-01-04 12:43        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 17:28 . 2013-01-04 12:43        701616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2015-01-18 01:24 . 2013-08-07 09:14        787800        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2015-01-18 01:24 . 2013-08-07 09:14        423784        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2015-01-18 01:24 . 2014-05-18 09:58        24184        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2015-01-18 01:24 . 2013-08-07 09:14        55240        ----a-w-        c:\windows\system32\drivers\aswrdr.sys
2015-01-18 01:24 . 2013-08-07 09:14        57928        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2015-01-18 01:24 . 2013-08-07 09:14        206248        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2015-01-18 01:24 . 2013-08-07 09:14        49944        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2015-01-18 01:24 . 2013-08-07 09:14        70384        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2015-01-06 03:36 . 2011-02-12 17:43        249488        ------w-        c:\windows\system32\MpSigStub.exe
2014-12-03 02:06 . 2014-12-11 17:00        278528        ----a-w-        c:\windows\system32\schannel.dll
2014-11-24 20:44 . 2014-12-11 10:02        367104        ----a-w-        c:\windows\system32\html.iec
2014-11-24 20:40 . 2014-12-11 10:02        1810944        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-24 20:35 . 2014-12-11 10:02        1129472        ----a-w-        c:\windows\system32\wininet.dll
2014-11-24 20:34 . 2014-12-11 10:02        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-24 20:33 . 2014-12-11 10:02        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-11-24 20:33 . 2014-12-11 10:02        421376        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-24 20:32 . 2014-12-11 10:02        11776        ----a-w-        c:\windows\system32\mshta.exe
2014-11-24 20:32 . 2014-12-11 10:02        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-18 01:23        723976        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\kevin\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"XBGameingMouse"="c:\program files\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe" [2010-12-24 2450432]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
"Spotify"="c:\users\kevin\AppData\Roaming\Spotify\Spotify.exe" [2015-01-22 6737976]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Spotify Web Helper"="c:\users\kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-01-22 1676344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-27 5227112]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"EasySettingBox"="c:\program files\Samsung\Easy Setting Box\EasySettingBox.exe" [2013-12-26 457728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WSE_Taplika"="c:\windows\system32\wscript.exe" [2013-10-11 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS.sys [2007-02-08 29184]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23        38400        ----a-w-        c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-01 15:05        1086280        ----a-w-        c:\program files\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 08:50        30720        ----a-w-        c:\windows\System32\soundschemes2.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-04 17:28]
.
2015-02-06 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-12-25 09:57]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-27 07:29]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-27 07:29]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-459672416-1117457801-2427277308-1000Core.job
- c:\users\kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-04 17:42]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-459672416-1117457801-2427277308-1000UA.job
- c:\users\kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-04 17:42]
.
2015-02-03 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-12-25 09:49]
.
2015-01-31 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-12-25 09:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{26C80488-5331-4561-80C5-DD7FDB3C9693}: NameServer = 8.8.4.4,8.8.8.8
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKCU-Run-Overwolf - c:\program files\Overwolf\Overwolf.exe
HKCU-Run-OscarEditor - c:\program files\OSCAR Editor X7\\OscarEditor.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Battlelog Web Plugins - c:\program files\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye A2 Free - d:\spiele\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe
AddRemove-BattlEye for A2 - c:\program files\Bohemia Interactive\ArmABattlEye\UnInstallBE.exe
AddRemove-Project 64_is1 - c:\emulator\n64\Project64 2.0\unins000.exe
AddRemove-PunkBusterSvc - d:\spiele\Origin\Battlefield 4 Beta\pbsvc.exe
AddRemove-{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1 - c:\program files\BRS\unins000.exe
AddRemove-UnityWebPlayer - c:\users\kevin\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-02-06 16:04
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  EasySettingBox = c:\program files\Samsung\Easy Setting Box\EasySettingBox.exe?????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-459672416-1117457801-2427277308-1000\Software\SecuROM\License information*]
"datasecu"=hex:e1,55,58,a1,93,87,e9,5e,5c,95,e6,b2,0c,12,86,e4,27,de,bf,47,f7,
  8d,50,8f,6a,92,7f,4d,61,a3,fa,2d,3b,02,0b,03,f5,b6,7e,5f,e1,f3,88,74,d3,cf,\
"rkeysecu"=hex:d1,06,b9,16,4f,a3,db,08,b7,f5,8b,47,4c,7e,53,07
.
Zeit der Fertigstellung: 2015-02-06  16:08:44
ComboFix-quarantined-files.txt  2015-02-06 15:08
.
Vor Suchlauf: 6 Verzeichnis(se), 25.022.783.488 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 27.035.918.336 Bytes frei
.
- - End Of File - - 562A6C592D797B61F46FB6BBFE26F766
5C616939100B85E558DA92B899A0FC36

schrauber 07.02.2015 11:03
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

azarak 07.02.2015 12:25
Hat wieder alles geklappt und das Problem mit dem weißem Bildschirm hat sich auch aufgelöst :dankeschoen:

Hier die ganzen log-dateien:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 07.02.2015 11:14:10, SYSTEM, KEVIN-PC, Protection, Malware Protection, Starting,
Protection, 07.02.2015 11:14:10, SYSTEM, KEVIN-PC, Protection, Malware Protection, Started,
Protection, 07.02.2015 11:14:11, SYSTEM, KEVIN-PC, Protection, Malicious Website Protection, Starting,
Update, 07.02.2015 11:14:14, SYSTEM, KEVIN-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 07.02.2015 11:14:14, SYSTEM, KEVIN-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1,
Protection, 07.02.2015 11:14:17, SYSTEM, KEVIN-PC, Protection, Malicious Website Protection, Started,
Update, 07.02.2015 11:14:20, SYSTEM, KEVIN-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.7.4,
Protection, 07.02.2015 11:14:20, SYSTEM, KEVIN-PC, Protection, Refresh, Starting,
Protection, 07.02.2015 11:14:20, SYSTEM, KEVIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 07.02.2015 11:14:22, SYSTEM, KEVIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 07.02.2015 11:14:27, SYSTEM, KEVIN-PC, Protection, Refresh, Success,
Protection, 07.02.2015 11:14:27, SYSTEM, KEVIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 07.02.2015 11:14:27, SYSTEM, KEVIN-PC, Protection, Malicious Website Protection, Started,
Protection, 07.02.2015 11:37:52, SYSTEM, KEVIN-PC, Protection, Malware Protection, Starting,
Protection, 07.02.2015 11:37:52, SYSTEM, KEVIN-PC, Protection, Malware Protection, Started,
Protection, 07.02.2015 11:37:52, SYSTEM, KEVIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 07.02.2015 11:39:26, SYSTEM, KEVIN-PC, Protection, Malicious Website Protection, Started,

(end)
Code:
# AdwCleaner v4.110 - Bericht erstellt 07/02/2015 um 11:53:01
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-05.2 [Server]
# Betriebssystem : Windows Vista (TM) Ultimate Service Pack 2 (x86)
# Benutzername : kevin - KEVIN-PC
# Gestarted von : C:\Users\kevin\Desktop\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Program Files\Toolbar Cleaner
Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo
Ordner Gelöscht : C:\Users\kevin\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\kevin\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\kevin\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\kevin\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\kevin\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\kevin\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\kevin\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\kevin\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\kevin\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\kevin\AppData\Roaming\software4u
Ordner Gelöscht : C:\Users\kevin\AppData\Roaming\WSE_Taplika
Datei Gelöscht : C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124\invalidprefs.js
Datei Gelöscht : C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124\user.js
Datei Gelöscht : C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lu9gg5is.default-1359234508487\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : QtraxPlayer

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jnikkfemnfogahcandhlchoengjbeaij
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\9578fdce13be543
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsWoofer
Schlüssel Gelöscht : HKLM\SOFTWARE\Toolbar Cleaner
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Soft-Now bundle
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\findlyrics@findlyrics.co
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lrcfan@fansoft.br
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16599


-\\ Mozilla Firefox v35.0.1 (x86 de)

[9t3u0x62.default-1376713090124\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tlk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyByD0FtCyCzz0EyBzytBtN0D0Tzu0StCtCtBzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1[...]
[9t3u0x62.default-1376713090124\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Taplika");
[lu9gg5is.default-1359234508487\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Taplika");
[lu9gg5is.default-1359234508487\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tlk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyByD0FtCyCzz0EyBzytBtN0D0Tzu0StCtCtBzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1[...]

-\\ Google Chrome v40.0.2214.111


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [10403 Bytes] - [07/02/2015 11:49:24]
AdwCleaner[S0].txt - [10335 Bytes] - [07/02/2015 11:53:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10395  Bytes] ##########

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows Vista (TM) Ultimate x86
Ran by kevin on 07.02.2015 at 12:11:48,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\kevin\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
Successfully deleted: [File] C:\Windows\prefetch\SPEEDFAN.EXE-D1DD9D6D.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.02.2015 at 12:14:18,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01
Ran by kevin (administrator) on KEVIN-PC on 07-02-2015 12:19:26
Running from C:\Users\kevin\Desktop
Loaded Profiles: kevin (Available profiles: kevin)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\System32\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\bin32\nSvcAppFlt.exe
() C:\Program Files\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Flux Software LLC) C:\Users\kevin\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe
(Spotify Ltd) C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [EasySettingBox] => C:\Program Files\Samsung\Easy Setting Box\EasySettingBox.exe [457728 2013-12-26] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [F.lux] => C:\Users\kevin\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [XBGameingMouse] => C:\Program Files\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe [2450432 2010-12-24] ()
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [Spotify] => C:\Users\kevin\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-01-22] (Spotify Ltd)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [Spotify Web Helper] => C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-22] (Spotify Ltd)
Startup: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-459672416-1117457801-2427277308-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-459672416-1117457801-2427277308-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{26C80488-5331-4561-80C5-DD7FDB3C9693}: [NameServer] 8.8.4.4,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.0 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin: @esn.me/esnsonar,version=0.70.3 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll No File
FF Plugin: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=0.80.0 -> C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.102.0 -> C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.104.0 -> C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.122.0 -> C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.96.0 -> C:\Program Files\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> D:\Firefox\plugins\npyaxmpb.dll No File
FF Plugin HKU\S-1-5-21-459672416-1117457801-2427277308-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kevin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Twitch.tv Stream Browser - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124\Extensions\jid0-5q424C3HVeyE2T4d9bkO7CpXNjU@jetpack.xpi [2013-12-22]
FF Extension: Stream Notifier - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124\Extensions\jid0-z2wAjbeFD5dTCgsj70eQ6UAqQl4@jetpack.xpi [2013-12-22]
FF Extension: Adblock Plus - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-17]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2015-01-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-07]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tlk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyByD0FtCyCzz0EyBzytBtN0D0Tzu0StCtCtBzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyDzztCtB0D0CtDtGtA0AyE0AtGzy0B0DzytGtAtC0E0BtGyC0FtA0C0BtDyB0E0EyCyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtDzzyEyC0CtB0DtGtCyEtByDtGyE0C0BzytG0B0ByD0BtG0FtD0AyBzyyCyD0Bzy0FzytB2Q&cr=168279905&ir=
CHR StartupUrls: Default -> "chrome://apps/"
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-02-03]
CHR Extension: (South Park) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiakcboakkfknbginpmpfkcdmcmpnfm [2015-02-03]
CHR Extension: (Adblock Plus) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-03]
CHR Extension: (Avast Online Security) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-03]
CHR Extension: (Twitch Live) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2015-02-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-18] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-18] (Avast Software)
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-07-28] () [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [598016 2008-01-29] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [163840 2008-01-29] () [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-10-12] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 usbglcsservice; C:\Program Files\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe [5865289 2010-12-24] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 HiPatchService; D:\Spiele\Smite\HiPatchService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS.sys [29184 2007-02-08] (Thesycon GmbH, Germany)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-18] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-18] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2015-01-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-18] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2015-01-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-18] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [97296 2010-11-17] (Advanced Micro Devices)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53976 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [335064 2010-09-29] (Logitech)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-17] ()
S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34384 2009-12-01] (Screaming Bee LLC)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-05-04] (Duplex Secure Ltd.)
R3 usbglcs1080101; C:\Windows\System32\Drivers\usbglcs1080101.sys [18432 2010-12-24] (Windows (R) Win 7 DDK provider) [File not signed]
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-18] (Avast Software)
S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1067008 2009-07-10] (VIA Technologies, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-21] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Windows\TEMP\ALSysIO.sys [X]
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X]
S3 catchme; \??\C:\Windows\TEMP\catchme.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 12:14 - 2015-02-07 12:14 - 00000884 _____ () C:\Users\kevin\Desktop\JRT.txt
2015-02-07 12:11 - 2015-02-07 12:11 - 01388274 _____ (Thisisu) C:\Users\kevin\Desktop\JRT.exe
2015-02-07 12:08 - 2015-02-07 12:08 - 00010476 _____ () C:\Users\kevin\Desktop\AdwCleaner[S0].txt
2015-02-07 11:49 - 2015-02-07 11:57 - 00000000 ____D () C:\AdwCleaner
2015-02-07 11:47 - 2015-02-07 11:47 - 02112512 _____ () C:\Users\kevin\Desktop\AdwCleaner_4.110.exe
2015-02-07 11:46 - 2015-02-07 11:46 - 00001749 _____ () C:\Users\kevin\Desktop\mbam.txt.txt
2015-02-07 11:14 - 2015-02-07 12:04 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 11:13 - 2015-02-07 11:13 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-07 11:13 - 2015-02-07 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-07 11:13 - 2015-02-07 11:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-07 11:13 - 2015-02-07 11:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-07 11:13 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-07 11:13 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-07 11:13 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-07 11:10 - 2015-02-07 11:11 - 00000000 ____D () C:\Users\Bootsektor
2015-02-07 11:08 - 2015-02-07 11:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bootsektor\mbam-setup-2.0.4.1028.exe
2015-02-06 16:08 - 2015-02-06 16:08 - 00011556 _____ () C:\ComboFix.txt
2015-02-06 15:50 - 2015-02-06 16:08 - 00000000 ____D () C:\Qoobox
2015-02-06 15:50 - 2015-02-06 16:05 - 00000000 ____D () C:\Windows\erdnt
2015-02-06 15:50 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-06 15:50 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-06 15:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-06 15:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-06 15:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-06 15:50 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-06 15:50 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-06 15:50 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-06 15:38 - 2015-02-06 15:39 - 05611380 ____R (Swearware) C:\Users\kevin\Desktop\ComboFix.exe
2015-02-05 18:36 - 2015-02-05 18:36 - 00031736 _____ () C:\Users\kevin\Desktop\Addition.txt
2015-02-05 18:35 - 2015-02-07 12:19 - 00019667 _____ () C:\Users\kevin\Desktop\FRST.txt
2015-02-05 18:35 - 2015-02-07 12:19 - 00000000 ____D () C:\FRST
2015-02-05 18:34 - 2015-02-05 18:34 - 01123328 _____ (Farbar) C:\Users\kevin\Desktop\FRST.exe
2015-02-04 13:20 - 2015-02-04 13:20 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2015-02-04 12:32 - 2015-02-07 11:37 - 00008350 _____ () C:\Windows\PFRO.log
2015-02-04 00:03 - 2015-02-05 17:03 - 00000135 _____ () C:\Users\kevin\AppData\Roaming\WB.CFG
2015-02-03 23:06 - 2015-02-04 14:15 - 00000000 ____D () C:\Users\kevin\Documents\PCSX2
2015-02-03 23:02 - 2015-02-05 10:32 - 00000000 ____D () C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce
2015-02-01 10:57 - 2015-02-06 16:08 - 00000000 ____D () C:\Users\Public
2015-02-01 10:42 - 2015-02-01 10:42 - 00000247 _____ () C:\Windows\system32\2015-02-01-09-42-12.007-aswFe.exe-264.log
2015-02-01 10:42 - 2015-02-01 10:42 - 00000197 _____ () C:\Windows\system32\2015-02-01-09-42-03.089-AvastVBoxSVC.exe-1424.log
2015-01-31 14:14 - 2015-01-31 14:14 - 00000827 _____ () C:\Users\kevin\Desktop\Hearthstone.lnk
2015-01-31 14:14 - 2015-01-31 14:14 - 00000825 _____ () C:\Windows\system32\Hearthstone.lnk
2015-01-31 14:14 - 2015-01-31 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-01-31 13:59 - 2015-01-31 13:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-29 17:36 - 2015-01-29 17:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-26 16:17 - 2015-01-26 16:17 - 00000209 _____ () C:\Users\kevin\Desktop\Nosgoth.url
2015-01-24 15:53 - 2015-01-24 15:53 - 00000000 ____D () C:\Users\kevin\Documents\Square Enix
2015-01-24 15:37 - 2015-01-24 15:37 - 00000208 _____ () C:\Users\kevin\Desktop\FINAL FANTASY VIII.url
2015-01-22 19:13 - 2015-01-22 19:13 - 00001711 _____ () C:\Users\kevin\Desktop\Spotify.lnk
2015-01-22 19:13 - 2015-01-22 19:13 - 00001697 _____ () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-01-22 19:12 - 2015-02-07 12:09 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Spotify
2015-01-22 19:11 - 2015-01-22 19:11 - 00137888 _____ (Spotify Ltd) C:\Users\kevin\Downloads\SpotifySetup.exe
2015-01-18 10:15 - 2015-01-18 10:15 - 00000247 _____ () C:\Windows\system32\2015-01-18-09-15-24.079-aswFe.exe-5952.log
2015-01-18 09:46 - 2015-01-18 10:14 - 00000247 _____ () C:\Windows\system32\2015-01-18-08-46-54.065-aswFe.exe-3904.log
2015-01-18 09:45 - 2015-01-18 09:45 - 00000197 _____ () C:\Windows\system32\2015-01-18-08-45-50.016-AvastVBoxSVC.exe-3764.log
2015-01-18 09:25 - 2015-01-18 09:26 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-18 02:24 - 2015-01-18 02:24 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-18 02:24 - 2015-01-18 02:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-14 18:05 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 18:00 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 18:00 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 18:00 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 18:00 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 12:09 - 2013-03-27 08:29 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 12:06 - 2008-01-21 02:37 - 01602586 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 12:04 - 2013-12-26 00:04 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-02-07 12:03 - 2013-03-27 08:29 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 12:01 - 2013-01-04 18:43 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-459672416-1117457801-2427277308-1000UA.job
2015-02-07 12:00 - 2006-11-02 14:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 12:00 - 2006-11-02 13:46 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-07 12:00 - 2006-11-02 13:46 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-07 11:59 - 2006-11-02 14:00 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-07 11:28 - 2013-02-02 09:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 23:38 - 2013-03-26 15:19 - 00000000 ____D () C:\Program Files\SpeedFan
2015-02-06 21:58 - 2011-02-13 00:15 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-02-06 19:37 - 2014-10-11 17:21 - 00000000 ____D () C:\Users\kevin\Downloads\up95
2015-02-06 16:13 - 2011-02-12 22:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-06 16:08 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-02-06 16:04 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-02-06 16:01 - 2013-01-04 18:43 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-459672416-1117457801-2427277308-1000Core.job
2015-02-05 18:28 - 2013-01-04 13:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 18:28 - 2013-01-04 13:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 18:24 - 2006-11-02 13:46 - 00257200 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-04 15:52 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-04 13:51 - 2008-01-21 09:24 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 12:41 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-02-04 00:30 - 2013-12-26 00:04 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-02-03 23:16 - 2013-01-04 18:44 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-03 23:05 - 2011-06-13 17:09 - 00000000 ____D () C:\Windows\system32\directx
2015-02-03 09:09 - 2013-12-26 00:04 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-02 13:09 - 2013-03-14 15:33 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\vlc
2015-02-01 00:44 - 2013-12-26 00:04 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-01-31 14:14 - 2011-03-16 07:45 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2015-01-31 14:01 - 2011-03-18 20:06 - 00000000 ____D () C:\Users\kevin\Documents\My Games
2015-01-31 14:01 - 2011-02-12 22:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-30 05:50 - 2011-03-07 15:55 - 00000000 ____D () C:\Windows\Minidump
2015-01-30 05:45 - 2011-07-17 20:04 - 00000000 ____D () C:\Users\kevin\Documents\Schule
2015-01-30 05:44 - 2011-02-12 17:51 - 00000000 ____D () C:\Users\kevin
2015-01-30 03:47 - 2012-05-02 19:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-29 17:39 - 2014-10-05 03:22 - 00000000 ____D () C:\Users\kevin\Downloads\a
2015-01-29 17:39 - 2014-09-17 13:10 - 00000000 ____D () C:\Users\kevin\Downloads\o
2015-01-18 14:10 - 2011-07-22 18:58 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2015-01-18 02:24 - 2014-05-18 10:58 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-18 02:24 - 2013-08-07 10:14 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-18 02:24 - 2013-08-07 10:14 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-18 02:24 - 2013-08-07 10:14 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-18 02:24 - 2013-08-07 10:14 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-18 02:24 - 2013-08-07 10:14 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-01-18 02:24 - 2013-08-07 10:14 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2015-01-18 02:24 - 2013-08-07 10:14 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-14 18:05 - 2013-07-15 21:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 18:00 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2011-08-28 13:43 - 2013-10-12 07:29 - 0138904 _____ () C:\Users\kevin\AppData\Roaming\PnkBstrK.sys
2015-02-04 00:03 - 2015-02-05 17:03 - 0000135 _____ () C:\Users\kevin\AppData\Roaming\WB.CFG
2011-02-12 17:51 - 2015-02-04 13:58 - 0002032 _____ () C:\Users\kevin\AppData\Local\d3d9caps.dat
2011-02-12 22:18 - 2013-08-22 10:11 - 0035840 _____ () C:\Users\kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-05 17:03 - 2015-02-05 17:03 - 0234679 _____ () C:\Users\kevin\AppData\Local\dsi1.dat
2015-02-05 17:03 - 2015-02-05 17:03 - 0161916 _____ () C:\Users\kevin\AppData\Local\dsi2.dat
2014-06-24 12:18 - 2014-06-24 12:18 - 0000000 _____ () C:\Users\kevin\AppData\Local\{88BB463B-B4AE-4148-AE87-5345170CB1C6}

Files to move or delete:
====================
C:\Users\Bootsektor\mbam-setup-2.0.4.1028.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-07 12:09

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 07.02.2015 16:03

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

azarak 07.02.2015 19:43
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3e809417e1d8524386fe091046c0f77c
# engine=22356
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-07 06:19:38
# local_time=2015-02-07 07:19:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 872315 187753668 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 102996 260866033 0 0
# scanned=292211
# found=1
# cleaned=0
# scan_time=9047
sh=47F084B613A80F2C474A9F41A8CA2F34945BC777 ft=1 fh=a2262b2144719dee vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\emulator\gba\visualboy-advance-1-7-2.exe"
Code:
Results of screen317's Security Check version 0.99.95 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Spybot - Search & Destroy
 CCleaner   
  Java 64-bit 8 Update 31 
 Adobe Flash Player        16.0.0.305 
 Adobe Reader 10.1.13 Adobe Reader out of Date! 
 Mozilla Firefox (35.0.1)
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Spybot Teatimer.exe is disabled!
 Malwarebytes Anti-Malware mbamscheduler.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01
Ran by kevin (administrator) on KEVIN-PC on 07-02-2015 19:39:15
Running from C:\Users\kevin\Desktop
Loaded Profiles: kevin (Available profiles: kevin)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\System32\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\bin32\nSvcAppFlt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\bin32\nSvcIp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\kevin\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Spotify Ltd) C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Almico Software (www.almico.com)) C:\Program Files\SpeedFan\speedfan.exe
(Spotify Ltd) C:\Users\kevin\AppData\Roaming\Spotify\spotify.exe
() C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [EasySettingBox] => C:\Program Files\Samsung\Easy Setting Box\EasySettingBox.exe [457728 2013-12-26] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [F.lux] => C:\Users\kevin\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [XBGameingMouse] => C:\Program Files\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe [2450432 2010-12-24] ()
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [Spotify] => C:\Users\kevin\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-01-22] (Spotify Ltd)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\Run: [Spotify Web Helper] => C:\Users\kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-22] (Spotify Ltd)
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\...\RunOnce: [Adobe Speed Launcher] => 1423309690
Startup: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-459672416-1117457801-2427277308-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-459672416-1117457801-2427277308-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-459672416-1117457801-2427277308-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{26C80488-5331-4561-80C5-DD7FDB3C9693}: [NameServer] 8.8.4.4,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.0 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin: @esn.me/esnsonar,version=0.70.3 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll No File
FF Plugin: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=0.80.0 -> C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.102.0 -> C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.104.0 -> C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.122.0 -> C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=1.96.0 -> C:\Program Files\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> D:\Firefox\plugins\npyaxmpb.dll No File
FF Plugin HKU\S-1-5-21-459672416-1117457801-2427277308-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kevin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Twitch.tv Stream Browser - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124\Extensions\jid0-5q424C3HVeyE2T4d9bkO7CpXNjU@jetpack.xpi [2013-12-22]
FF Extension: Stream Notifier - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124\Extensions\jid0-z2wAjbeFD5dTCgsj70eQ6UAqQl4@jetpack.xpi [2013-12-22]
FF Extension: Adblock Plus - C:\Users\kevin\AppData\Roaming\Mozilla\Firefox\Profiles\9t3u0x62.default-1376713090124\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-17]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2015-01-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-07]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tlk_ir_15_06&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0DyByD0FtCyCzz0EyBzytBtN0D0Tzu0StCtCtBzytN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyDzztCtB0D0CtDtGtA0AyE0AtGzy0B0DzytGtAtC0E0BtGyC0FtA0C0BtDyB0E0EyCyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtDzzyEyC0CtB0DtGtCyEtByDtGyE0C0BzytG0B0ByD0BtG0FtD0AyBzyyCyD0Bzy0FzytB2Q&cr=168279905&ir=
CHR StartupUrls: Default -> "chrome://apps/"
CHR Profile: C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-02-03]
CHR Extension: (South Park) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiakcboakkfknbginpmpfkcdmcmpnfm [2015-02-03]
CHR Extension: (Adblock Plus) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-03]
CHR Extension: (Avast Online Security) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-03]
CHR Extension: (Twitch Live) - C:\Users\kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2015-02-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-18] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-18] (Avast Software)
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-07-28] () [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [598016 2008-01-29] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [163840 2008-01-29] () [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-10-12] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 usbglcsservice; C:\Program Files\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe [5865289 2010-12-24] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 HiPatchService; D:\Spiele\Smite\HiPatchService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS.sys [29184 2007-02-08] (Thesycon GmbH, Germany)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-18] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-18] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2015-01-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-18] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2015-01-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-18] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [97296 2010-11-17] (Advanced Micro Devices)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53976 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [335064 2010-09-29] (Logitech)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-17] ()
S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34384 2009-12-01] (Screaming Bee LLC)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-05-04] (Duplex Secure Ltd.)
R3 usbglcs1080101; C:\Windows\System32\Drivers\usbglcs1080101.sys [18432 2010-12-24] (Windows (R) Win 7 DDK provider) [File not signed]
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-18] (Avast Software)
S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1067008 2009-07-10] (VIA Technologies, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-21] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Windows\TEMP\ALSysIO.sys [X]
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X]
S3 catchme; \??\C:\Windows\TEMP\catchme.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 19:39 - 2015-02-07 19:39 - 00020317 _____ () C:\Users\kevin\Desktop\FRST.txt
2015-02-07 19:27 - 2015-02-07 19:28 - 00852573 _____ () C:\Users\kevin\Desktop\SecurityCheck.exe
2015-02-07 16:46 - 2015-02-07 16:46 - 02347384 _____ (ESET) C:\Users\kevin\Downloads\esetsmartinstaller_deu.exe
2015-02-07 12:14 - 2015-02-07 12:14 - 00000884 _____ () C:\Users\kevin\Desktop\JRT.txt
2015-02-07 12:11 - 2015-02-07 12:11 - 01388274 _____ (Thisisu) C:\Users\kevin\Desktop\JRT.exe
2015-02-07 12:08 - 2015-02-07 12:08 - 00010476 _____ () C:\Users\kevin\Desktop\AdwCleaner[S0].txt
2015-02-07 11:49 - 2015-02-07 11:57 - 00000000 ____D () C:\AdwCleaner
2015-02-07 11:47 - 2015-02-07 11:47 - 02112512 _____ () C:\Users\kevin\Desktop\AdwCleaner_4.110.exe
2015-02-07 11:46 - 2015-02-07 11:46 - 00001749 _____ () C:\Users\kevin\Desktop\mbam.txt.txt
2015-02-07 11:14 - 2015-02-07 17:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 11:13 - 2015-02-07 11:13 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-07 11:13 - 2015-02-07 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-07 11:13 - 2015-02-07 11:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-07 11:13 - 2015-02-07 11:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-07 11:13 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-07 11:13 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-07 11:13 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-07 11:10 - 2015-02-07 11:11 - 00000000 ____D () C:\Users\Bootsektor
2015-02-07 11:08 - 2015-02-07 11:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bootsektor\mbam-setup-2.0.4.1028.exe
2015-02-06 16:08 - 2015-02-06 16:08 - 00011556 _____ () C:\ComboFix.txt
2015-02-06 15:50 - 2015-02-06 16:08 - 00000000 ____D () C:\Qoobox
2015-02-06 15:50 - 2015-02-06 16:05 - 00000000 ____D () C:\Windows\erdnt
2015-02-06 15:50 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-06 15:50 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-06 15:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-06 15:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-06 15:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-06 15:50 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-06 15:50 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-06 15:50 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-06 15:38 - 2015-02-06 15:39 - 05611380 ____R (Swearware) C:\Users\kevin\Desktop\ComboFix.exe
2015-02-05 18:36 - 2015-02-05 18:36 - 00031736 _____ () C:\Users\kevin\Desktop\Addition.txt
2015-02-05 18:35 - 2015-02-07 19:39 - 00000000 ____D () C:\FRST
2015-02-05 18:34 - 2015-02-05 18:34 - 01123328 _____ (Farbar) C:\Users\kevin\Desktop\FRST.exe
2015-02-04 13:20 - 2015-02-04 13:20 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2015-02-04 12:32 - 2015-02-07 11:37 - 00008350 _____ () C:\Windows\PFRO.log
2015-02-04 00:03 - 2015-02-05 17:03 - 00000135 _____ () C:\Users\kevin\AppData\Roaming\WB.CFG
2015-02-03 23:06 - 2015-02-04 14:15 - 00000000 ____D () C:\Users\kevin\Documents\PCSX2
2015-02-03 23:02 - 2015-02-05 10:32 - 00000000 ____D () C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce
2015-02-01 10:57 - 2015-02-06 16:08 - 00000000 ____D () C:\Users\Public
2015-02-01 10:42 - 2015-02-01 10:42 - 00000247 _____ () C:\Windows\system32\2015-02-01-09-42-12.007-aswFe.exe-264.log
2015-02-01 10:42 - 2015-02-01 10:42 - 00000197 _____ () C:\Windows\system32\2015-02-01-09-42-03.089-AvastVBoxSVC.exe-1424.log
2015-01-31 14:14 - 2015-01-31 14:14 - 00000827 _____ () C:\Users\kevin\Desktop\Hearthstone.lnk
2015-01-31 14:14 - 2015-01-31 14:14 - 00000825 _____ () C:\Windows\system32\Hearthstone.lnk
2015-01-31 14:14 - 2015-01-31 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-01-31 13:59 - 2015-01-31 13:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-29 17:36 - 2015-01-29 17:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-26 16:17 - 2015-01-26 16:17 - 00000209 _____ () C:\Users\kevin\Desktop\Nosgoth.url
2015-01-24 15:53 - 2015-01-24 15:53 - 00000000 ____D () C:\Users\kevin\Documents\Square Enix
2015-01-24 15:37 - 2015-01-24 15:37 - 00000208 _____ () C:\Users\kevin\Desktop\FINAL FANTASY VIII.url
2015-01-22 19:13 - 2015-01-22 19:13 - 00001711 _____ () C:\Users\kevin\Desktop\Spotify.lnk
2015-01-22 19:13 - 2015-01-22 19:13 - 00001697 _____ () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-01-22 19:12 - 2015-02-07 19:02 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Spotify
2015-01-22 19:11 - 2015-01-22 19:11 - 00137888 _____ (Spotify Ltd) C:\Users\kevin\Downloads\SpotifySetup.exe
2015-01-18 10:15 - 2015-01-18 10:15 - 00000247 _____ () C:\Windows\system32\2015-01-18-09-15-24.079-aswFe.exe-5952.log
2015-01-18 09:46 - 2015-01-18 10:14 - 00000247 _____ () C:\Windows\system32\2015-01-18-08-46-54.065-aswFe.exe-3904.log
2015-01-18 09:45 - 2015-01-18 09:45 - 00000197 _____ () C:\Windows\system32\2015-01-18-08-45-50.016-AvastVBoxSVC.exe-3764.log
2015-01-18 09:25 - 2015-01-18 09:26 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-18 02:24 - 2015-01-18 02:24 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-18 02:24 - 2015-01-18 02:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-14 18:05 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 18:00 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 18:00 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 18:00 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 18:00 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 19:28 - 2013-02-02 09:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-07 19:09 - 2013-03-27 08:29 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 19:08 - 2008-01-21 02:37 - 01615875 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 19:02 - 2013-01-04 18:43 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-459672416-1117457801-2427277308-1000UA.job
2015-02-07 18:32 - 2006-11-02 13:46 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-07 18:32 - 2006-11-02 13:46 - 00004576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-07 16:00 - 2013-01-04 18:43 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-459672416-1117457801-2427277308-1000Core.job
2015-02-07 14:15 - 2011-02-13 00:15 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-02-07 13:26 - 2013-03-26 15:19 - 00000000 ____D () C:\Program Files\SpeedFan
2015-02-07 12:48 - 2013-12-26 00:04 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-02-07 12:48 - 2013-03-27 08:29 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 12:32 - 2006-11-02 14:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 12:30 - 2006-11-02 14:00 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-06 19:37 - 2014-10-11 17:21 - 00000000 ____D () C:\Users\kevin\Downloads\up95
2015-02-06 16:13 - 2011-02-12 22:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-06 16:08 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-02-06 16:04 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 18:28 - 2013-01-04 13:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 18:28 - 2013-01-04 13:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 18:24 - 2006-11-02 13:46 - 00257200 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-04 15:52 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-04 13:51 - 2008-01-21 09:24 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 12:41 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-02-04 00:30 - 2013-12-26 00:04 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-02-03 23:16 - 2013-01-04 18:44 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-03 23:05 - 2011-06-13 17:09 - 00000000 ____D () C:\Windows\system32\directx
2015-02-03 09:09 - 2013-12-26 00:04 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-02 13:09 - 2013-03-14 15:33 - 00000000 ____D () C:\Users\kevin\AppData\Roaming\vlc
2015-02-01 00:44 - 2013-12-26 00:04 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-01-31 14:14 - 2011-03-16 07:45 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2015-01-31 14:01 - 2011-03-18 20:06 - 00000000 ____D () C:\Users\kevin\Documents\My Games
2015-01-31 14:01 - 2011-02-12 22:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-30 05:50 - 2011-03-07 15:55 - 00000000 ____D () C:\Windows\Minidump
2015-01-30 05:45 - 2011-07-17 20:04 - 00000000 ____D () C:\Users\kevin\Documents\Schule
2015-01-30 05:44 - 2011-02-12 17:51 - 00000000 ____D () C:\Users\kevin
2015-01-30 03:47 - 2012-05-02 19:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-29 17:39 - 2014-10-05 03:22 - 00000000 ____D () C:\Users\kevin\Downloads\a
2015-01-29 17:39 - 2014-09-17 13:10 - 00000000 ____D () C:\Users\kevin\Downloads\o
2015-01-18 14:10 - 2011-07-22 18:58 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2015-01-18 02:24 - 2014-05-18 10:58 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-18 02:24 - 2013-08-07 10:14 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-18 02:24 - 2013-08-07 10:14 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-18 02:24 - 2013-08-07 10:14 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-18 02:24 - 2013-08-07 10:14 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-18 02:24 - 2013-08-07 10:14 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-01-18 02:24 - 2013-08-07 10:14 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2015-01-18 02:24 - 2013-08-07 10:14 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-14 18:05 - 2013-07-15 21:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 18:00 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2011-08-28 13:43 - 2013-10-12 07:29 - 0138904 _____ () C:\Users\kevin\AppData\Roaming\PnkBstrK.sys
2015-02-04 00:03 - 2015-02-05 17:03 - 0000135 _____ () C:\Users\kevin\AppData\Roaming\WB.CFG
2011-02-12 17:51 - 2015-02-04 13:58 - 0002032 _____ () C:\Users\kevin\AppData\Local\d3d9caps.dat
2011-02-12 22:18 - 2013-08-22 10:11 - 0035840 _____ () C:\Users\kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-05 17:03 - 2015-02-05 17:03 - 0234679 _____ () C:\Users\kevin\AppData\Local\dsi1.dat
2015-02-05 17:03 - 2015-02-05 17:03 - 0161916 _____ () C:\Users\kevin\AppData\Local\dsi2.dat
2014-06-24 12:18 - 2014-06-24 12:18 - 0000000 _____ () C:\Users\kevin\AppData\Local\{88BB463B-B4AE-4148-AE87-5345170CB1C6}

Files to move or delete:
====================
C:\Users\Bootsektor\mbam-setup-2.0.4.1028.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-07 12:47

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---



Das problem mit dem weißen Bildschirm wurde auf jeden fall behoben, allerdings hat mein Avast virenalarm gegeben als ich FRST geöffnet habe und es sich updaten wollte, weiß nicht ob das normal ist :dummguck:

schrauber 08.02.2015 11:26
Fehlalarm von Avast.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
D:\emulator\gba\visualboy-advance-1-7-2.exe
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

azarak 08.02.2015 16:08
Mir ist der fixlog leider verloren gegangen, da ich mit Delfix alles bereinigt habe(war mir sicher, dass ich den fixlog vorher kopiert habe..stimmte dann allerdings leider nicht :/) Das Problem mit den Viren hat sich jedoch erledigt, denke ich.

Mir sind aber 2 Sachen aufgefallen, bei denen ich mir aber nicht sicher bin inwiefern sie jetzt mit der sache zu tun haben.
Zum einen kann ich unter den Systemsteuerungen nicht mehr auf den Windows Defender gehen(es kommt immer eine fehlermeldung, wenn ich es anklicke). Bin mir allerdings nicht sicher ob mich das jetzt stören sollte oder nicht und ob ich den überhaupt brauche.

Außerdem werden mir irgendwie meine fotos nicht mehr in der Fotogalerie angezeigt.Ich kann die Bilder zwar öffnen aber dann steht da nur "Fotogalerie kann dieses Bild nicht öffnen, da Sie keine zugriffsberechtigung für den Dateispeicherort besitzen"-Der Dateispeicherort ist da jedoch eigentlich egal, es werden mir weder bilder angezeigt die auf dem desktop sind noch in irgendwelchen ordnern.
Vielleicht weißt du ja auch was da zu tun ist, und ob das was mit den ganzen scans zu tun hat.


Wollte mich aber auf jeden fall schonmal für die virenhilfe bedanken :dankeschoen:

schrauber 08.02.2015 18:21
hi,

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



azarak 08.02.2015 18:50
Code:
Farbar Service Scanner Version: 17-01-2015
Ran by kevin (administrator) on 08-02-2015 at 18:48:47
Running from "C:\Users\kevin\Desktop"
Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

schrauber 08.02.2015 18:52
http://download.bleepingcomputer.com.../WinDefend.reg
Auf dem Desktop speichern und ausführen, erlauben.

azarak 08.02.2015 19:09
ok, habe ich gemacht.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:10 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131