| stojan87 | 16.10.2014 19:52 |
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by mile (administrator) on WOHNZIMMER on 16-10-2014 20:41:53
Running from C:\Users\mile\Downloads
Loaded Profile: mile (Available profiles: mile & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
() C:\Program Files (x86)\PHotkey\KeyboardMonitorTool.exe
() C:\Program Files (x86)\PHotkey\Dolbyosd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(BitTorrent, Inc.) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-30] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\Run: [Steam] => D:\Deus Ex\Steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-08-30] (Electronic Arts)
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\Run: [BitTorrent Sync] => C:\Program Files (x86)\BitTorrent Sync\BTSync.exe [3025512 2014-08-03] (BitTorrent, Inc.)
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\MountPoints2: {7259114e-fefa-11e3-82b7-a088694b1bb1} - "G:\Setup.exe"
HKU\S-1-5-21-2381112249-3170544233-3973733542-1001\...\MountPoints2: {ea412ba8-1b09-11e4-82bc-a088694b1bb1} - "F:\Launch.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1411297458&from=ild&uid=HGSTXHTS545050A7E680_TM8514GL0VBLYP0VBLYPX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {0DED61CF-1520-4CCC-A1CC-673981B1D725} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: TheHDvid-Codec V10 -> {11111111-1111-1111-1111-110611331115} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: TheHDvid-Codec V10 -> {11111111-1111-1111-1111-110611331115} -> C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bho.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: about:home
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\user.js
FF SearchPlugin: C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: zonealarm.com - C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\Extensions\ffxtlbr@zonealarm.com [2014-09-30]
FF Extension: Adblock Plus - C:\Users\mile\AppData\Roaming\Mozilla\Firefox\Profiles\ih8apug2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-30]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR Profile: C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-06]
CHR Extension: (Google Docs) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-06]
CHR Extension: (Google Drive) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-06]
CHR Extension: (YouTube) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-06]
CHR Extension: (TheHDvid-Codec V10) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-06]
CHR Extension: (Google-Suche) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-06]
CHR Extension: (Google Tabellen) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-06]
CHR Extension: (avast! Online Security) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-06]
CHR Extension: (Google Wallet) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-06]
CHR Extension: (Google Mail) - C:\Users\mile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-30]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-30] (AVAST Software)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
S2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 PGFNEXSrv; C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe [136192 2014-03-04] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-20] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-30] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-08-03] (Disc Soft Ltd)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-01-22] (Intel Corporation)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2014-06-10] (Kaspersky Lab)
U5 klif; C:\Windows\System32\Drivers\klif.sys [490080 2014-06-10] (Kaspersky Lab ZAO)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3609568 2013-12-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation )
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [32024 2013-10-04] (Intel Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450456 2014-07-23] (Check Point Software Technologies Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\UBIOS\amifldrv64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 20:41 - 2014-10-16 20:42 - 00020298 _____ () C:\Users\mile\Downloads\FRST.txt
2014-10-16 20:41 - 2014-10-16 20:41 - 00000000 ____D () C:\FRST
2014-10-16 20:39 - 2014-10-16 20:40 - 02112000 _____ (Farbar) C:\Users\mile\Downloads\FRST64.exe
2014-10-16 14:13 - 2014-10-16 14:13 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WOHNZIMMER-Microsoft-Windows-8.1-(64-bit).dat
2014-10-16 14:13 - 2014-10-16 14:13 - 00000000 ____D () C:\RegBackup
2014-10-16 13:26 - 2014-10-16 13:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 13:26 - 2014-10-16 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-16 13:26 - 2014-10-16 13:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 13:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-16 13:26 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-16 11:59 - 2014-10-16 13:26 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-16 11:59 - 2014-10-16 13:26 - 00000000 ____D () C:\Users\mile\AppData\Roaming\Malwarebytes
2014-10-16 11:59 - 2014-10-16 13:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 11:59 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-16 10:25 - 2014-10-16 10:27 - 00000000 ____D () C:\Users\mile\Downloads\Tweaking.com - Windows Repair
2014-10-16 10:19 - 2014-10-16 10:25 - 03836936 _____ (Piriform Ltd) C:\Users\mile\Downloads\ccsetup418_slim.exe
2014-10-14 16:03 - 2014-10-14 16:03 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-10-14 16:03 - 2014-10-14 16:03 - 00000000 ____D () C:\Users\mile\AppData\Local\SWTORPerf
2014-10-14 16:02 - 2014-10-14 16:02 - 00019636 _____ () C:\Users\mile\Documents\Install STAR WARS The Old Republic.log
2014-10-14 16:02 - 2014-10-14 16:02 - 00000664 _____ () C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2014-10-14 16:02 - 2014-10-14 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2014-10-14 15:48 - 2014-10-14 16:01 - 29720272 _____ () C:\Users\mile\Downloads\SWTOR_setup.exe
2014-10-06 20:28 - 2014-10-06 20:28 - 00002236 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-10-06 20:28 - 2014-10-06 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-10-06 20:24 - 2014-10-16 20:37 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-06 20:24 - 2014-10-06 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-06 20:19 - 2014-10-16 20:37 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-06 20:19 - 2014-10-16 19:25 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-06 20:19 - 2014-10-06 20:28 - 00000000 ____D () C:\Users\mile\AppData\Local\Google
2014-10-06 20:19 - 2014-10-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-06 20:19 - 2014-10-06 20:19 - 00895120 _____ (Google Inc.) C:\Users\mile\Downloads\googleupdatesetup.exe
2014-10-06 20:19 - 2014-10-06 20:19 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-06 20:19 - 2014-10-06 20:19 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-05 18:25 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\mile\AppData\Local\Daedalic Entertainment
2014-10-05 12:03 - 2014-10-05 19:49 - 00015563 _____ () C:\Users\mile\Desktop\schreiben huk-coburg.odt
2014-09-30 20:22 - 2014-09-30 20:23 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-09-30 20:22 - 2014-09-30 20:22 - 00000778 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-09-30 20:22 - 2014-09-30 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-09-30 20:22 - 2014-06-10 15:44 - 07717984 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-09-30 20:22 - 2014-06-10 15:44 - 00490080 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-30 20:22 - 2014-06-10 15:44 - 00092768 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-30 20:21 - 2014-09-30 20:22 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-09-30 20:21 - 2014-09-30 20:21 - 00000000 ____D () C:\Users\mile\AppData\Roaming\Check Point Software Technologies LTD
2014-09-30 20:21 - 2014-09-30 20:21 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD
2014-09-30 20:20 - 2014-09-30 20:20 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-09-30 19:01 - 2014-09-30 19:01 - 00001986 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-30 19:01 - 2014-09-30 19:01 - 00000000 ____D () C:\Users\mile\AppData\Roaming\AVAST Software
2014-09-30 19:01 - 2014-09-30 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-30 19:00 - 2014-09-30 19:01 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-30 19:00 - 2014-09-30 19:00 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-30 19:00 - 2014-09-30 19:00 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-30 19:00 - 2014-09-30 19:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-30 19:00 - 2014-09-30 19:00 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-30 18:59 - 2014-09-30 18:59 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-30 18:57 - 2014-09-30 18:59 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-27 13:06 - 2014-10-05 19:58 - 00000000 ____D () C:\Users\mile\Desktop\Scans
2014-09-25 09:18 - 2014-09-25 09:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 18:26 - 2014-09-24 18:26 - 00003370 _____ () C:\Windows\System32\Tasks\{FBB99986-60A2-44C0-8CD6-DA48B0EE34D4}
2014-09-24 15:29 - 2014-09-24 15:29 - 00000000 ____D () C:\Users\mile\Documents\Telltale Games
2014-09-24 15:29 - 2014-09-24 15:29 - 00000000 ____D () C:\ProgramData\REVOLT
2014-09-22 21:56 - 2014-09-22 21:56 - 00000000 ____D () C:\ProgramData\Stardock
2014-09-21 13:06 - 2014-09-21 13:06 - 00000000 ____D () C:\Users\mile\AppData\Roaming\WebExtend
2014-09-21 13:05 - 2014-09-21 13:05 - 00004028 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-21 13:03 - 2014-10-16 14:12 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-21 13:03 - 2014-09-21 13:03 - 00000000 ____D () C:\Users\mile\AppData\Local\globalUpdate
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 20:42 - 2014-06-05 19:31 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2381112249-3170544233-3973733542-1001
2014-10-16 20:37 - 2014-08-03 17:27 - 00000000 ____D () C:\Users\mile\AppData\Roaming\BitTorrent Sync
2014-10-16 20:37 - 2014-06-05 19:30 - 00000000 __RDO () C:\Users\mile\OneDrive
2014-10-16 20:37 - 2014-03-07 19:28 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-10-16 20:05 - 2014-06-06 17:44 - 00000000 ____D () C:\Users\mile\AppData\Roaming\BitTorrent
2014-10-16 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-16 19:19 - 2014-06-13 20:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-16 19:02 - 2013-09-13 09:46 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-10-16 18:51 - 2014-06-05 19:31 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{128FAF8D-90C1-459B-9C03-C8E1F17A72A5}
2014-10-16 15:05 - 2014-02-27 17:28 - 00751874 _____ () C:\Windows\system32\perfh007.dat
2014-10-16 15:05 - 2014-02-27 17:28 - 00155350 _____ () C:\Windows\system32\perfc007.dat
2014-10-16 15:05 - 2013-09-12 13:00 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 15:01 - 2013-09-12 12:53 - 00132112 _____ () C:\Windows\PFRO.log
2014-10-16 15:01 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 15:01 - 2013-08-22 16:44 - 00381112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 15:00 - 2014-06-05 18:53 - 01802953 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 15:00 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-10-16 14:59 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-16 14:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-16 14:33 - 2014-07-20 11:33 - 00074240 ___SH () C:\Users\mile\Desktop\Thumbs.db
2014-10-16 14:32 - 2013-08-22 15:25 - 00000128 _____ () C:\Windows\win.ini
2014-10-15 10:03 - 2014-03-19 14:32 - 00000000 ____D () C:\Program Files (x86)\PHotkey
2014-10-14 16:02 - 2014-06-21 09:04 - 00000000 _____ () C:\END
2014-10-08 14:35 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\tracing
2014-10-05 13:03 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-02 12:37 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-30 19:26 - 2014-06-08 17:23 - 00001155 _____ () C:\Users\mile\Desktop\Mozillla Firefox.lnk
2014-09-30 19:26 - 2014-06-08 17:23 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-30 18:40 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-29 21:12 - 2014-06-08 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-22 21:56 - 2014-06-28 10:33 - 00000000 ____D () C:\Users\mile\Documents\My Games
2014-09-22 21:54 - 2013-09-13 09:14 - 00398922 _____ () C:\Windows\DirectX.log
2014-09-22 21:53 - 2014-03-17 04:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-21 13:04 - 2014-06-05 19:25 - 00001680 _____ () C:\Users\mile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-21 13:04 - 2014-03-07 19:34 - 00002667 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2014-09-21 13:04 - 2014-03-07 19:34 - 00002659 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2014-09-18 16:39 - 2014-09-04 11:16 - 00000000 ____D () C:\Users\mile\AppData\Roaming\HpUpdate
2014-09-16 22:30 - 2014-08-02 20:40 - 00001207 _____ () C:\Windows\setupact.log
2014-09-16 22:28 - 2013-08-22 22:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2014-09-16 22:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\setup
2014-09-16 22:28 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\oobe
Some content of TEMP:
====================
C:\Users\mile\AppData\Local\Temp\BRSVC_14373562_hlp.exe
C:\Users\mile\AppData\Local\Temp\_isFA16.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-13 16:15
==================== End Of Log ============================
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by mile at 2014-10-16 20:43:50
Running from C:\Users\mile\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.3.109 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Home Cinema 10 (x32 Version: 10.3025 - CyberLink Corp.) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.0.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3807_46074 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 4 (x32 Version: 4.0.4317.0 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.3202 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (Version: 11.0.0.3714 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.5426.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.0.3725a - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2527 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2527 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (x32 Version: 5.0.3318.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{6D7FCC52-8DDA-441C-849A-4BB7C7E3BF2E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM-x32\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel(R) PRO/Wireless Driver (Version: 16.08.0000.1031 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3366 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1050 - Intel Corporation) Hidden
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.14 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eff1d9d1-41fa-49ef-a986-082bfe49c293}) (Version: 16.8.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.00 - Electronic Arts, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0101 - Pegatron Corporation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{E1949FF0-9835-41AC-81E4-E6D9CDCBE49E}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
ZoneAlarm Antivirus (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKCU\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
16-10-2014 17:01:20 Removed Medieval II Total War
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2014-10-16 14:33 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01D9FC2B-65FA-47A9-9151-BB3A4CDF1ED2} - System32\Tasks\Lenovo\sysrun-29800 => C:\Users\ADMINI~1\AppData\Local\Temp\sysrun-29800.cmd <==== ATTENTION
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CD66C91-6B50-4394-A2CA-97F4480BCF1F} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {1145EDD0-FE43-4493-9DAA-23D730B2F70B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21744C6E-6B83-4166-8F25-4251ED905CA7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {26BDF6EE-04EB-4327-852A-32214EA4B1C0} - System32\Tasks\Lenovo\sysrun-20011 => C:\Users\mile\AppData\Local\Temp\sysrun-20011.cmd <==== ATTENTION
Task: {2BE9E703-6413-4390-BC08-E31AD0E0985C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {40FEA8A6-21F2-4181-AA9F-EC0A18021966} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {4406570E-9362-4E51-8E09-16D72D0B4649} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-30] (AVAST Software)
Task: {4642F576-7AF3-4B79-BC5C-B60AE1CA3E71} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-12] (Microsoft Corporation)
Task: {4954CC36-222B-41F7-9183-479B0DD893E7} - System32\Tasks\Lenovo\sysrun-14492 => C:\Users\ADMINI~1\AppData\Local\Temp\sysrun-14492.cmd <==== ATTENTION
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4DB5C0CA-A5D7-4D69-9B11-D128C887520B} - System32\Tasks\Lenovo\sysrun-29100 => C:\Users\mile\AppData\Local\Temp\sysrun-29100.cmd <==== ATTENTION
Task: {55E964B8-DB4A-4DD5-8681-C30229948D84} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {57E69D00-4563-4990-B292-B4B27F9CF994} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-09-09] (Dolby Laboratories Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6EFE1CBC-D85A-45AA-B3B9-D54C8390AC44} - System32\Tasks\Lenovo\sysrun-15256 => C:\Users\ADMINI~1\AppData\Local\Temp\sysrun-15256.cmd <==== ATTENTION
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7DE691AD-7C7C-46C5-9E1D-A6164ECA5C5D} - System32\Tasks\Lenovo\sysrun-24769 => C:\Users\ADMINI~1\AppData\Local\Temp\sysrun-24769.cmd <==== ATTENTION
Task: {820F46D4-D0BC-4808-941F-0A02AA4A897A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {984E3980-0718-4A77-9B34-3CD856F575D9} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {ADD56166-00FD-4DFD-9482-036D259A7D3E} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {BC8CE08F-8386-4D9C-8D4E-B6CCE8411325} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E29D9353-9844-405B-9D5E-F4B6E5747776} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EBB951BA-B4D4-4076-A35A-33416A5FA260} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {FA71E760-D2CA-47AE-8E2A-E0ACE66580C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-03-24 05:51 - 2014-03-04 18:58 - 00136192 _____ () C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe
2014-07-20 20:36 - 2014-07-20 20:58 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-27 18:13 - 2013-03-06 16:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-03-24 05:51 - 2014-03-14 18:41 - 02219520 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2014-03-24 05:51 - 2010-01-12 19:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2014-09-10 11:12 - 2014-09-10 11:12 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-03-24 05:51 - 2010-12-17 16:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2014-03-24 05:51 - 2010-01-12 19:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2013-09-09 15:13 - 2013-09-09 15:13 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-03-24 05:51 - 2014-03-22 15:09 - 02381312 _____ () C:\Program Files (x86)\PHotkey\KeyboardMonitorTool.exe
2014-03-24 05:51 - 2014-03-18 23:54 - 05644800 _____ () C:\Program Files (x86)\PHotkey\Dolbyosd.exe
2014-09-30 19:00 - 2014-09-30 19:00 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-16 10:26 - 2014-10-16 10:26 - 02874368 _____ () C:\Program Files\AVAST Software\Avast\defs\14101506\algo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-24 05:51 - 2009-12-18 17:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2014-03-24 05:51 - 2013-09-18 01:23 - 00108032 _____ () C:\Program Files (x86)\PHotkey\PGFNEX.dll
2014-09-25 09:18 - 2014-09-25 09:18 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-27 18:12 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-09-30 19:00 - 2014-09-30 19:00 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\mile\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKCU\...\StartupApproved\Run: => "EADM"
HKCU\...\StartupApproved\Run: => "Steam"
========================= Accounts: ==========================
Administrator (S-1-5-21-2381112249-3170544233-3973733542-500 - Administrator - Disabled)
Gast (S-1-5-21-2381112249-3170544233-3973733542-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2381112249-3170544233-3973733542-1003 - Limited - Enabled)
mile (S-1-5-21-2381112249-3170544233-3973733542-1001 - Administrator - Enabled) => C:\Users\mile
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/16/2014 06:48:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CLMSServer.exe, Version: 2.0.0.8731, Zeitstempel: 0x4d9440c5
Name des fehlerhaften Moduls: CLMediaServer.dll, Version: 2.0.0.8731, Zeitstempel: 0x4d94405f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000111e8
ID des fehlerhaften Prozesses: 0x5c0
Startzeit der fehlerhaften Anwendung: 0xCLMSServer.exe0
Pfad der fehlerhaften Anwendung: CLMSServer.exe1
Pfad des fehlerhaften Moduls: CLMSServer.exe2
Berichtskennung: CLMSServer.exe3
Vollständiger Name des fehlerhaften Pakets: CLMSServer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CLMSServer.exe5
Error: (10/16/2014 02:51:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WOHNZIMMER)
Description: Bei der Aktivierung der App „winstore_cw5n1h2txyewy!Windows.Store“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageModificationEvent" zu registrieren, deren Zielklasse "MSFT_StorageModificationEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageDepartureEvent" zu registrieren, deren Zielklasse "MSFT_StorageDepartureEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageArrivalEvent" zu registrieren, deren Zielklasse "MSFT_StorageArrivalEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageAlertEvent" zu registrieren, deren Zielklasse "MSFT_StorageAlertEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from MSFT_StorageModificationEvent" zu registrieren, deren Zielklasse "MSFT_StorageModificationEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from MSFT_StorageDepartureEvent" zu registrieren, deren Zielklasse "MSFT_StorageDepartureEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from MSFT_StorageArrivalEvent" zu registrieren, deren Zielklasse "MSFT_StorageArrivalEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from MSFT_StorageAlertEvent" zu registrieren, deren Zielklasse "MSFT_StorageAlertEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.
System errors:
=============
Error: (10/16/2014 06:49:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 10 MS Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/16/2014 03:01:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (10/16/2014 03:00:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (10/16/2014 03:00:35 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (10/16/2014 03:00:34 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (10/16/2014 02:43:14 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (10/16/2014 02:43:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (10/16/2014 02:33:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (10/16/2014 02:31:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (10/16/2014 02:30:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Microsoft Office Sessions:
=========================
Error: (10/16/2014 06:48:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CLMSServer.exe2.0.0.87314d9440c5CLMediaServer.dll2.0.0.87314d94405fc0000005000111e85c001cfe9414b20bd7aC:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exeC:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMediaServer.dll5302c973-5554-11e4-82db-a088694b1bb1
Error: (10/16/2014 02:51:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WOHNZIMMER)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927151
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: StorageWMIselect * from MSFT_StorageModificationEventMSFT_StorageModificationEvent//./root/Microsoft/Windows/Storage
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: StorageWMIselect * from MSFT_StorageDepartureEventMSFT_StorageDepartureEvent//./root/Microsoft/Windows/Storage
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: StorageWMIselect * from MSFT_StorageArrivalEventMSFT_StorageArrivalEvent//./root/Microsoft/Windows/Storage
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: StorageWMIselect * from MSFT_StorageAlertEventMSFT_StorageAlertEvent//./root/Microsoft/Windows/Storage
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: select * from MSFT_StorageModificationEventMSFT_StorageModificationEvent//./root/Microsoft/Windows/Storage
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: select * from MSFT_StorageDepartureEventMSFT_StorageDepartureEvent//./root/Microsoft/Windows/Storage
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: select * from MSFT_StorageArrivalEventMSFT_StorageArrivalEvent//./root/Microsoft/Windows/Storage
Error: (10/16/2014 02:30:05 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: select * from MSFT_StorageAlertEventMSFT_StorageAlertEvent//./root/Microsoft/Windows/Storage
CodeIntegrity Errors:
===================================
Date: 2014-10-16 15:01:32.040
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz
Percentage of memory in use: 47%
Total physical RAM: 3986.59 MB
Available physical RAM: 2108.49 MB
Total Pagefile: 4690.59 MB
Available Pagefile: 2690.04 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:56.53 GB) (Free:13.69 GB) NTFS
Drive d: (Data) (Fixed) (Total:405 GB) (Free:369.66 GB) NTFS
Drive e: (Recover) (Fixed) (Total:60.76 GB) (Free:45.77 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 357EA403)
Partition 1: (Not Active) - (Size=405 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 58.3 GB) (Disk ID: A53D5356)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
AdwCleaner auf deinen Desktop.
SecurityCheck und:
