Windows 7-64bit: Computer bootet nicht nach Schädlingsbefall.

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c211eaba87f6a24db1fc8bee06e968c7
# engine=22524
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-18 09:09:01
# local_time=2015-02-18 10:09:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777214 71 91 3091046 28582622 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 2415761 175880391 0 0
# scanned=156230
# found=0
# cleaned=0
# scan_time=4778
         

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Alex-Admin (administrator) on MAMA on 18-02-2015 14:58:25
Running from C:\Users\Alex-Admin\Desktop
Loaded Profiles: Alex-Admin (Available profiles: Doris & Alex-Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-09] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-09] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-13] (AVAST Software)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S2].txt [1094 2015-02-17] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1267150517-396084267-1204150811-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\..\Interfaces\{9EA7D31E-8498-425F-8BA1-B7353D866F8F}: [NameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default
FF SelectedSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-23]
FF Extension: Adblock Plus - C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-24]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-13] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-13] (Avast Software)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-16] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-16] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-16] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-13] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-16] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-16] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-16] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-09-03] ()
S1 HWiNFO32; C:\Program Files\HWiNFO64\HWiNFO64A.SYS [30080 2011-09-22] (REALiX(tm))
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-09-03] ()
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-13] (Avast Software)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-15] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 14:55 - 2015-02-18 14:55 - 00852594 _____ () C:\Users\Alex-Admin\Desktop\SecurityCheck.exe
2015-02-18 08:45 - 2015-02-18 08:45 - 02347384 _____ (ESET) C:\Users\Alex-Admin\Downloads\esetsmartinstaller_deu.exe
2015-02-18 08:45 - 2015-02-18 08:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-17 18:41 - 2015-02-17 18:41 - 00000000 ____D () C:\Users\Alex-Admin\Desktop\FRST-OlderVersion
2015-02-17 18:40 - 2015-02-17 18:40 - 00001042 _____ () C:\Users\Alex-Admin\Desktop\JRT.txt
2015-02-17 18:32 - 2015-02-17 18:32 - 01388274 _____ (Thisisu) C:\Users\Alex-Admin\Desktop\JRT.exe
2015-02-17 18:31 - 2015-02-17 18:31 - 02112512 _____ () C:\Users\Alex-Admin\Desktop\AdwCleaner_4.110.exe
2015-02-17 18:30 - 2015-02-17 18:30 - 00001206 _____ () C:\Users\Alex-Admin\Desktop\mbam.txt
2015-02-17 09:32 - 2015-02-17 09:32 - 00020389 _____ () C:\ComboFix.txt
2015-02-17 09:21 - 2015-02-17 09:32 - 00000000 ____D () C:\Qoobox
2015-02-17 09:21 - 2015-02-17 09:30 - 00000000 ____D () C:\windows\erdnt
2015-02-17 09:21 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-17 09:21 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-17 09:21 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-17 09:17 - 2015-02-17 09:17 - 05611903 ____R (Swearware) C:\Users\Alex-Admin\Desktop\ComboFix.exe
2015-02-16 12:28 - 2015-02-16 12:28 - 00000197 _____ () C:\windows\system32\2015-02-16-11-28-28.089-AvastVBoxSVC.exe-3012.log
2015-02-15 17:44 - 2015-02-15 17:44 - 00000547 _____ () C:\Users\Alex-Admin\Desktop\Gmer.txt
2015-02-15 17:30 - 2015-02-15 17:30 - 00380416 _____ () C:\Users\Alex-Admin\Desktop\o8x24qnl.exe
2015-02-15 17:25 - 2015-02-15 17:25 - 00027870 _____ () C:\Users\Alex-Admin\Desktop\Addition.txt
2015-02-15 17:24 - 2015-02-18 14:58 - 00006786 _____ () C:\Users\Alex-Admin\Desktop\FRST.txt
2015-02-15 17:24 - 2015-02-18 14:58 - 00000000 ____D () C:\FRST
2015-02-15 17:23 - 2015-02-17 18:41 - 02085888 _____ (Farbar) C:\Users\Alex-Admin\Desktop\FRST64.exe
2015-02-15 17:18 - 2015-02-15 17:19 - 00000482 _____ () C:\Users\Alex-Admin\Downloads\defogger_disable.log
2015-02-15 17:18 - 2015-02-15 17:18 - 00000000 _____ () C:\Users\Alex-Admin\defogger_reenable
2015-02-15 17:17 - 2015-02-15 17:17 - 00050477 _____ () C:\Users\Alex-Admin\Downloads\Defogger.exe
2015-02-15 17:05 - 2015-02-15 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 18:40 - 2015-01-21 18:40 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 18:40 - 2015-01-21 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 18:38 - 2015-01-21 18:39 - 30431144 _____ (Oracle Corporation) C:\Users\Doris\Downloads\jre-8u31-windows-i586.exe
2015-01-21 18:29 - 2015-01-21 18:29 - 00000197 _____ () C:\windows\system32\2015-01-21-17-29-41.069-AvastVBoxSVC.exe-2788.log
2015-01-21 12:01 - 2015-01-21 12:02 - 00000197 _____ () C:\windows\system32\2015-01-21-11-01-55.037-AvastVBoxSVC.exe-4400.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 08:26 - 2011-11-08 19:25 - 00700118 _____ () C:\windows\system32\perfh007.dat
2015-02-18 08:26 - 2011-11-08 19:25 - 00149968 _____ () C:\windows\system32\perfc007.dat
2015-02-18 08:26 - 2009-07-14 06:13 - 01622228 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-18 08:23 - 2011-11-09 04:24 - 00078969 _____ () C:\windows\system32\fastboot.set
2015-02-18 08:21 - 2015-01-14 14:22 - 00053043 _____ () C:\FaceProv.log
2015-02-18 08:21 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-18 08:20 - 2015-01-14 16:24 - 00000504 _____ () C:\windows\setupact.log
2015-02-17 18:38 - 2014-08-28 16:25 - 00000000 ____D () C:\AdwCleaner
2015-02-17 18:34 - 2014-11-16 17:10 - 00002622 _____ () C:\Users\Alex-Admin\Desktop\AdwCleaner[R2].txt
2015-02-17 18:10 - 2015-01-14 11:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 18:01 - 2015-01-14 16:24 - 00003372 _____ () C:\windows\PFRO.log
2015-02-17 09:29 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-02-16 12:30 - 2014-08-29 14:29 - 01526813 _____ () C:\windows\WindowsUpdate.log
2015-02-16 12:30 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 12:30 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 12:29 - 2015-01-14 17:14 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-16 12:28 - 2014-03-24 15:32 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-02-15 17:18 - 2011-12-07 22:19 - 00000000 ____D () C:\Users\Alex-Admin
2015-01-21 20:16 - 2014-08-28 16:14 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 19:16 - 2014-08-28 16:14 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-21 19:16 - 2014-08-28 16:14 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 19:16 - 2014-08-28 16:14 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-21 18:40 - 2014-08-28 16:13 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 18:39 - 2013-02-21 14:40 - 00000000 ____D () C:\Program Files (x86)\Java

==================== Files in the root of some directories =======

2012-12-01 18:05 - 2012-12-01 18:05 - 0000017 _____ () C:\Users\Alex-Admin\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Alex-Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Alex-Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 16:54

==================== End Of Log ============================
         

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c211eaba87f6a24db1fc8bee06e968c7
# engine=22524
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-18 09:09:01
# local_time=2015-02-18 10:09:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777214 71 91 3091046 28582622 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 2415761 175880391 0 0
# scanned=156230
# found=0
# cleaned=0
# scan_time=4778
         

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Alex-Admin (administrator) on MAMA on 18-02-2015 14:58:25
Running from C:\Users\Alex-Admin\Desktop
Loaded Profiles: Alex-Admin (Available profiles: Doris & Alex-Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-09] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-09] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-13] (AVAST Software)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S2].txt [1094 2015-02-17] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1267150517-396084267-1204150811-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\..\Interfaces\{9EA7D31E-8498-425F-8BA1-B7353D866F8F}: [NameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default
FF SelectedSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-23]
FF Extension: Adblock Plus - C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-24]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-13] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-13] (Avast Software)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-16] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-16] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-16] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-13] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-16] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-16] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-16] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-09-03] ()
S1 HWiNFO32; C:\Program Files\HWiNFO64\HWiNFO64A.SYS [30080 2011-09-22] (REALiX(tm))
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-09-03] ()
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-13] (Avast Software)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-15] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 14:55 - 2015-02-18 14:55 - 00852594 _____ () C:\Users\Alex-Admin\Desktop\SecurityCheck.exe
2015-02-18 08:45 - 2015-02-18 08:45 - 02347384 _____ (ESET) C:\Users\Alex-Admin\Downloads\esetsmartinstaller_deu.exe
2015-02-18 08:45 - 2015-02-18 08:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-17 18:41 - 2015-02-17 18:41 - 00000000 ____D () C:\Users\Alex-Admin\Desktop\FRST-OlderVersion
2015-02-17 18:40 - 2015-02-17 18:40 - 00001042 _____ () C:\Users\Alex-Admin\Desktop\JRT.txt
2015-02-17 18:32 - 2015-02-17 18:32 - 01388274 _____ (Thisisu) C:\Users\Alex-Admin\Desktop\JRT.exe
2015-02-17 18:31 - 2015-02-17 18:31 - 02112512 _____ () C:\Users\Alex-Admin\Desktop\AdwCleaner_4.110.exe
2015-02-17 18:30 - 2015-02-17 18:30 - 00001206 _____ () C:\Users\Alex-Admin\Desktop\mbam.txt
2015-02-17 09:32 - 2015-02-17 09:32 - 00020389 _____ () C:\ComboFix.txt
2015-02-17 09:21 - 2015-02-17 09:32 - 00000000 ____D () C:\Qoobox
2015-02-17 09:21 - 2015-02-17 09:30 - 00000000 ____D () C:\windows\erdnt
2015-02-17 09:21 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-17 09:21 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-17 09:21 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-17 09:17 - 2015-02-17 09:17 - 05611903 ____R (Swearware) C:\Users\Alex-Admin\Desktop\ComboFix.exe
2015-02-16 12:28 - 2015-02-16 12:28 - 00000197 _____ () C:\windows\system32\2015-02-16-11-28-28.089-AvastVBoxSVC.exe-3012.log
2015-02-15 17:44 - 2015-02-15 17:44 - 00000547 _____ () C:\Users\Alex-Admin\Desktop\Gmer.txt
2015-02-15 17:30 - 2015-02-15 17:30 - 00380416 _____ () C:\Users\Alex-Admin\Desktop\o8x24qnl.exe
2015-02-15 17:25 - 2015-02-15 17:25 - 00027870 _____ () C:\Users\Alex-Admin\Desktop\Addition.txt
2015-02-15 17:24 - 2015-02-18 14:58 - 00006786 _____ () C:\Users\Alex-Admin\Desktop\FRST.txt
2015-02-15 17:24 - 2015-02-18 14:58 - 00000000 ____D () C:\FRST
2015-02-15 17:23 - 2015-02-17 18:41 - 02085888 _____ (Farbar) C:\Users\Alex-Admin\Desktop\FRST64.exe
2015-02-15 17:18 - 2015-02-15 17:19 - 00000482 _____ () C:\Users\Alex-Admin\Downloads\defogger_disable.log
2015-02-15 17:18 - 2015-02-15 17:18 - 00000000 _____ () C:\Users\Alex-Admin\defogger_reenable
2015-02-15 17:17 - 2015-02-15 17:17 - 00050477 _____ () C:\Users\Alex-Admin\Downloads\Defogger.exe
2015-02-15 17:05 - 2015-02-15 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 18:40 - 2015-01-21 18:40 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 18:40 - 2015-01-21 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 18:38 - 2015-01-21 18:39 - 30431144 _____ (Oracle Corporation) C:\Users\Doris\Downloads\jre-8u31-windows-i586.exe
2015-01-21 18:29 - 2015-01-21 18:29 - 00000197 _____ () C:\windows\system32\2015-01-21-17-29-41.069-AvastVBoxSVC.exe-2788.log
2015-01-21 12:01 - 2015-01-21 12:02 - 00000197 _____ () C:\windows\system32\2015-01-21-11-01-55.037-AvastVBoxSVC.exe-4400.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 08:26 - 2011-11-08 19:25 - 00700118 _____ () C:\windows\system32\perfh007.dat
2015-02-18 08:26 - 2011-11-08 19:25 - 00149968 _____ () C:\windows\system32\perfc007.dat
2015-02-18 08:26 - 2009-07-14 06:13 - 01622228 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-18 08:23 - 2011-11-09 04:24 - 00078969 _____ () C:\windows\system32\fastboot.set
2015-02-18 08:21 - 2015-01-14 14:22 - 00053043 _____ () C:\FaceProv.log
2015-02-18 08:21 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-18 08:20 - 2015-01-14 16:24 - 00000504 _____ () C:\windows\setupact.log
2015-02-17 18:38 - 2014-08-28 16:25 - 00000000 ____D () C:\AdwCleaner
2015-02-17 18:34 - 2014-11-16 17:10 - 00002622 _____ () C:\Users\Alex-Admin\Desktop\AdwCleaner[R2].txt
2015-02-17 18:10 - 2015-01-14 11:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 18:01 - 2015-01-14 16:24 - 00003372 _____ () C:\windows\PFRO.log
2015-02-17 09:29 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-02-16 12:30 - 2014-08-29 14:29 - 01526813 _____ () C:\windows\WindowsUpdate.log
2015-02-16 12:30 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 12:30 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 12:29 - 2015-01-14 17:14 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-16 12:28 - 2014-03-24 15:32 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-02-15 17:18 - 2011-12-07 22:19 - 00000000 ____D () C:\Users\Alex-Admin
2015-01-21 20:16 - 2014-08-28 16:14 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 19:16 - 2014-08-28 16:14 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-21 19:16 - 2014-08-28 16:14 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 19:16 - 2014-08-28 16:14 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-21 18:40 - 2014-08-28 16:13 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 18:39 - 2013-02-21 14:40 - 00000000 ____D () C:\Program Files (x86)\Java

==================== Files in the root of some directories =======

2012-12-01 18:05 - 2012-12-01 18:05 - 0000017 _____ () C:\Users\Alex-Admin\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Alex-Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Alex-Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 16:54

==================== End Of Log ============================
         

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c211eaba87f6a24db1fc8bee06e968c7
# engine=22524
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-18 09:09:01
# local_time=2015-02-18 10:09:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777214 71 91 3091046 28582622 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 2415761 175880391 0 0
# scanned=156230
# found=0
# cleaned=0
# scan_time=4778
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c211eaba87f6a24db1fc8bee06e968c7
# engine=22530
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-18 03:20:49
# local_time=2015-02-18 04:20:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777214 71 91 3109754 28604930 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 2434469 175902699 0 0
# scanned=156269
# found=0
# cleaned=0
# scan_time=4630