Trojaner-Board
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Startmenü aktualiesiert - Virus? (https://www.trojaner-board.de/165083-startmenue-aktualiesiert-virus.html)

cosinus 21.03.2015 14:44
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:
    Host App Service
    Start Menu
  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 

Teron821 21.03.2015 14:54
Liste der Anhänge anzeigen (Anzahl: 1)
Hmmm Start Menu habe ich gefunden aber den Host app Sevice nicht
Und außerdem ist da so ein Fenster. (Anhang)
Abrechen

Teron821 21.03.2015 14:55
*Abrechen?

cosinus 21.03.2015 15:11
Wieso abbrechen?? Dann deinstallierst du eben nur das eine über revo...

Teron821 21.03.2015 15:18
ok und dann?

Teron821 21.03.2015 15:47
Liste der Anhänge anzeigen (Anzahl: 1)
Fenster hat namen gewechselt : PC App Store aktualisiert

cosinus 21.03.2015 16:33
Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Teron821 21.03.2015 16:45
is das killen avira über den TM ok?

cosinus 21.03.2015 17:04
Wrum so kompliziert, jeder Virenscanner lässt sich sich über seine Oberfläche deaktivieren...Avira Regenschirm Symbol im Systray

Teron821 22.03.2015 14:15
AdwCleaner:
Code:
# AdwCleaner v4.112 - Bericht erstellt 21/03/2015 um 17:19:12
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : MeinAdmin - BAERENFROSCH
# Gestarted von : C:\Users\Leo\Desktop\AdwCleaner_4.112(1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v41.0.2272.101


*************************

AdwCleaner[R0].txt - [818 Bytes] - [21/03/2015 16:51:01]
AdwCleaner[R1].txt - [876 Bytes] - [21/03/2015 17:11:21]
AdwCleaner[S0].txt - [801 Bytes] - [21/03/2015 17:19:12]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [859  Bytes] ##########
Code:
c~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 8.1 x64
Ran by MeinAdmin on 22.03.2015 at 13:16:54,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.03.2015 at 13:23:30,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by MeinAdmin (administrator) on BAERENFROSCH on 22-03-2015 13:44:28
Running from C:\Users\Leo\Desktop
Loaded Profiles: Leo & MeinAdmin (Available profiles: Admin & Mama & Leo & MeinAdmin)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Mozilla Corporation) C:\Users\Leo\AppData\Local\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-03-10] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-04-22] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-10-31] (LogMeIn, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-04] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKU\S-1-5-21-514103404-2733609734-414756415-1006\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-514103404-2733609734-414756415-1008\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S1].txt [1061 2015-03-21] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-514103404-2733609734-414756415-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-514103404-2733609734-414756415-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-514103404-2733609734-414756415-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-514103404-2733609734-414756415-1008\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-514103404-2733609734-414756415-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
SearchScopes: HKLM -> {9CBE1607-B466-40F4-AB15-F6965BEA20A1} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {9CBE1607-B466-40F4-AB15-F6965BEA20A1} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-514103404-2733609734-414756415-1006 -> {9CBE1607-B466-40F4-AB15-F6965BEA20A1} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-514103404-2733609734-414756415-1008 -> {9CBE1607-B466-40F4-AB15-F6965BEA20A1} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-01-10] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-10] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-22] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-10] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
StartMenuInternet: FIREFOX.EXE - C:\Users\Leo\AppData\Local\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-21] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2015-01-23] ()
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed]
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-04] (Hewlett-Packard Development Company, L.P.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-10-31] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-10-31] (LogMeIn, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-01] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-22] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-02-17] (LogMeIn Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-10-31] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-06] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3379416 2014-03-22] (Realtek Semiconductor Corporation                          )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-04-22] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-22] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pftDAE8.tmp\amifldrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 13:40 - 2015-03-22 13:40 - 00000619 _____ () C:\Users\MeinAdmin\Desktop\JRT2.txt
2015-03-22 13:23 - 2015-03-22 13:23 - 00000618 _____ () C:\Users\MeinAdmin\Desktop\JRT.txt
2015-03-21 18:28 - 2015-03-21 18:28 - 00000619 _____ () C:\Users\MeinAdmin\Documents\JRT.txt
2015-03-21 18:07 - 2015-03-21 18:07 - 01388672 _____ (Thisisu) C:\Users\Leo\Desktop\JRT.exe
2015-03-21 16:50 - 2015-03-21 17:42 - 00000000 ____D () C:\AdwCleaner
2015-03-21 16:49 - 2015-03-21 16:49 - 02171392 _____ () C:\Users\Leo\Desktop\AdwCleaner_4.112(1).exe
2015-03-21 15:17 - 2015-03-21 15:17 - 00000000 ____D () C:\Users\Public\Pokki
2015-03-21 14:47 - 2015-03-21 14:47 - 00001287 _____ () C:\Users\MeinAdmin\Desktop\Revo Uninstaller.lnk
2015-03-21 14:47 - 2015-03-21 14:47 - 00000000 __SHD () C:\Users\MeinAdmin\AppData\Local\EmieBrowserModeList
2015-03-21 14:47 - 2015-03-21 14:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-21 14:46 - 2015-03-21 14:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Leo\Downloads\revosetup95.exe
2015-03-21 14:39 - 2015-03-21 14:40 - 00029214 _____ () C:\Users\Leo\Desktop\Addition.txt
2015-03-21 14:12 - 2015-03-21 14:13 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Leo\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-21 14:11 - 2015-03-21 14:11 - 02171392 _____ () C:\Users\Leo\Downloads\adwcleaner_4.112.exe
2015-03-21 13:59 - 2015-03-21 14:00 - 00000000 ____D () C:\Users\Leo\AppData\Local\Mozilla Firefox
2015-03-21 13:44 - 2015-03-22 13:44 - 00017619 _____ () C:\Users\Leo\Desktop\FRST.txt
2015-03-21 13:44 - 2015-03-22 13:44 - 00000000 ____D () C:\FRST
2015-03-21 13:42 - 2015-03-21 13:42 - 02095616 _____ (Farbar) C:\Users\Leo\Desktop\FRST64.exe
2015-03-21 13:37 - 2015-03-21 13:37 - 00001418 _____ () C:\Users\Leo\Desktop\Events.txt
2015-03-12 02:00 - 2015-03-12 02:00 - 00002813 _____ () C:\Users\Leo\AppData\Local\recently-used.xbel
2015-03-06 13:33 - 2015-03-06 13:34 - 02574000 _____ () C:\Users\Leo\Downloads\castle1.bsp
2015-03-06 10:37 - 2015-03-06 10:37 - 06758533 _____ () C:\Users\Leo\Downloads\KAS_0.4.10.zip
2015-03-06 10:34 - 2015-03-06 10:34 - 00043889 _____ () C:\Users\Leo\Downloads\targetron_1_3_4.zip
2015-03-06 10:30 - 2015-03-06 10:32 - 40723506 _____ () C:\Users\Leo\Downloads\Firespitter_634.zip
2015-03-06 10:27 - 2015-03-06 10:27 - 02368280 _____ () C:\Users\Leo\Downloads\Romfarer_LazorSystem_v35.zip
2015-03-06 10:24 - 2015-03-06 10:25 - 04325650 _____ () C:\Users\Leo\Downloads\MechJeb2-2.4.2.0.zip
2015-03-06 01:32 - 2015-03-06 01:38 - 00000000 ____D () C:\Users\Leo\workspace
2015-03-06 01:32 - 2015-03-06 01:32 - 00000000 ____D () C:\Users\Leo\AppData\Local\Eclipse
2015-03-06 01:29 - 2015-03-06 01:31 - 00000000 ____D () C:\Users\Leo\eclipse
2015-03-05 23:59 - 2015-03-05 23:59 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-03-05 23:32 - 2015-03-05 23:40 - 162162770 _____ () C:\Users\Leo\eclipse-java-luna-SR2-win32-x86_64.zip
2015-03-01 20:26 - 2015-03-01 20:26 - 00000000 ____D () C:\Users\MeinAdmin\Documents\Youcam
2015-03-01 20:26 - 2015-03-01 20:26 - 00000000 ____D () C:\Users\MeinAdmin\AppData\Local\Logitech
2015-03-01 20:26 - 2015-03-01 20:26 - 00000000 ____D () C:\Users\MeinAdmin\AppData\Local\CyberLink
2015-03-01 20:22 - 2015-03-10 14:18 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-01 20:21 - 2015-03-01 20:21 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Avira
2015-03-01 20:05 - 2015-03-10 14:18 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-01 20:05 - 2015-03-10 14:18 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-01 20:05 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-01 19:58 - 2015-03-01 19:58 - 00001226 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-03-01 19:57 - 2015-03-01 20:05 - 00000000 ____D () C:\ProgramData\Avira
2015-03-01 19:57 - 2015-03-01 20:05 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-01 17:30 - 2015-03-01 17:30 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\GeoGebra 5.0
2015-02-28 10:51 - 2015-02-28 10:51 - 00001712 _____ () C:\Users\Leo\Desktop\GeoGebra.lnk
2015-02-28 10:51 - 2015-02-28 10:51 - 00000000 ____D () C:\Users\Leo\GeoGebra 5.0
2015-02-28 10:51 - 2015-02-28 10:51 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 5
2015-02-22 11:09 - 2015-02-22 11:09 - 00000222 _____ () C:\Users\Leo\Desktop\HIT.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 13:45 - 2014-11-07 23:31 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-22 13:42 - 2014-10-05 22:13 - 00000000 ____D () C:\Spiele
2015-03-22 13:41 - 2014-10-20 13:09 - 00000000 ____D () C:\Users\MeinAdmin\Documents\My Cheat Tables
2015-03-22 13:40 - 2014-10-01 19:23 - 00000000 ____D () C:\Users\Leo\Documents\Youcam
2015-03-22 13:36 - 2014-10-01 18:18 - 01725396 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 13:15 - 2014-11-07 23:31 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-22 13:15 - 2014-10-01 19:21 - 00000000 ____D () C:\Users\Leo\AppData\Local\Pokki
2015-03-22 13:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-21 18:29 - 2014-10-01 19:30 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\ClassicShell
2015-03-21 17:51 - 2014-04-30 23:19 - 00800954 _____ () C:\Windows\system32\perfh007.dat
2015-03-21 17:51 - 2014-04-30 23:19 - 00174458 _____ () C:\Windows\system32\perfc007.dat
2015-03-21 17:51 - 2014-03-18 10:53 - 01921154 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-21 17:43 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-21 17:43 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-03-21 17:42 - 2014-06-10 20:25 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-03-21 17:20 - 2014-03-18 10:44 - 00153310 _____ () C:\Windows\PFRO.log
2015-03-21 16:27 - 2014-10-01 19:27 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-514103404-2733609734-414756415-1006
2015-03-21 15:46 - 2014-11-01 15:04 - 00057344 ___SH () C:\Users\Leo\Desktop\Thumbs.db
2015-03-21 15:25 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-21 13:51 - 2014-11-07 23:33 - 00002202 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-13 21:12 - 2014-10-01 19:31 - 00000000 ____D () C:\Users\MeinAdmin
2015-03-13 19:29 - 2015-01-18 14:28 - 00002338 _____ () C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-03-12 21:03 - 2014-10-01 19:21 - 00000000 ____D () C:\Users\Leo
2015-03-12 21:03 - 2014-10-01 19:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-12 01:58 - 2015-01-10 14:40 - 00000000 ____D () C:\Users\Leo\AppData\Local\gtk-2.0
2015-03-12 01:54 - 2015-01-10 14:33 - 00000000 ____D () C:\Users\Leo\.gimp-2.8
2015-03-12 01:51 - 2014-10-02 07:30 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\vlc
2015-03-11 00:51 - 2014-12-28 02:16 - 00000045 _____ () C:\Users\Leo\Documents\Isaac.txt
2015-03-08 20:58 - 2013-08-22 15:46 - 00032607 _____ () C:\Windows\setupact.log
2015-03-06 15:06 - 2014-10-02 14:43 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\TS3Client
2015-03-03 18:51 - 2014-06-10 20:41 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-03 18:51 - 2014-06-10 20:41 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-01 20:26 - 2014-11-07 23:38 - 00000000 ____D () C:\Users\MeinAdmin\AppData\Roaming\ClassicShell
2015-03-01 19:57 - 2014-06-10 20:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-01 19:56 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-03-01 19:54 - 2015-02-07 13:58 - 00000000 ____D () C:\Users\Mama
2015-03-01 19:43 - 2014-11-07 23:33 - 00000000 ____D () C:\Users\Leo\AppData\Local\LogMeIn Hamachi
2015-02-25 21:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-22 17:11 - 2014-10-02 10:23 - 00000000 ____D () C:\Users\MeinAdmin\AppData\Local\Adobe
2015-02-22 15:35 - 2014-11-05 21:54 - 00261632 ___SH () C:\Users\Leo\Downloads\Thumbs.db

==================== Files in the root of some directories =======

2014-12-18 14:05 - 2014-12-18 14:05 - 0007626 _____ () C:\Users\MeinAdmin\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Leo\AppData\Local\Temp\4c2459bebc146bfd821d90e28a2411ab.dll
C:\Users\Leo\AppData\Local\Temp\7941aa9f1a1ffb54e75f6abe950bcdb6.dll
C:\Users\Leo\AppData\Local\Temp\avgnt.exe
C:\Users\Leo\AppData\Local\Temp\COMAP.EXE
C:\Users\Leo\AppData\Local\Temp\ipyzdlw8.dll
C:\Users\Leo\AppData\Local\Temp\oct6287.tmp.exe
C:\Users\Leo\AppData\Local\Temp\octD4B.tmp.exe
C:\Users\Leo\AppData\Local\Temp\octD699.tmp.exe
C:\Users\Leo\AppData\Local\Temp\octE7D5.tmp.exe
C:\Users\MeinAdmin\AppData\Local\Temp\avgnt.exe
C:\Users\MeinAdmin\AppData\Local\Temp\Quarantine.exe
C:\Users\MeinAdmin\AppData\Local\Temp\sqlite3.dll
C:\Users\MeinAdmin\AppData\Local\Temp\_isD2.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-21 16:27

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 22.03.2015 15:11
Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Teron821 22.03.2015 15:26
bei den ganzen logs fehlt immer Firefox ?
(ich benutze eigentlich nur firefox)


oh und :
Additons.txt:
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by MeinAdmin at 2015-03-22 15:24:28
Running from C:\Users\Leo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A.V.A - Alliance of Valiant Arms (HKLM-x32\...\Steam App 102700) (Version:  - RED DUCK Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{0B448829-3672-18EA-4117-C1240D4CF140}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3906 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes de-DE (HKLM-x32\...\{C438C1D0-A46C-4BFA-AF07-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Hours of Titanfall (HKLM-x32\...\Steam App 292060) (Version:  - Geoff Keighley)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeoGebra 5 (HKU\S-1-5-21-514103404-2733609734-414756415-1006\...\GeoGebra 5) (Version: 5.0.67.0 - International GeoGebra Institute)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HIT (HKLM-x32\...\Steam App 336670) (Version:  - Shifty Chair Games)
Hitman: Contracts (HKLM-x32\...\Steam App 247430) (Version:  - IO Interactive)
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP Color LaserJet Pro MFP M176 (HKLM-x32\...\{7ef5f914-a8e1-4f35-8b91-5f5a3ea16c55}) (Version: 8.0.13192.913 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.08 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{E9FA2CA2-B7B2-43E6-8449-A1618B042EAE}) (Version: 1.1.3 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{B7B82520-8ECE-4743-BFD7-93B16C64B277}) (Version: 2.4.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM176DSService (x32 Version: 001.001.08254 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.033.00905 - Hewlett-Packard) Hidden
hppM176LaserJetService (x32 Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 080.040.00171 - Hewlett Packard) Hidden
hpStatusAlertsM176 (x32 Version: 080.046.00111 - Hewlett-Packard) Hidden
Inst5675 (Version: 8.01.08 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.08 - Softex Inc.) Hidden
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LibreOffice 4.3.2.2 (HKLM-x32\...\{9C13F99C-6E1A-4126-AE91-EAA2DADE08D6}) (Version: 4.3.2.2 - The Document Foundation)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{F93EE340-3735-4032-8B74-0A3E489017A0}) (Version: 4.1.4670 - LogMeIn, Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Firefox 36.0.4 (x86 de) (HKU\S-1-5-21-514103404-2733609734-414756415-1006\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Ihr Firmenname)
Paintball2 Alpha build 40 (HKLM-x32\...\Paintball2) (Version: Alpha build 40 - Digital Paint)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-514103404-2733609734-414756415-1006\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Pokki (HKU\S-1-5-21-514103404-2733609734-414756415-1006\...\Pokki) (Version: 0.269.7.574 - Pokki)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.6 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-514103404-2733609734-414756415-1006\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
Toribash (HKLM-x32\...\Steam App 248570) (Version:  - Nabi Studios)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App für HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-03-2015 14:50:07 Revo Uninstaller's restore point - Start Menu

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {316007E6-D02E-481B-80AE-AAF221232C23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {4DEC0FF5-02D7-4A5D-A92F-C760D3A73FEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-12-18] (Hewlett-Packard)
Task: {53506A0B-850D-4868-9DDC-5CB9DA926D1D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2014-01-13] (Hewlett-Packard Company)
Task: {7610D929-EECB-4153-B560-E6720B4B59C8} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2014-02-12] ()
Task: {B284AD28-073B-4655-94C7-C0C257C067AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {B84A40CB-13A5-40E8-8476-DE10AB0D9D27} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {DD3A2C72-2298-436B-848C-94FA11EE34ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {E8BC3766-ADA2-4E7D-BC00-7201889A3FE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {EF9A97A4-4FCB-4D9F-9B50-B63DAF391E2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-07] (Google Inc.)
Task: {F32F1211-375B-484F-8FE8-D44401E98193} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {F3584A79-7D82-47DB-9719-06A1A74B939B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-12-18] (Hewlett-Packard)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-01 17:38 - 2014-03-01 17:38 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-01 17:34 - 2014-03-01 17:34 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-01 17:34 - 2014-03-01 17:34 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-01 17:34 - 2014-03-01 17:34 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-01 17:52 - 2014-03-01 17:52 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-01 17:52 - 2014-03-01 17:52 - 00712592 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-10-07 21:33 - 2012-09-18 14:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2014-10-07 21:33 - 2012-09-18 14:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2014-04-06 21:38 - 2014-04-06 21:38 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-06-10 20:21 - 2014-03-05 17:09 - 00088064 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-03-01 17:41 - 2014-03-01 17:41 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-06-10 20:46 - 2013-02-01 10:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll
2014-06-10 20:46 - 2013-02-01 10:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll
2014-06-10 20:46 - 2013-02-01 10:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll
2014-06-10 20:46 - 2013-02-01 10:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll
2014-06-10 20:46 - 2013-02-01 10:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll
2014-06-10 20:46 - 2013-02-01 10:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll
2014-06-10 20:46 - 2013-02-01 10:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\peter\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-514103404-2733609734-414756415-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-514103404-2733609734-414756415-1008\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "LogMeIn GUI"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"

==================== Accounts: =============================

Admin (S-1-5-21-514103404-2733609734-414756415-1002 - Administrator - Enabled) => C:\Users\peter
Administrator (S-1-5-21-514103404-2733609734-414756415-500 - Administrator - Disabled)
Gast (S-1-5-21-514103404-2733609734-414756415-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-514103404-2733609734-414756415-1009 - Limited - Enabled)
Leo (S-1-5-21-514103404-2733609734-414756415-1006 - Limited - Enabled) => C:\Users\Leo
Mama (S-1-5-21-514103404-2733609734-414756415-1005 - Administrator - Enabled) => C:\Users\Mama
MeinAdmin (S-1-5-21-514103404-2733609734-414756415-1008 - Administrator - Enabled) => C:\Users\MeinAdmin
Robert (S-1-5-21-514103404-2733609734-414756415-1007 - Administrator - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD A10-5745M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 17%
Total physical RAM: 11461.2 MB
Available physical RAM: 9482.81 MB
Total Pagefile: 13189.2 MB
Available Pagefile: 11094.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:909.38 GB) (Free:673.82 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.12 GB) (Free:2.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6F653072)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

cosinus 22.03.2015 16:51
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-514103404-2733609734-414756415-1006\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Teron821 22.03.2015 17:55
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by MeinAdmin at 2015-03-22 17:22:30 Run:1
Running from C:\Users\Leo\Desktop
Loaded Profiles: Leo & MeinAdmin (Available profiles: Admin & Mama & Leo & MeinAdmin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-514103404-2733609734-414756415-1006\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
       
*****************

HKU\S-1-5-21-514103404-2733609734-414756415-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
EmptyTemp: => Removed 3.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 17:24:12 ====
Wars das ?
=)

cosinus 23.03.2015 09:23
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Alle Zeitangaben in WEZ +1. Es ist jetzt 14:39 Uhr.
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19