| |
| |||||||
Alles rund um Windows: TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exeWindows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
 |
04.08.2014, 11:11
| #1 |
 |  Problem: TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe Hallo liebe Leute Mein Virenscanner hat diesen Trojaner gefunden.Was muss ich anstellen das der verschwindet? Ich habe Windows 8 Viele Grüße |
|
04.08.2014, 11:12
| #2 |
| /// TB-Ausbilder   | TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe Anleitung / Hilfe Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
04.08.2014, 15:13
| #3 |
| | TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe Details Hallo Mathias, vielen Dank für deine schnelle Hilfe.
__________________Habe mir sofort dieses FRST 64 gedownloadet und es steht dort: Scan completed. The FRST. txt is saved in the Same location FRST Tool is run Grüße Conny Code:
ATTFilter
Ran by contesssa at 2014-08-04 15:24:44
Running from C:\Users\contesssa\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Trusted Connect Service Client (Version: 1.26.242.3 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: - )
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.50325 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50325 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shopping Helper Smartbar Engine (HKCU\...\{f6f7e3e1-d1e6-4adc-b2c8-4f9946a84573}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
Skype™ 6.9 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.1.0 - Synaptics Incorporated)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {016ACFEA-DA8C-4876-8FC2-9C805E17B27A} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {028F7BA2-6F53-4A86-973A-B72EBE6D73A6} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {11713C7D-CDD5-4ED6-A865-89685117D6DE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {15CFED45-5261-4590-A96F-47EBB8A1961D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {252B4049-B651-413C-BA1A-8ED507AC2CF1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-14] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31C2A7A0-4892-4BD0-AD93-4A752D1796A5} - System32\Tasks\Lenovo\LenovoMachineInformation => C:\Program Files\lenovo\SystemAgent\MachineInformation.exe [2013-05-02] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {41B089C1-D45B-41BD-A1C7-B07E874EF3EE} - System32\Tasks\Lenovo\LenovoWarrantyChinaTask => C:\Program Files\lenovo\SystemAgent\ChinaWarrantyService.exe [2013-05-02] ()
Task: {426DCB08-A02B-4FB9-946D-BC7C67582C9F} - \BlockAndSurf Update No Task File <==== ATTENTION
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4ADE1941-F662-4498-8972-B198A70241BF} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-05-02] ()
Task: {56D08866-7230-4027-8156-E5E5D4769F62} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {578DA71D-4792-49E5-A998-82BD10017897} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {60493F07-B1C4-41E4-A8EC-C27F39C6D080} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {6A22210D-76C7-4A29-AFE1-B08943249160} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {75F8F903-08EB-4B44-9085-24A60DBAD7E0} - \BlockAndSurf_wd No Task File <==== ATTENTION
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7EEFEB6A-289F-4D4E-9025-A535969B0364} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8BBE35F4-B154-44E9-8EE1-F97AA729CA0A} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {8C93EE21-3136-4695-881A-2F45783050C1} - System32\Tasks\SoftUpdateLogon => C:\Users\contesssa\AppData\Local\SoftUpdate\SoftUpdate.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {927CF79C-0219-4928-9A28-263935B64716} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1361BB9-0188-439D-9100-D20F39CDF21E} - System32\Tasks\SoftUpdateDaily => C:\Users\contesssa\AppData\Local\SoftUpdate\SoftUpdate.exe
Task: {A56F93A8-C213-4A7D-90F0-3EE0E5551C59} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {A84F5E42-9540-465D-93A1-6F21C5426E8D} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: {AA05510B-0EE5-4260-9FB0-84CE84E4290A} - System32\Tasks\Lenovo\LenovoUserguidesCopy => C:\Program Files\lenovo\SystemAgent\UserguidesCopy.exe [2013-05-02] ()
Task: {B379786F-D38D-47CD-AB65-82CA8CF66164} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {B8A14DF3-0A9A-437A-B5D8-9D3CF10694E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {C4583446-F249-471E-B139-442A743C0538} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D97C9F57-3822-4C1D-9B29-ACDB7995D42B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2013-02-28 18:05 - 2013-02-28 18:05 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-02-28 18:02 - 2013-02-28 18:02 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-02-28 18:06 - 2013-02-28 18:06 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-25 21:52 - 2014-04-25 21:52 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\7a891719ed7b38bb959d812adc580f5c\PSIClient.ni.dll
2013-07-23 14:55 - 2012-10-23 15:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-07-19 12:34 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 12:34 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 12:34 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 12:34 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 12:34 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\contesssa\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "fst_de_99"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/04/2014 09:53:27 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (08/04/2014 09:11:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Mein CEWE FOTOBUCH.exe, Version: 0.0.0.0, Zeitstempel: 0x5241e45f
Name des fehlerhaften Moduls: CWFoto0.dll, Version: 0.1.0.0, Zeitstempel: 0x5241dd36
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000285cb
ID des fehlerhaften Prozesses: 0xed8
Startzeit der fehlerhaften Anwendung: 0xMein CEWE FOTOBUCH.exe0
Pfad der fehlerhaften Anwendung: Mein CEWE FOTOBUCH.exe1
Pfad des fehlerhaften Moduls: Mein CEWE FOTOBUCH.exe2
Berichtskennung: Mein CEWE FOTOBUCH.exe3
Vollständiger Name des fehlerhaften Pakets: Mein CEWE FOTOBUCH.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Mein CEWE FOTOBUCH.exe5
Error: (07/22/2014 11:57:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13625
Error: (07/22/2014 11:57:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13625
Error: (07/22/2014 11:57:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/21/2014 11:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59109
Error: (07/21/2014 11:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59109
Error: (07/21/2014 11:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/20/2014 02:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13859
Error: (07/20/2014 02:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13859
System errors:
=============
Error: (08/04/2014 10:48:47 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/04/2014 10:48:11 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/04/2014 10:47:58 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/04/2014 10:47:21 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Microsoft Office Sessions:
=========================
Error: (08/04/2014 09:53:27 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883
Error: (08/04/2014 09:11:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Mein CEWE FOTOBUCH.exe0.0.0.05241e45fCWFoto0.dll0.1.0.05241dd36c0000005000285cbed801cfafb333e7c78aC:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exeC:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CWFoto0.dll83f3169c-1ba6-11e4-bea7-50af735ae431
Error: (07/22/2014 11:57:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13625
Error: (07/22/2014 11:57:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13625
Error: (07/22/2014 11:57:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/21/2014 11:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59109
Error: (07/21/2014 11:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59109
Error: (07/21/2014 11:31:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/20/2014 02:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13859
Error: (07/20/2014 02:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13859
CodeIntegrity Errors:
===================================
Date: 2014-07-20 13:18:25.679
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.
Date: 2014-07-20 13:18:12.580
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.
Date: 2014-02-25 21:57:06.854
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
Date: 2014-02-25 21:57:06.682
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
Date: 2013-11-03 01:10:55.629
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-03 00:59:03.666
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-02 09:18:13.111
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-02 08:44:57.218
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-02 08:38:59.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-02 01:14:32.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 3975.27 MB
Available physical RAM: 2291.64 MB
Total Pagefile: 8071.27 MB
Available Pagefile: 6205.42 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:426.23 GB) (Free:370.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.57 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3FD8BFE0)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
05.08.2014, 08:41
| #4 |
| /// TB-Ausbilder | Lösung: TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe Servus, FRST.txt fehlt noch, bitte posten. |
|
06.08.2014, 07:42
| #5 |
| | Wie TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe Guten Morgen : ) Code:
ATTFilter
Ran by contesssa (administrator) on CONNY on 06-08-2014 08:34:53
Running from C:\Users\contesssa\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-07-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-07-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3041520 2013-03-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Atheros Communications))
HKU\S-1-5-21-1714798670-2283502341-2433251003-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20473504 2013-10-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1714798670-2283502341-2433251003-1001\...\Run: [GoogleChromeAutoLaunch_8856B223242C46EC7E7BB0B38EB6BDE4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:50714;https=127.0.0.1:50714
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {B8685F37-302D-4748-8F8A-0CC05A05EA7B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL:
CHR Extension: (Avira Sparberater) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164736 2012-11-08] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [562504 2013-05-02] (LENOVO INCORPORATED.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-02-28] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2013-10-07] ()
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2013-01-24] (Intel(R) Corporation) [File not signed]
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-09] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 {9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64; C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64.sys [61120 2014-07-03] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-04 16:19 - 2014-08-04 16:19 - 00000936 _____ () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2014-08-04 15:24 - 2014-08-04 15:25 - 00025131 _____ () C:\Users\contesssa\Downloads\Addition.txt
2014-08-04 15:23 - 2014-08-06 08:35 - 00015909 _____ () C:\Users\contesssa\Downloads\FRST.txt
2014-08-04 15:19 - 2014-08-06 08:34 - 00000000 ____D () C:\FRST
2014-08-04 15:18 - 2014-08-04 15:18 - 02094080 _____ (Farbar) C:\Users\contesssa\Downloads\FRST64.exe
2014-08-04 14:56 - 2014-08-04 15:20 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nico Mak Computing
2014-08-04 14:55 - 2014-08-04 14:55 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8 (1).exe
2014-08-04 14:51 - 2014-08-04 14:51 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8.exe
2014-08-04 10:23 - 2014-08-06 08:32 - 00102853 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 10:16 - 2014-08-04 10:16 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-04 09:03 - 2014-08-04 09:03 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Adobe
2014-07-21 11:55 - 2014-07-21 11:55 - 03736040 _____ (Piriform Ltd) C:\Users\contesssa\Downloads\ccsetup415_slim.exe
2014-07-21 11:55 - 2014-07-21 11:55 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-21 11:55 - 2014-07-21 11:55 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-21 11:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-21 11:10 - 2014-07-21 11:10 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-21 11:10 - 2014-07-21 11:10 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Local_Weather_LLC
2014-07-21 10:41 - 2014-07-21 10:41 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-07-21 10:30 - 2014-07-21 10:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-07-21 10:29 - 2014-07-21 10:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-16 23:00 - 2014-07-03 16:22 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64.sys
2014-07-15 00:37 - 2014-07-19 13:00 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-14 21:08 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 09:31 - 2014-07-10 09:35 - 00019921 _____ () C:\Users\contesssa\Downloads\UStVA2014_II._Quartal_Cornelia_Zink.elfo
2014-07-10 09:07 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 09:07 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 09:07 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 09:07 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 09:07 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 09:07 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 09:07 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 09:07 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 09:07 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 09:07 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 09:07 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 09:07 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 09:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 09:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 09:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 09:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 09:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 09:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 09:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 09:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 09:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 09:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 09:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 09:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 09:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 09:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 09:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 09:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 09:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 09:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 09:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 09:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 09:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 09:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 09:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 09:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 09:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 09:06 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 09:06 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 09:06 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 09:06 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 09:06 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 09:06 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 09:06 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 09:06 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 09:06 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 09:06 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 09:06 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 09:06 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 09:06 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 09:06 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 09:06 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 09:06 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 09:06 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-10 09:01 - 2014-07-10 09:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-06 08:35 - 2014-08-04 15:23 - 00015909 _____ () C:\Users\contesssa\Downloads\FRST.txt
2014-08-06 08:34 - 2014-08-04 15:19 - 00000000 ____D () C:\FRST
2014-08-06 08:34 - 2013-10-18 00:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1714798670-2283502341-2433251003-1001
2014-08-06 08:33 - 2014-01-29 17:31 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{85B33DF1-38E0-4A33-B992-7D2DC8C2FBAA}
2014-08-06 08:32 - 2014-08-04 10:23 - 00102853 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-06 08:32 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-06 08:30 - 2014-02-26 14:46 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-06 08:30 - 2014-02-26 14:46 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-06 08:30 - 2014-01-10 00:24 - 00000000 __RDO () C:\Users\contesssa\SkyDrive
2014-08-06 08:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-04 16:19 - 2014-08-04 16:19 - 00000936 _____ () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2014-08-04 15:47 - 2014-02-26 14:45 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-04 15:25 - 2014-08-04 15:24 - 00025131 _____ () C:\Users\contesssa\Downloads\Addition.txt
2014-08-04 15:20 - 2014-08-04 14:56 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nico Mak Computing
2014-08-04 15:18 - 2014-08-04 15:18 - 02094080 _____ (Farbar) C:\Users\contesssa\Downloads\FRST64.exe
2014-08-04 14:55 - 2014-08-04 14:55 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8 (1).exe
2014-08-04 14:51 - 2014-08-04 14:51 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8.exe
2014-08-04 11:40 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-04 10:48 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-04 10:16 - 2014-08-04 10:16 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-04 09:40 - 2013-10-23 18:45 - 00000000 ____D () C:\Conny
2014-08-04 09:11 - 2013-10-26 15:04 - 00000000 ____D () C:\ProgramData\tmp
2014-08-04 09:03 - 2014-08-04 09:03 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Adobe
2014-08-04 08:51 - 2014-01-09 23:17 - 00000000 ____D () C:\Users\contesssa
2014-08-03 11:50 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-03 11:50 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-03 11:50 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-23 21:30 - 2013-10-27 22:03 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Skype
2014-07-22 11:56 - 2014-03-13 21:38 - 00000182 _____ () C:\Users\contesssa\AppData\Local\RegisteredPackageInformation.xml
2014-07-22 11:52 - 2013-10-17 16:57 - 00000000 ___RD () C:\Users\contesssa\Desktop\Anwendungen
2014-07-22 11:50 - 2013-10-27 22:03 - 00000000 ____D () C:\ProgramData\Skype
2014-07-22 11:50 - 2013-10-27 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-22 11:43 - 2013-10-27 21:46 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-22 11:27 - 2013-10-27 16:09 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-22 01:30 - 2013-10-27 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-21 11:55 - 2014-07-21 11:55 - 03736040 _____ (Piriform Ltd) C:\Users\contesssa\Downloads\ccsetup415_slim.exe
2014-07-21 11:55 - 2014-07-21 11:55 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-21 11:55 - 2014-07-21 11:55 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-21 11:10 - 2014-07-21 11:10 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-21 11:10 - 2014-07-21 11:10 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Local_Weather_LLC
2014-07-21 10:41 - 2014-07-21 10:41 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-07-21 10:41 - 2014-07-21 10:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-21 10:30 - 2014-07-21 10:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-07-20 13:27 - 2014-04-14 14:56 - 00000163 _____ () C:\WINDOWS\Reimage.ini
2014-07-19 13:00 - 2014-07-15 00:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-19 11:58 - 2013-08-22 15:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-07-15 16:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-15 14:34 - 2014-03-17 13:28 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-15 00:37 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-15 00:30 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 00:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-15 00:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-15 00:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-15 00:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 21:19 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 21:17 - 2013-10-25 14:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-14 21:15 - 2013-10-25 14:05 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-14 21:15 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-10 10:02 - 2013-10-26 15:33 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nitro PDF
2014-07-10 09:35 - 2014-07-10 09:31 - 00019921 _____ () C:\Users\contesssa\Downloads\UStVA2014_II._Quartal_Cornelia_Zink.elfo
2014-07-10 09:01 - 2014-07-10 09:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 19:47 - 2014-02-26 14:45 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
Some content of TEMP:
====================
C:\Users\contesssa\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-04 15:29
==================== End Of Log ============================
|
|
06.08.2014, 09:23
| #6 |
| /// TB-Ausbilder | Wo TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe Lösung! Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
|
07.08.2014, 15:13
| #7 |
| | TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe Hallo Mathias,, Habe Schritt 1&2 versucht aber gescheitert. 1- hatte auf Suche gedrückt,es ist durchgelaufen und es ging wegen einem Problem nicht zum Ende :-( 2- habe ich gedownloadet = da stand : nicht genügend Sytemressourcen,um den Dienst auszuführen. Dann sprang mein antivir an und da war ein neuer Virus Drauf:-( |
|
07.08.2014, 19:51
| #8 | |
| /// TB-Ausbilder | TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exeZitat:
1) Welches Problem ist bei AdwCleaner erschienen? Wie lautet die Fehlermeldung? Was passiert genau? 2) Wo hat Avira welche Art von Malware gefunden? Poste einen Bericht von Avira (wird abgespeichert) mit Namen und Pfad zur Datei.
|
|
08.08.2014, 09:34
| #9 |
| | TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe Guten Morgen Mathias  Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 7. August 2014 13:57
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 8.1
Windowsversion : (plain) [6.2.9200]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : CONNY
Versionsinformationen:
BUILD.DAT : 14.0.6.552 92022 Bytes 23.07.2014 13:29:00
AVSCAN.EXE : 14.0.6.548 1046608 Bytes 07.08.2014 09:58:58
AVSCANRC.DLL : 14.0.6.522 62544 Bytes 07.08.2014 09:58:58
LUKE.DLL : 14.0.6.522 57936 Bytes 07.08.2014 09:59:14
AVSCPLR.DLL : 14.0.6.548 92752 Bytes 07.08.2014 09:58:59
AVREG.DLL : 14.0.6.522 262224 Bytes 07.08.2014 09:58:57
avlode.dll : 14.0.6.526 603728 Bytes 07.08.2014 09:58:56
avlode.rdf : 14.0.4.42 65114 Bytes 19.07.2014 09:55:23
XBV00008.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:49
XBV00009.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:49
XBV00010.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:49
XBV00011.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:49
XBV00012.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00013.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00014.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00015.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00016.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00017.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00018.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00019.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00020.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00021.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00022.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00023.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00024.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00025.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00026.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00027.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00028.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00029.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00030.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00031.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:50
XBV00032.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:51
XBV00033.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:51
XBV00034.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:51
XBV00035.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:51
XBV00036.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:51
XBV00037.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:51
XBV00038.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:51
XBV00039.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:51
XBV00040.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:51
XBV00041.VDF : 8.11.153.142 2048 Bytes 06.06.2014 16:44:51
XBV00209.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:25
XBV00210.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:25
XBV00211.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:25
XBV00212.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:25
XBV00213.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:25
XBV00214.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:25
XBV00215.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:25
XBV00216.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00217.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00218.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00219.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00220.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00221.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00222.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00223.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00224.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00225.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00226.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00227.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00228.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00229.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00230.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:26
XBV00231.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00232.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00233.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00234.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00235.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00236.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00237.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00238.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00239.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00240.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00241.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00242.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00243.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00244.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00245.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00246.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00247.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00248.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00249.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00250.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00251.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00252.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00253.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00254.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:27
XBV00255.VDF : 8.11.165.38 2048 Bytes 04.08.2014 09:59:28
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 10:00:51
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:00:51
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 10:00:51
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 10:00:51
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 10:00:51
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 10:00:51
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 07:46:22
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 15:26:20
XBV00042.VDF : 8.11.153.142 710656 Bytes 06.06.2014 16:44:52
XBV00043.VDF : 8.11.155.44 1013760 Bytes 16.06.2014 16:44:53
XBV00044.VDF : 8.11.159.102 1662976 Bytes 08.07.2014 17:48:44
XBV00045.VDF : 8.11.159.104 13824 Bytes 08.07.2014 17:48:44
XBV00046.VDF : 8.11.159.108 13312 Bytes 08.07.2014 17:48:44
XBV00047.VDF : 8.11.159.112 30720 Bytes 09.07.2014 17:48:44
XBV00048.VDF : 8.11.159.114 6144 Bytes 09.07.2014 17:48:44
XBV00049.VDF : 8.11.159.116 10240 Bytes 09.07.2014 17:48:44
XBV00050.VDF : 8.11.159.118 5632 Bytes 09.07.2014 17:48:44
XBV00051.VDF : 8.11.159.122 7168 Bytes 09.07.2014 17:48:44
XBV00052.VDF : 8.11.159.126 180736 Bytes 09.07.2014 17:48:44
XBV00053.VDF : 8.11.159.148 174080 Bytes 09.07.2014 07:03:00
XBV00054.VDF : 8.11.159.168 2560 Bytes 09.07.2014 07:03:00
XBV00055.VDF : 8.11.159.188 15360 Bytes 09.07.2014 07:03:00
XBV00056.VDF : 8.11.159.210 25600 Bytes 09.07.2014 07:03:00
XBV00057.VDF : 8.11.159.212 7168 Bytes 09.07.2014 07:03:00
XBV00058.VDF : 8.11.159.218 27648 Bytes 10.07.2014 07:03:00
XBV00059.VDF : 8.11.159.220 2048 Bytes 10.07.2014 07:03:00
XBV00060.VDF : 8.11.159.222 29696 Bytes 10.07.2014 07:54:11
XBV00061.VDF : 8.11.159.224 167936 Bytes 10.07.2014 07:54:11
XBV00062.VDF : 8.11.159.226 35328 Bytes 10.07.2014 07:54:11
XBV00063.VDF : 8.11.159.230 186368 Bytes 10.07.2014 07:54:11
XBV00064.VDF : 8.11.159.250 16896 Bytes 10.07.2014 07:54:11
XBV00065.VDF : 8.11.159.252 2048 Bytes 10.07.2014 07:54:11
XBV00066.VDF : 8.11.160.16 6144 Bytes 10.07.2014 07:54:11
XBV00067.VDF : 8.11.160.40 17408 Bytes 10.07.2014 07:54:11
XBV00068.VDF : 8.11.160.42 2048 Bytes 11.07.2014 07:54:11
XBV00069.VDF : 8.11.160.46 179200 Bytes 11.07.2014 07:54:11
XBV00070.VDF : 8.11.160.48 203264 Bytes 11.07.2014 19:08:21
XBV00071.VDF : 8.11.160.50 6144 Bytes 11.07.2014 19:08:25
XBV00072.VDF : 8.11.160.52 2048 Bytes 11.07.2014 19:08:25
XBV00073.VDF : 8.11.160.54 2048 Bytes 11.07.2014 19:08:25
XBV00074.VDF : 8.11.160.58 22016 Bytes 11.07.2014 19:08:25
XBV00075.VDF : 8.11.160.60 2048 Bytes 11.07.2014 19:08:25
XBV00076.VDF : 8.11.160.62 8192 Bytes 11.07.2014 19:08:25
XBV00077.VDF : 8.11.160.66 198656 Bytes 12.07.2014 19:08:26
XBV00078.VDF : 8.11.160.68 7168 Bytes 12.07.2014 19:08:26
XBV00079.VDF : 8.11.160.70 14848 Bytes 12.07.2014 19:08:26
XBV00080.VDF : 8.11.160.72 7168 Bytes 12.07.2014 19:08:26
XBV00081.VDF : 8.11.160.92 40448 Bytes 13.07.2014 19:08:28
XBV00082.VDF : 8.11.160.112 2048 Bytes 13.07.2014 19:08:28
XBV00083.VDF : 8.11.160.130 193024 Bytes 13.07.2014 19:08:28
XBV00084.VDF : 8.11.160.132 2048 Bytes 13.07.2014 19:08:28
XBV00085.VDF : 8.11.160.152 20480 Bytes 13.07.2014 19:08:28
XBV00086.VDF : 8.11.160.154 2048 Bytes 13.07.2014 19:08:28
XBV00087.VDF : 8.11.160.156 20992 Bytes 14.07.2014 19:08:28
XBV00088.VDF : 8.11.160.158 2560 Bytes 14.07.2014 19:08:28
XBV00089.VDF : 8.11.160.160 11264 Bytes 14.07.2014 19:08:28
XBV00090.VDF : 8.11.160.162 2560 Bytes 14.07.2014 19:08:28
XBV00091.VDF : 8.11.160.166 14336 Bytes 14.07.2014 19:08:28
XBV00092.VDF : 8.11.160.168 5120 Bytes 14.07.2014 19:08:28
XBV00093.VDF : 8.11.160.178 7168 Bytes 14.07.2014 19:08:28
XBV00094.VDF : 8.11.160.180 2048 Bytes 14.07.2014 19:08:28
XBV00095.VDF : 8.11.160.182 2048 Bytes 14.07.2014 19:08:28
XBV00096.VDF : 8.11.160.188 256000 Bytes 14.07.2014 12:34:07
XBV00097.VDF : 8.11.160.190 7680 Bytes 14.07.2014 12:34:07
XBV00098.VDF : 8.11.160.194 18432 Bytes 15.07.2014 12:34:07
XBV00099.VDF : 8.11.160.212 184832 Bytes 15.07.2014 12:34:07
XBV00100.VDF : 8.11.160.230 289792 Bytes 15.07.2014 19:39:07
XBV00101.VDF : 8.11.160.232 2048 Bytes 15.07.2014 19:39:07
XBV00102.VDF : 8.11.160.234 176128 Bytes 15.07.2014 19:39:07
XBV00103.VDF : 8.11.160.254 18432 Bytes 15.07.2014 19:39:07
XBV00104.VDF : 8.11.161.16 6144 Bytes 16.07.2014 19:39:07
XBV00105.VDF : 8.11.161.32 2048 Bytes 16.07.2014 19:39:07
XBV00106.VDF : 8.11.161.34 2048 Bytes 16.07.2014 19:39:07
XBV00107.VDF : 8.11.161.52 26624 Bytes 16.07.2014 19:39:07
XBV00108.VDF : 8.11.161.68 184832 Bytes 16.07.2014 19:39:07
XBV00109.VDF : 8.11.161.84 2048 Bytes 16.07.2014 19:39:08
XBV00110.VDF : 8.11.162.2 2560 Bytes 16.07.2014 19:39:08
XBV00111.VDF : 8.11.162.6 16896 Bytes 16.07.2014 09:55:23
XBV00112.VDF : 8.11.162.8 24064 Bytes 16.07.2014 09:55:24
XBV00113.VDF : 8.11.162.10 2560 Bytes 16.07.2014 09:55:24
XBV00114.VDF : 8.11.162.14 41472 Bytes 17.07.2014 09:55:24
XBV00115.VDF : 8.11.162.16 2048 Bytes 17.07.2014 09:55:24
XBV00116.VDF : 8.11.162.18 215040 Bytes 17.07.2014 09:55:24
XBV00117.VDF : 8.11.162.22 184320 Bytes 17.07.2014 09:55:24
XBV00118.VDF : 8.11.162.40 258048 Bytes 17.07.2014 09:55:24
XBV00119.VDF : 8.11.162.42 3584 Bytes 17.07.2014 09:55:24
XBV00120.VDF : 8.11.162.58 3072 Bytes 17.07.2014 09:55:24
XBV00121.VDF : 8.11.162.78 2048 Bytes 17.07.2014 09:55:24
XBV00122.VDF : 8.11.162.94 2048 Bytes 17.07.2014 09:55:25
XBV00123.VDF : 8.11.162.110 35840 Bytes 17.07.2014 09:55:25
XBV00124.VDF : 8.11.162.112 2048 Bytes 18.07.2014 09:55:25
XBV00125.VDF : 8.11.162.130 23040 Bytes 18.07.2014 09:55:25
XBV00126.VDF : 8.11.162.134 184320 Bytes 18.07.2014 09:55:25
XBV00127.VDF : 8.11.162.136 2048 Bytes 18.07.2014 09:55:25
XBV00128.VDF : 8.11.162.152 231424 Bytes 18.07.2014 09:55:25
XBV00129.VDF : 8.11.162.154 2048 Bytes 18.07.2014 09:55:25
XBV00130.VDF : 8.11.162.170 108032 Bytes 18.07.2014 09:55:25
XBV00131.VDF : 8.11.162.172 9728 Bytes 18.07.2014 09:55:25
XBV00132.VDF : 8.11.162.174 2048 Bytes 18.07.2014 09:55:25
XBV00133.VDF : 8.11.162.188 20992 Bytes 18.07.2014 09:55:25
XBV00134.VDF : 8.11.162.192 2048 Bytes 18.07.2014 09:55:25
XBV00135.VDF : 8.11.162.194 2048 Bytes 18.07.2014 09:55:25
XBV00136.VDF : 8.11.162.200 19968 Bytes 18.07.2014 09:55:26
XBV00137.VDF : 8.11.162.204 2048 Bytes 18.07.2014 09:55:26
XBV00138.VDF : 8.11.162.212 2048 Bytes 18.07.2014 09:55:26
XBV00139.VDF : 8.11.162.228 227840 Bytes 19.07.2014 11:14:26
XBV00140.VDF : 8.11.162.244 2048 Bytes 19.07.2014 11:14:26
XBV00141.VDF : 8.11.163.2 31232 Bytes 19.07.2014 11:14:26
XBV00142.VDF : 8.11.163.16 62464 Bytes 20.07.2014 11:14:26
XBV00143.VDF : 8.11.163.20 202752 Bytes 20.07.2014 21:56:27
XBV00144.VDF : 8.11.163.22 2048 Bytes 20.07.2014 21:56:27
XBV00145.VDF : 8.11.163.26 50176 Bytes 21.07.2014 08:08:09
XBV00146.VDF : 8.11.163.28 23040 Bytes 21.07.2014 08:08:09
XBV00147.VDF : 8.11.163.42 6144 Bytes 21.07.2014 08:08:09
XBV00148.VDF : 8.11.163.44 2560 Bytes 21.07.2014 08:08:09
XBV00149.VDF : 8.11.163.56 5120 Bytes 21.07.2014 22:46:28
XBV00150.VDF : 8.11.163.68 8192 Bytes 21.07.2014 22:46:29
XBV00151.VDF : 8.11.163.74 213504 Bytes 21.07.2014 22:46:29
XBV00152.VDF : 8.11.163.78 22528 Bytes 22.07.2014 06:44:51
XBV00153.VDF : 8.11.163.82 2560 Bytes 22.07.2014 06:44:51
XBV00154.VDF : 8.11.163.84 181248 Bytes 22.07.2014 06:44:52
XBV00155.VDF : 8.11.163.86 9728 Bytes 22.07.2014 19:32:38
XBV00156.VDF : 8.11.163.92 2560 Bytes 22.07.2014 19:32:38
XBV00157.VDF : 8.11.163.98 230400 Bytes 22.07.2014 19:32:38
XBV00158.VDF : 8.11.163.100 2048 Bytes 22.07.2014 19:32:38
XBV00159.VDF : 8.11.163.102 2048 Bytes 22.07.2014 19:32:38
XBV00160.VDF : 8.11.163.108 22528 Bytes 22.07.2014 19:32:38
XBV00161.VDF : 8.11.163.112 17920 Bytes 22.07.2014 19:32:38
XBV00162.VDF : 8.11.163.116 2048 Bytes 23.07.2014 19:32:38
XBV00163.VDF : 8.11.163.130 194048 Bytes 23.07.2014 19:32:38
XBV00164.VDF : 8.11.163.142 20992 Bytes 23.07.2014 19:32:38
XBV00165.VDF : 8.11.163.154 11776 Bytes 23.07.2014 19:32:38
XBV00166.VDF : 8.11.163.158 17920 Bytes 23.07.2014 19:32:38
XBV00167.VDF : 8.11.163.164 2048 Bytes 23.07.2014 19:32:38
XBV00168.VDF : 8.11.163.170 14848 Bytes 23.07.2014 19:10:41
XBV00169.VDF : 8.11.163.174 193024 Bytes 23.07.2014 19:10:41
XBV00170.VDF : 8.11.163.176 3072 Bytes 23.07.2014 19:10:41
XBV00171.VDF : 8.11.163.178 3072 Bytes 23.07.2014 19:10:41
XBV00172.VDF : 8.11.163.184 199168 Bytes 24.07.2014 19:10:42
XBV00173.VDF : 8.11.163.186 421376 Bytes 24.07.2014 19:10:42
XBV00174.VDF : 8.11.163.198 2048 Bytes 24.07.2014 19:10:42
XBV00175.VDF : 8.11.163.200 2048 Bytes 24.07.2014 19:10:42
XBV00176.VDF : 8.11.163.212 212992 Bytes 24.07.2014 19:10:42
XBV00177.VDF : 8.11.163.222 34816 Bytes 24.07.2014 18:23:28
XBV00178.VDF : 8.11.163.226 2048 Bytes 24.07.2014 18:23:28
XBV00179.VDF : 8.11.163.230 21504 Bytes 24.07.2014 18:23:28
XBV00180.VDF : 8.11.165.38 819200 Bytes 04.08.2014 09:59:22
XBV00181.VDF : 8.11.165.40 214528 Bytes 04.08.2014 09:59:22
XBV00182.VDF : 8.11.165.42 2048 Bytes 04.08.2014 09:59:22
XBV00183.VDF : 8.11.165.44 11776 Bytes 04.08.2014 09:59:22
XBV00184.VDF : 8.11.165.48 202752 Bytes 04.08.2014 09:59:23
XBV00185.VDF : 8.11.165.50 2048 Bytes 05.08.2014 09:59:23
XBV00186.VDF : 8.11.165.54 7680 Bytes 05.08.2014 09:59:23
XBV00187.VDF : 8.11.165.58 2048 Bytes 05.08.2014 09:59:23
XBV00188.VDF : 8.11.165.60 201728 Bytes 05.08.2014 09:59:23
XBV00189.VDF : 8.11.165.62 9216 Bytes 05.08.2014 09:59:23
XBV00190.VDF : 8.11.165.64 2048 Bytes 05.08.2014 09:59:23
XBV00191.VDF : 8.11.165.66 2048 Bytes 05.08.2014 09:59:23
XBV00192.VDF : 8.11.165.68 2048 Bytes 05.08.2014 09:59:23
XBV00193.VDF : 8.11.165.70 253952 Bytes 05.08.2014 09:59:24
XBV00194.VDF : 8.11.165.82 236544 Bytes 05.08.2014 09:59:24
XBV00195.VDF : 8.11.165.88 2048 Bytes 05.08.2014 09:59:24
XBV00196.VDF : 8.11.165.94 17408 Bytes 05.08.2014 09:59:24
XBV00197.VDF : 8.11.165.100 2048 Bytes 05.08.2014 09:59:24
XBV00198.VDF : 8.11.165.118 13824 Bytes 06.08.2014 09:59:24
XBV00199.VDF : 8.11.165.122 15360 Bytes 06.08.2014 09:59:24
XBV00200.VDF : 8.11.165.124 2048 Bytes 06.08.2014 09:59:24
XBV00201.VDF : 8.11.165.128 227840 Bytes 06.08.2014 09:59:25
XBV00202.VDF : 8.11.165.130 2048 Bytes 06.08.2014 09:59:25
XBV00203.VDF : 8.11.165.132 2048 Bytes 06.08.2014 09:59:25
XBV00204.VDF : 8.11.165.136 52224 Bytes 06.08.2014 09:59:25
XBV00205.VDF : 8.11.165.138 206848 Bytes 06.08.2014 09:59:25
XBV00206.VDF : 8.11.165.146 12800 Bytes 06.08.2014 09:59:25
XBV00207.VDF : 8.11.165.150 6656 Bytes 06.08.2014 09:59:25
XBV00208.VDF : 8.11.165.156 15872 Bytes 07.08.2014 09:59:25
LOCAL000.VDF : 8.11.165.156 109762560 Bytes 07.08.2014 10:00:14
Engineversion : 8.3.24.2
AEVDF.DLL : 8.3.1.0 133992 Bytes 01.08.2014 18:23:28
AESCRIPT.DLL : 8.2.0.14 428032 Bytes 01.08.2014 18:23:27
AESCN.DLL : 8.3.2.2 139456 Bytes 21.07.2014 22:46:28
AESBX.DLL : 8.2.20.24 1409224 Bytes 11.05.2014 18:16:59
AERDL.DLL : 8.2.0.138 704888 Bytes 14.02.2014 10:00:46
AEPACK.DLL : 8.4.0.46 786632 Bytes 01.08.2014 18:23:27
AEOFFICE.DLL : 8.3.0.16 213192 Bytes 01.08.2014 18:23:27
AEHEUR.DLL : 8.1.4.1198 7338864 Bytes 01.08.2014 18:23:26
AEHELP.DLL : 8.3.1.0 278728 Bytes 29.05.2014 07:35:44
AEGEN.DLL : 8.1.7.28 450752 Bytes 06.06.2014 18:02:09
AEEXP.DLL : 8.4.2.22 244584 Bytes 01.08.2014 18:23:28
AEEMU.DLL : 8.1.3.2 393587 Bytes 14.02.2014 10:00:46
AEDROID.DLL : 8.4.2.24 442568 Bytes 06.06.2014 18:02:11
AECORE.DLL : 8.3.2.2 241864 Bytes 21.07.2014 22:46:26
AEBB.DLL : 8.1.1.4 53619 Bytes 14.02.2014 10:00:46
AVWINLL.DLL : 14.0.6.522 24144 Bytes 07.08.2014 09:58:54
AVPREF.DLL : 14.0.6.522 50256 Bytes 07.08.2014 09:58:57
AVREP.DLL : 14.0.6.522 219216 Bytes 07.08.2014 09:58:57
AVARKT.DLL : 14.0.5.368 226384 Bytes 24.06.2014 11:19:10
AVEVTLOG.DLL : 14.0.6.522 182352 Bytes 07.08.2014 09:58:56
SQLITE3.DLL : 14.0.6.522 452176 Bytes 07.08.2014 09:59:19
AVSMTP.DLL : 14.0.6.522 76368 Bytes 07.08.2014 09:58:59
NETNT.DLL : 14.0.6.522 13392 Bytes 07.08.2014 09:59:14
RCIMAGE.DLL : 14.0.6.544 4863568 Bytes 07.08.2014 09:58:54
RCTEXT.DLL : 14.0.6.536 74320 Bytes 07.08.2014 09:58:54
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_53e3675c\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Beginn des Suchlaufs: Donnerstag, 7. August 2014 13:57
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '182' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'adminservice.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SystemAgentService.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFDriverService8x64.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'NLSSRV32.EXE' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ath_CoexAgent.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '214' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICCProxy.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SettingSyncHost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'TiWorker.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\contesssa\Downloads\malwarebytes-anti-malware_setup.exe'
C:\Users\contesssa\Downloads\malwarebytes-anti-malware_setup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen9
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5184fafb.qua' verschoben!
Ende des Suchlaufs: Donnerstag, 7. August 2014 13:57
Benötigte Zeit: 00:09 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
875 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
874 Dateien ohne Befall
1 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by contesssa at 2014-08-08 10:29:49
Running from C:\Users\contesssa\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Trusted Connect Service Client (Version: 1.26.242.3 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: - )
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.50325 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50325 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shopping Helper Smartbar Engine (HKCU\...\{f6f7e3e1-d1e6-4adc-b2c8-4f9946a84573}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
Skype™ 6.9 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.1.0 - Synaptics Incorporated)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
04-08-2014 13:29:52 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {028F7BA2-6F53-4A86-973A-B72EBE6D73A6} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {11713C7D-CDD5-4ED6-A865-89685117D6DE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {15CFED45-5261-4590-A96F-47EBB8A1961D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31C2A7A0-4892-4BD0-AD93-4A752D1796A5} - System32\Tasks\Lenovo\LenovoMachineInformation => C:\Program Files\lenovo\SystemAgent\MachineInformation.exe [2013-05-02] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {41B089C1-D45B-41BD-A1C7-B07E874EF3EE} - System32\Tasks\Lenovo\LenovoWarrantyChinaTask => C:\Program Files\lenovo\SystemAgent\ChinaWarrantyService.exe [2013-05-02] ()
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4ADE1941-F662-4498-8972-B198A70241BF} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-05-02] ()
Task: {578DA71D-4792-49E5-A998-82BD10017897} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {6A22210D-76C7-4A29-AFE1-B08943249160} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7EEFEB6A-289F-4D4E-9025-A535969B0364} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C93EE21-3136-4695-881A-2F45783050C1} - System32\Tasks\SoftUpdateLogon => C:\Users\contesssa\AppData\Local\SoftUpdate\SoftUpdate.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {927CF79C-0219-4928-9A28-263935B64716} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1361BB9-0188-439D-9100-D20F39CDF21E} - System32\Tasks\SoftUpdateDaily => C:\Users\contesssa\AppData\Local\SoftUpdate\SoftUpdate.exe
Task: {A56F93A8-C213-4A7D-90F0-3EE0E5551C59} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {AA05510B-0EE5-4260-9FB0-84CE84E4290A} - System32\Tasks\Lenovo\LenovoUserguidesCopy => C:\Program Files\lenovo\SystemAgent\UserguidesCopy.exe [2013-05-02] ()
Task: {B379786F-D38D-47CD-AB65-82CA8CF66164} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {B8A14DF3-0A9A-437A-B5D8-9D3CF10694E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {C4583446-F249-471E-B139-442A743C0538} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D97C9F57-3822-4C1D-9B29-ACDB7995D42B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-25 21:52 - 2014-04-25 21:52 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\7a891719ed7b38bb959d812adc580f5c\PSIClient.ni.dll
2013-07-23 14:55 - 2012-10-23 15:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-08-08 10:00 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\contesssa\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\contesssa\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "fst_de_99"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/08/2014 10:12:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x7ac
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5
Error: (08/08/2014 10:12:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x1698
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5
Error: (08/08/2014 10:11:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x105c
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5
Error: (08/08/2014 10:09:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00040833
ID des fehlerhaften Prozesses: 0xa40
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5
Error: (08/08/2014 10:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000763cb
ID des fehlerhaften Prozesses: 0x17d8
Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0
Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1
Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2
Berichtskennung: jre-8u11-windows-au.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5
Error: (08/07/2014 11:25:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0004082f
ID des fehlerhaften Prozesses: 0x31c
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5
Error: (08/07/2014 01:52:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000420d5
ID des fehlerhaften Prozesses: 0x1060
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5
Error: (08/07/2014 01:44:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0002f8c7
ID des fehlerhaften Prozesses: 0x1314
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5
Error: (08/07/2014 01:40:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0002f8c7
ID des fehlerhaften Prozesses: 0x1218
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5
Error: (08/07/2014 00:12:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Name des fehlerhaften Moduls: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0002f8c7
ID des fehlerhaften Prozesses: 0x8f4
Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0
Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1
Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2
Berichtskennung: adwcleaner_3.303.exe3
Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5
System errors:
=============
Error: (08/08/2014 01:46:19 AM) (Source: DCOM) (EventID: 10010) (User: CONNY)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (08/08/2014 01:46:19 AM) (Source: DCOM) (EventID: 10010) (User: CONNY)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (08/07/2014 10:53:53 PM) (Source: DCOM) (EventID: 10016) (User: CONNY)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}connycontesssaS-1-5-21-1714798670-2283502341-2433251003-1001LocalHost (unter Verwendung von LRPC)Microsoft.SkypeApp_3.0.0.1002_x86__kzf8qxf38zg5cS-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734
Error: (08/07/2014 10:53:53 PM) (Source: DCOM) (EventID: 10016) (User: CONNY)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}connycontesssaS-1-5-21-1714798670-2283502341-2433251003-1001LocalHost (unter Verwendung von LRPC)Microsoft.SkypeApp_3.0.0.1002_x86__kzf8qxf38zg5cS-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734
Error: (08/04/2014 10:48:47 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/04/2014 10:48:11 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/04/2014 10:47:58 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/04/2014 10:47:21 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Microsoft Office Sessions:
=========================
Error: (08/08/2014 10:12:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb7ac01cfb2e08e8e82efC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.execc5548e0-1ed3-11e4-beab-50af735ae431
Error: (08/08/2014 10:12:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb169801cfb2e076bccfddC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeb48395f0-1ed3-11e4-beab-50af735ae431
Error: (08/08/2014 10:11:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb105c01cfb2e06a3eb7e1C:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exea81fb835-1ed3-11e4-beab-50af735ae431
Error: (08/08/2014 10:09:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd00040833a4001cfb2def9b5901dC:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\WINDOWS\SYSTEM32\ntdll.dll430badd9-1ed3-11e4-beab-50af735ae431
Error: (08/08/2014 10:04:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb17d801cfb2df56b93864C:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exe94fbfab5-1ed2-11e4-beab-50af735ae431
Error: (08/07/2014 11:25:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd0004082f31c01cfb285dd2e28ccC:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\WINDOWS\SYSTEM32\ntdll.dll6b033e8d-1e79-11e4-beab-50af735ae431
Error: (08/07/2014 01:52:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd000420d5106001cfb235b75a7506C:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\WINDOWS\SYSTEM32\ntdll.dll5f2b7dbb-1e29-11e4-beab-50af735ae431
Error: (08/07/2014 01:44:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764adwcleaner_3.303.exe3.3.0.353e28764c00000fd0002f8c7131401cfb234a79c3ec2C:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\Users\contesssa\Downloads\adwcleaner_3.303.exe3f922920-1e28-11e4-beaa-50af735ae431
Error: (08/07/2014 01:40:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764adwcleaner_3.303.exe3.3.0.353e28764c00000fd0002f8c7121801cfb23450ec8d9fC:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\Users\contesssa\Downloads\adwcleaner_3.303.exeae8b5c3c-1e27-11e4-beaa-50af735ae431
Error: (08/07/2014 00:12:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_3.303.exe3.3.0.353e28764adwcleaner_3.303.exe3.3.0.353e28764c00000fd0002f8c78f401cfb226f445cc81C:\Users\contesssa\Downloads\adwcleaner_3.303.exeC:\Users\contesssa\Downloads\adwcleaner_3.303.exe5008fe28-1e1b-11e4-beaa-50af735ae431
CodeIntegrity Errors:
===================================
Date: 2014-07-20 13:18:25.679
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.
Date: 2014-07-20 13:18:12.580
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.
Date: 2014-02-25 21:57:06.854
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
Date: 2014-02-25 21:57:06.682
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
Date: 2013-11-03 01:10:55.629
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-03 00:59:03.666
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-02 09:18:13.111
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-02 08:44:57.218
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-02 08:38:59.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-02 01:14:32.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 3975.27 MB
Available physical RAM: 2936.98 MB
Total Pagefile: 8071.27 MB
Available Pagefile: 6847.14 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:426.23 GB) (Free:368.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.57 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3FD8BFE0)
Partition: GPT Partition Type.
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by contesssa (administrator) on CONNY on 08-08-2014 10:28:53
Running from C:\Users\contesssa\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-07-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-07-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3041520 2013-03-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Atheros Communications))
HKU\S-1-5-21-1714798670-2283502341-2433251003-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20473504 2013-10-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1714798670-2283502341-2433251003-1001\...\Run: [GoogleChromeAutoLaunch_8856B223242C46EC7E7BB0B38EB6BDE4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:50714;https=127.0.0.1:50714
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {B8685F37-302D-4748-8F8A-0CC05A05EA7B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL:
CHR Extension: (Avira Sparberater) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-03-02]
CHR Extension: (Avira Browser Safety) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-08]
CHR Extension: (Google Wallet) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164736 2012-11-08] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [562504 2013-05-02] (LENOVO INCORPORATED.)
S3 lfsvc; C:\Windows\System32\GeofenceMonitorService.dll [491520 2014-03-14] (Microsoft Corporation) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-02-28] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2013-10-07] ()
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2013-01-24] (Intel(R) Corporation) [File not signed]
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-09] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-08 10:00 - 2014-08-08 10:00 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 10:00 - 2014-08-08 10:00 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-07 12:04 - 2014-08-08 10:09 - 00000000 ____D () C:\AdwCleaner
2014-08-07 12:04 - 2014-08-07 12:04 - 01475072 _____ () C:\Users\contesssa\Downloads\adwcleaner_3.303.exe
2014-08-04 16:19 - 2014-08-04 16:19 - 00000936 _____ () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2014-08-04 15:24 - 2014-08-06 08:36 - 00024491 _____ () C:\Users\contesssa\Downloads\Addition.txt
2014-08-04 15:23 - 2014-08-08 10:29 - 00015061 _____ () C:\Users\contesssa\Downloads\FRST.txt
2014-08-04 15:19 - 2014-08-08 10:28 - 00000000 ____D () C:\FRST
2014-08-04 15:18 - 2014-08-04 15:18 - 02094080 _____ (Farbar) C:\Users\contesssa\Downloads\FRST64.exe
2014-08-04 14:56 - 2014-08-04 15:20 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nico Mak Computing
2014-08-04 14:55 - 2014-08-04 14:55 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8 (1).exe
2014-08-04 14:51 - 2014-08-04 14:51 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8.exe
2014-08-04 10:23 - 2014-08-08 10:18 - 00274243 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 10:16 - 2014-08-04 10:16 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-04 09:03 - 2014-08-04 09:03 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Adobe
2014-07-21 11:55 - 2014-07-21 11:55 - 03736040 _____ (Piriform Ltd) C:\Users\contesssa\Downloads\ccsetup415_slim.exe
2014-07-21 11:55 - 2014-07-21 11:55 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-21 11:55 - 2014-07-21 11:55 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-21 11:12 - 2014-04-05 08:21 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-21 10:41 - 2014-07-21 10:41 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-07-21 10:30 - 2014-07-21 10:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-07-21 10:29 - 2014-07-21 10:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-15 00:37 - 2014-07-19 13:00 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-14 21:08 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 09:31 - 2014-07-10 09:35 - 00019921 _____ () C:\Users\contesssa\Downloads\UStVA2014_II._Quartal_Cornelia_Zink.elfo
2014-07-10 09:07 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 09:07 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 09:07 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 09:07 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 09:07 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 09:07 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 09:07 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 09:07 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 09:07 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 09:07 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 09:07 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 09:07 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 09:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 09:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 09:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 09:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 09:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 09:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 09:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 09:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 09:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 09:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 09:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 09:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 09:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 09:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 09:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 09:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 09:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 09:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 09:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 09:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 09:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 09:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 09:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 09:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 09:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 09:06 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 09:06 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 09:06 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 09:06 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 09:06 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 09:06 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 09:06 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 09:06 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 09:06 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 09:06 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 09:06 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 09:06 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 09:06 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 09:06 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 09:06 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 09:06 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 09:06 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-10 09:01 - 2014-07-10 09:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-08 10:29 - 2014-08-04 15:23 - 00015061 _____ () C:\Users\contesssa\Downloads\FRST.txt
2014-08-08 10:28 - 2014-08-04 15:19 - 00000000 ____D () C:\FRST
2014-08-08 10:18 - 2014-08-04 10:23 - 00274243 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-08 10:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-08 10:09 - 2014-08-07 12:04 - 00000000 ____D () C:\AdwCleaner
2014-08-08 10:03 - 2013-10-18 00:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1714798670-2283502341-2433251003-1001
2014-08-08 10:00 - 2014-08-08 10:00 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 10:00 - 2014-08-08 10:00 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-08 10:00 - 2014-03-02 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-08 10:00 - 2014-03-02 11:48 - 00000000 ____D () C:\ProgramData\Avira
2014-08-08 10:00 - 2014-03-02 11:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-08 10:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-08 09:58 - 2014-02-26 14:46 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 09:58 - 2014-01-10 00:24 - 00000000 __RDO () C:\Users\contesssa\SkyDrive
2014-08-08 00:47 - 2014-02-26 14:45 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-08 00:30 - 2014-02-26 14:46 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 13:48 - 2014-03-13 21:38 - 00000182 _____ () C:\Users\contesssa\AppData\Local\RegisteredPackageInformation.xml
2014-08-07 13:47 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-07 13:46 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-07 12:04 - 2014-08-07 12:04 - 01475072 _____ () C:\Users\contesssa\Downloads\adwcleaner_3.303.exe
2014-08-07 12:01 - 2014-01-29 17:31 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{85B33DF1-38E0-4A33-B992-7D2DC8C2FBAA}
2014-08-06 08:36 - 2014-08-04 15:24 - 00024491 _____ () C:\Users\contesssa\Downloads\Addition.txt
2014-08-04 16:19 - 2014-08-04 16:19 - 00000936 _____ () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2014-08-04 15:20 - 2014-08-04 14:56 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nico Mak Computing
2014-08-04 15:18 - 2014-08-04 15:18 - 02094080 _____ (Farbar) C:\Users\contesssa\Downloads\FRST64.exe
2014-08-04 14:55 - 2014-08-04 14:55 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8 (1).exe
2014-08-04 14:51 - 2014-08-04 14:51 - 04892480 _____ (WinZip International LLC ) C:\Users\contesssa\Downloads\wzmp_8.exe
2014-08-04 10:16 - 2014-08-04 10:16 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iTunes
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iPod
2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-04 09:40 - 2013-10-23 18:45 - 00000000 ____D () C:\Conny
2014-08-04 09:11 - 2013-10-26 15:04 - 00000000 ____D () C:\ProgramData\tmp
2014-08-04 09:03 - 2014-08-04 09:03 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Adobe
2014-08-04 08:51 - 2014-01-09 23:17 - 00000000 ____D () C:\Users\contesssa
2014-08-03 11:50 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-03 11:50 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-03 11:50 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-23 21:30 - 2013-10-27 22:03 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Skype
2014-07-22 11:52 - 2013-10-17 16:57 - 00000000 ___RD () C:\Users\contesssa\Desktop\Anwendungen
2014-07-22 11:50 - 2013-10-27 22:03 - 00000000 ____D () C:\ProgramData\Skype
2014-07-22 11:50 - 2013-10-27 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-22 11:43 - 2013-10-27 21:46 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-22 11:27 - 2013-10-27 16:09 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-22 01:30 - 2013-10-27 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-21 11:55 - 2014-07-21 11:55 - 03736040 _____ (Piriform Ltd) C:\Users\contesssa\Downloads\ccsetup415_slim.exe
2014-07-21 11:55 - 2014-07-21 11:55 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-07-21 11:55 - 2014-07-21 11:55 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-21 10:41 - 2014-07-21 10:41 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-07-21 10:41 - 2014-07-21 10:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-21 10:30 - 2014-07-21 10:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-07-20 13:27 - 2014-04-14 14:56 - 00000163 _____ () C:\WINDOWS\Reimage.ini
2014-07-19 13:00 - 2014-07-15 00:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-19 11:58 - 2013-08-22 15:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-07-15 16:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-15 14:34 - 2014-03-17 13:28 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-15 00:37 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-15 00:30 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 00:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-15 00:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-15 00:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-15 00:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 21:19 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 21:17 - 2013-10-25 14:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-14 21:15 - 2013-10-25 14:05 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-14 21:15 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-10 10:02 - 2013-10-26 15:33 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nitro PDF
2014-07-10 09:35 - 2014-07-10 09:31 - 00019921 _____ () C:\Users\contesssa\Downloads\UStVA2014_II._Quartal_Cornelia_Zink.elfo
2014-07-10 09:01 - 2014-07-10 09:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 19:47 - 2014-02-26 14:45 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
Some content of TEMP:
====================
C:\Users\contesssa\AppData\Local\Temp\avgnt.exe
C:\Users\contesssa\AppData\Local\Temp\jre-8u11-windows-au.exe
C:\Users\contesssa\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-08 01:13
==================== End Of Log ============================
--- --- --- DE][/CODE] |
|
08.08.2014, 10:30
| #10 |
| /// TB-Ausbilder | TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe [gelöst] Servus, zum 1. Schritt: Starte deinen Rechner nach dieser Anleitung und führe das Tool im abgesicherten Modus aus. zum 2. Schritt: Du hast MBAM nicht von der Originalseite geladen bzw. von dort geladen, wo ich es dir gesagt habe... nochmal versuchen. |
|
08.08.2014, 12:58
| #11 |
| | TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe [gelöst] [CODAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014 Ran by contesssa at 2014-08-08 13:39:21 Running from C:\Users\contesssa\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) Intel® Trusted Connect Service Client (Version: 1.26.242.3 - Intel Corporation) Hidden iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.) Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation) Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: - ) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.50325 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50325 - Microsoft Corporation) MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: - ) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shopping Helper Smartbar Engine (HKCU\...\{f6f7e3e1-d1e6-4adc-b2c8-4f9946a84573}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION Skype™ 6.9 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.1.0 - Synaptics Incorporated) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo) Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1714798670-2283502341-2433251003-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 04-08-2014 13:29:52 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {028F7BA2-6F53-4A86-973A-B72EBE6D73A6} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {11713C7D-CDD5-4ED6-A865-89685117D6DE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {15CFED45-5261-4590-A96F-47EBB8A1961D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {31C2A7A0-4892-4BD0-AD93-4A752D1796A5} - System32\Tasks\Lenovo\LenovoMachineInformation => C:\Program Files\lenovo\SystemAgent\MachineInformation.exe [2013-05-02] () Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {41B089C1-D45B-41BD-A1C7-B07E874EF3EE} - System32\Tasks\Lenovo\LenovoWarrantyChinaTask => C:\Program Files\lenovo\SystemAgent\ChinaWarrantyService.exe [2013-05-02] () Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {4ADE1941-F662-4498-8972-B198A70241BF} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-05-02] () Task: {578DA71D-4792-49E5-A998-82BD10017897} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs" Task: {6A22210D-76C7-4A29-AFE1-B08943249160} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7EEFEB6A-289F-4D4E-9025-A535969B0364} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8C93EE21-3136-4695-881A-2F45783050C1} - System32\Tasks\SoftUpdateLogon => C:\Users\contesssa\AppData\Local\SoftUpdate\SoftUpdate.exe Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {927CF79C-0219-4928-9A28-263935B64716} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A1361BB9-0188-439D-9100-D20F39CDF21E} - System32\Tasks\SoftUpdateDaily => C:\Users\contesssa\AppData\Local\SoftUpdate\SoftUpdate.exe Task: {A56F93A8-C213-4A7D-90F0-3EE0E5551C59} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {AA05510B-0EE5-4260-9FB0-84CE84E4290A} - System32\Tasks\Lenovo\LenovoUserguidesCopy => C:\Program Files\lenovo\SystemAgent\UserguidesCopy.exe [2013-05-02] () Task: {B379786F-D38D-47CD-AB65-82CA8CF66164} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {B8A14DF3-0A9A-437A-B5D8-9D3CF10694E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.) Task: {C4583446-F249-471E-B139-442A743C0538} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {D97C9F57-3822-4C1D-9B29-ACDB7995D42B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2013-02-28 18:05 - 2013-02-28 18:05 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-02-28 18:02 - 2013-02-28 18:02 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2013-02-28 18:06 - 2013-02-28 18:06 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-07-14 16:49 - 2014-07-14 16:49 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll 2014-07-14 16:49 - 2014-07-14 16:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll 2014-08-08 10:00 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\contesssa\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll 2014-04-25 21:52 - 2014-04-25 21:52 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\7a891719ed7b38bb959d812adc580f5c\PSIClient.ni.dll 2013-07-23 14:55 - 2012-10-23 15:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\contesssa\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "fst_de_99" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/08/2014 01:14:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: MachineInformation.exe, Version: 1.5.33.0, Zeitstempel: 0x51826efc Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3 Ausnahmecode: 0xe0434352 Fehleroffset: 0x00011d4d ID des fehlerhaften Prozesses: 0xa08 Startzeit der fehlerhaften Anwendung: 0xMachineInformation.exe0 Pfad der fehlerhaften Anwendung: MachineInformation.exe1 Pfad des fehlerhaften Moduls: MachineInformation.exe2 Berichtskennung: MachineInformation.exe3 Vollständiger Name des fehlerhaften Pakets: MachineInformation.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MachineInformation.exe5 Error: (08/08/2014 01:14:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: MachineInformation.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.IO.IOException Stapel: bei System.IO.__Error.WinIOError(Int32, System.String) bei System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean) bei System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare) bei System.Xml.XmlDocument.Save(System.String) bei MachineInformation.Program.Main(System.String[]) Error: (08/08/2014 10:12:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4 Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000763cb ID des fehlerhaften Prozesses: 0x7ac Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0 Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1 Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2 Berichtskennung: jre-8u11-windows-au.exe3 Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5 Error: (08/08/2014 10:12:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4 Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000763cb ID des fehlerhaften Prozesses: 0x1698 Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0 Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1 Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2 Berichtskennung: jre-8u11-windows-au.exe3 Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5 Error: (08/08/2014 10:11:54 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4 Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000763cb ID des fehlerhaften Prozesses: 0x105c Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0 Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1 Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2 Berichtskennung: jre-8u11-windows-au.exe3 Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5 Error: (08/08/2014 10:09:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d Ausnahmecode: 0xc00000fd Fehleroffset: 0x00040833 ID des fehlerhaften Prozesses: 0xa40 Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0 Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1 Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2 Berichtskennung: adwcleaner_3.303.exe3 Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5 Error: (08/08/2014 10:04:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4 Name des fehlerhaften Moduls: jre-8u11-windows-au.exe, Version: 8.0.110.12, Zeitstempel: 0x539fb8f4 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000763cb ID des fehlerhaften Prozesses: 0x17d8 Startzeit der fehlerhaften Anwendung: 0xjre-8u11-windows-au.exe0 Pfad der fehlerhaften Anwendung: jre-8u11-windows-au.exe1 Pfad des fehlerhaften Moduls: jre-8u11-windows-au.exe2 Berichtskennung: jre-8u11-windows-au.exe3 Vollständiger Name des fehlerhaften Pakets: jre-8u11-windows-au.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u11-windows-au.exe5 Error: (08/07/2014 11:25:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d Ausnahmecode: 0xc00000fd Fehleroffset: 0x0004082f ID des fehlerhaften Prozesses: 0x31c Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0 Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1 Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2 Berichtskennung: adwcleaner_3.303.exe3 Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5 Error: (08/07/2014 01:52:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d Ausnahmecode: 0xc00000fd Fehleroffset: 0x000420d5 ID des fehlerhaften Prozesses: 0x1060 Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0 Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1 Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2 Berichtskennung: adwcleaner_3.303.exe3 Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5 Error: (08/07/2014 01:44:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764 Name des fehlerhaften Moduls: adwcleaner_3.303.exe, Version: 3.3.0.3, Zeitstempel: 0x53e28764 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0002f8c7 ID des fehlerhaften Prozesses: 0x1314 Startzeit der fehlerhaften Anwendung: 0xadwcleaner_3.303.exe0 Pfad der fehlerhaften Anwendung: adwcleaner_3.303.exe1 Pfad des fehlerhaften Moduls: adwcleaner_3.303.exe2 Berichtskennung: adwcleaner_3.303.exe3 Vollständiger Name des fehlerhaften Pakets: adwcleaner_3.303.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: adwcleaner_3.303.exe5 System errors: ============= Error: (08/08/2014 01:46:19 AM) (Source: DCOM) (EventID: 10010) (User: CONNY) Description: {3EB3C877-1F16-487C-9050-104DBCD66683} Error: (08/08/2014 01:46:19 AM) (Source: DCOM) (EventID: 10010) (User: CONNY) Description: {3EB3C877-1F16-487C-9050-104DBCD66683} Error: (08/07/2014 10:53:53 PM) (Source: DCOM) (EventID: 10016) (User: CONNY) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}connycontesssaS-1-5-21-1714798670-2283502341-2433251003-1001LocalHost (unter Verwendung von LRPC)Microsoft.SkypeApp_3.0.0.1002_x86__kzf8qxf38zg5cS-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734 Error: (08/07/2014 10:53:53 PM) (Source: DCOM) (EventID: 10016) (User: CONNY) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}connycontesssaS-1-5-21-1714798670-2283502341-2433251003-1001LocalHost (unter Verwendung von LRPC)Microsoft.SkypeApp_3.0.0.1002_x86__kzf8qxf38zg5cS-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734 Error: (08/04/2014 10:48:47 AM) (Source: DCOM) (EventID: 10005) (User: CONNY) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/04/2014 10:48:11 AM) (Source: DCOM) (EventID: 10005) (User: CONNY) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/04/2014 10:47:58 AM) (Source: DCOM) (EventID: 10005) (User: CONNY) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/04/2014 10:47:21 AM) (Source: DCOM) (EventID: 10005) (User: CONNY) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY) Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (08/04/2014 10:42:00 AM) (Source: DCOM) (EventID: 10005) (User: CONNY) Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Microsoft Office Sessions: ========================= Error: (08/08/2014 01:14:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: MachineInformation.exe1.5.33.051826efcKERNELBASE.dll6.3.9600.17055532943a3e043435200011d4da0801cfb2f9e3c75422C:\Program Files\lenovo\SystemAgent\MachineInformation.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll3988c9de-1eed-11e4-beac-50af735ae431 Error: (08/08/2014 01:14:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: MachineInformation.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.IO.IOException Stapel: bei System.IO.__Error.WinIOError(Int32, System.String) bei System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean) bei System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare) bei System.Xml.XmlDocument.Save(System.String) bei MachineInformation.Program.Main(System.String[]) Error: (08/08/2014 10:12:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb7ac01cfb2e08e8e82efC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.execc5548e0-1ed3-11e4-beab-50af735ae431 Error: (08/08/2014 10:12:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb169801cfb2e076bccfddC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeb48395f0-1ed3-11e4-beab-50af735ae431 Error: (08/08/2014 10:11:54 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb105c01cfb2e06a3eb7e1C:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exea81fb835-1ed3-11e4-beab-50af735ae431 Error: (08/08/2014 10:09:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd00040833a4001cfb2def9b5901dC:\Users\contesssa\Downloads\adwcleaner_3.303.exe C:\WINDOWS\SYSTEM32\ntdll.dll430badd9-1ed3-11e4-beab-50af735ae431 Error: (08/08/2014 10:04:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: jre-8u11-windows-au.exe8.0.110.12539fb8f4jre-8u11-windows-au.exe8.0.110.12539fb8f4c0000417000763cb17d801cfb2df56b93864C:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\CONTES~1\AppData\Local\Temp\jre-8u11-windows-au.exe94fbfab5-1ed2-11e4-beab-50af735ae431 Error: (08/07/2014 11:25:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd0004082f31c01cfb285dd2e28ccC:\Users\contesssa\Downloads\adwcleaner_3.303.exe C:\WINDOWS\SYSTEM32\ntdll.dll6b033e8d-1e79-11e4-beab-50af735ae431 Error: (08/07/2014 01:52:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: adwcleaner_3.303.exe3.3.0.353e28764ntdll.dll6.3.9600.170315308893dc00000fd000420d5106001cfb235b75a7506C:\Users\contesssa\Downloads\adwcleaner_3.303.ex eC:\WINDOWS\SYSTEM32\ntdll.dll5f2b7dbb-1e29-11e4-beab-50af735ae431 Error: (08/07/2014 01:44:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: adwcleaner_3.303.exe3.3.0.353e28764adwcleaner_3.303.exe3.3.0.353e28764c00000fd0002f8c7131401cfb234a79c3ec2C:\Users\contesssa\Downloads\adwcleaner_3.30 3.exeC:\Users\contesssa\Downloads\adwcleaner_3.303.exe3f922920-1e28-11e4-beaa-50af735ae431 CodeIntegrity Errors: =================================== Date: 2014-07-20 13:18:25.679 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements. Date: 2014-07-20 13:18:12.580 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements. Date: 2014-02-25 21:57:06.854 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements. Date: 2014-02-25 21:57:06.682 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements. Date: 2013-11-03 01:10:55.629 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-03 00:59:03.666 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-02 09:18:13.111 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-02 08:44:57.218 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-02 08:38:59.879 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-02 01:14:32.601 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 38% Total physical RAM: 3975.27 MB Available physical RAM: 2451.97 MB Total Pagefile: 8071.27 MB Available Pagefile: 6277.09 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:426.23 GB) (Free:368.13 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.57 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 3FD8BFE0) Partition: GPT Partition Type. ==================== End Of Log ============================E][/CODE] FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014 Ran by contesssa (administrator) on CONNY on 08-08-2014 13:38:26 Running from C:\Users\contesssa\Downloads Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (LENOVO INCORPORATED.) C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-06] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-09] (Realtek Semiconductor) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-07-23] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-07-23] (Lenovo(beijing) Limited) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3041520 2013-03-09] (Synaptics Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Atheros Communications)) HKU\S-1-5-21-1714798670-2283502341-2433251003-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20473504 2013-10-02] (Skype Technologies S.A.) HKU\S-1-5-21-1714798670-2283502341-2433251003-1001\...\Run: [GoogleChromeAutoLaunch_8856B223242C46EC7E7BB0B38EB6BDE4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.) HKU\S-1-5-21-1714798670-2283502341-2433251003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20473504 2013-10-02] (Skype Technologies S.A.) HKU\S-1-5-21-1714798670-2283502341-2433251003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_8856B223242C46EC7E7BB0B38EB6BDE4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\contesssa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:50714;https=127.0.0.1:50714 HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {B8685F37-302D-4748-8F8A-0CC05A05EA7B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll () BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchKeyword: trovi.search CHR DefaultNewTabURL: CHR Extension: (Avira Sparberater) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-03-02] CHR Extension: (Google Wallet) - C:\Users\contesssa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19] CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164736 2012-11-08] (Intel Corporation) R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [562504 2013-05-02] (LENOVO INCORPORATED.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-02-28] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2013-10-07] () S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2013-01-24] (Intel(R) Corporation) [File not signed] R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-08] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-09] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-08 13:32 - 2014-08-08 13:32 - 00001155 _____ () C:\anti malware.txt 2014-08-08 13:13 - 2014-08-08 13:13 - 00000522 _____ () C:\WINDOWS\PFRO.log 2014-08-08 12:47 - 2014-08-08 13:14 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-08 12:47 - 2014-08-08 12:47 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-08 12:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-08-08 12:47 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-08-08 12:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-08-08 12:46 - 2014-08-08 12:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\contesssa\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-08 10:00 - 2014-08-08 10:00 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-08 10:00 - 2014-08-08 10:00 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-07 12:04 - 2014-08-08 10:09 - 00000000 ____D () C:\AdwCleaner 2014-08-07 12:04 - 2014-08-07 12:04 - 01475072 _____ () C:\Users\contesssa\Downloads\adwcleaner_3.303.exe 2014-08-04 16:19 - 2014-08-04 16:19 - 00000936 _____ () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk 2014-08-04 15:24 - 2014-08-08 10:30 - 00031406 _____ () C:\Users\contesssa\Downloads\Addition.txt 2014-08-04 15:23 - 2014-08-08 13:38 - 00017407 _____ () C:\Users\contesssa\Downloads\FRST.txt 2014-08-04 15:19 - 2014-08-08 13:38 - 00000000 ____D () C:\FRST 2014-08-04 15:18 - 2014-08-04 15:18 - 02094080 _____ (Farbar) C:\Users\contesssa\Downloads\FRST64.exe 2014-08-04 14:56 - 2014-08-04 15:20 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nico Mak Computing 2014-08-04 10:23 - 2014-08-08 13:35 - 00326676 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-04 10:16 - 2014-08-04 10:16 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iTunes 2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iPod 2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-08-04 09:03 - 2014-08-04 09:03 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Adobe 2014-07-21 11:55 - 2014-07-21 11:55 - 03736040 _____ (Piriform Ltd) C:\Users\contesssa\Downloads\ccsetup415_slim.exe 2014-07-21 11:55 - 2014-07-21 11:55 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2014-07-21 11:55 - 2014-07-21 11:55 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-21 11:12 - 2014-04-05 08:21 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll 2014-07-21 10:41 - 2014-07-21 10:41 - 00000085 _____ () C:\WINDOWS\wininit.ini 2014-07-21 10:30 - 2014-07-21 10:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking 2014-07-21 10:29 - 2014-07-21 10:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-07-15 00:37 - 2014-07-19 13:00 - 00000000 ____D () C:\WINDOWS\Minidump 2014-07-14 21:08 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2014-07-10 09:31 - 2014-07-10 09:35 - 00019921 _____ () C:\Users\contesssa\Downloads\UStVA2014_II._Quartal_Cornelia_Zink.elfo 2014-07-10 09:07 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-07-10 09:07 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-07-10 09:07 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe 2014-07-10 09:07 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe 2014-07-10 09:07 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-07-10 09:07 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2014-07-10 09:07 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2014-07-10 09:07 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2014-07-10 09:07 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2014-07-10 09:07 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2014-07-10 09:07 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2014-07-10 09:07 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-07-10 09:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-07-10 09:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-07-10 09:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-07-10 09:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-07-10 09:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-07-10 09:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-07-10 09:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-07-10 09:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-07-10 09:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-07-10 09:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-07-10 09:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-07-10 09:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-07-10 09:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-07-10 09:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-07-10 09:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-07-10 09:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-07-10 09:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-07-10 09:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-07-10 09:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-07-10 09:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-07-10 09:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-07-10 09:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-07-10 09:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-07-10 09:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-07-10 09:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-07-10 09:06 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-07-10 09:06 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-07-10 09:06 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-07-10 09:06 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2014-07-10 09:06 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-07-10 09:06 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-07-10 09:06 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-10 09:06 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-07-10 09:06 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-07-10 09:06 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-10 09:06 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-07-10 09:06 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-07-10 09:06 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-07-10 09:06 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-07-10 09:06 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-07-10 09:06 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-07-10 09:06 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-07-10 09:01 - 2014-07-10 09:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-08 13:38 - 2014-08-04 15:23 - 00017407 _____ () C:\Users\contesssa\Downloads\FRST.txt 2014-08-08 13:38 - 2014-08-04 15:19 - 00000000 ____D () C:\FRST 2014-08-08 13:38 - 2014-01-29 17:31 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{85B33DF1-38E0-4A33-B992-7D2DC8C2FBAA} 2014-08-08 13:35 - 2014-08-04 10:23 - 00326676 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-08 13:32 - 2014-08-08 13:32 - 00001155 _____ () C:\anti malware.txt 2014-08-08 13:30 - 2014-02-26 14:46 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-08 13:20 - 2013-10-18 00:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1714798670-2283502341-2433251003-1001 2014-08-08 13:15 - 2014-01-10 00:24 - 00000000 __RDO () C:\Users\contesssa\SkyDrive 2014-08-08 13:14 - 2014-08-08 12:47 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-08 13:14 - 2014-03-13 21:38 - 00000182 _____ () C:\Users\contesssa\AppData\Local\RegisteredPackageInformation.xml 2014-08-08 13:14 - 2014-02-26 14:46 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-08 13:13 - 2014-08-08 13:13 - 00000522 _____ () C:\WINDOWS\PFRO.log 2014-08-08 13:13 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-08 13:13 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-08-08 13:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-08-08 12:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-08-08 12:47 - 2014-08-08 12:47 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-08 12:47 - 2014-08-08 12:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-08 12:47 - 2014-02-26 14:45 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-08 12:46 - 2014-08-08 12:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\contesssa\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-08 10:30 - 2014-08-04 15:24 - 00031406 _____ () C:\Users\contesssa\Downloads\Addition.txt 2014-08-08 10:09 - 2014-08-07 12:04 - 00000000 ____D () C:\AdwCleaner 2014-08-08 10:00 - 2014-08-08 10:00 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-08 10:00 - 2014-08-08 10:00 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-08 10:00 - 2014-03-02 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-08 10:00 - 2014-03-02 11:48 - 00000000 ____D () C:\ProgramData\Avira 2014-08-08 10:00 - 2014-03-02 11:48 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-07 12:04 - 2014-08-07 12:04 - 01475072 _____ () C:\Users\contesssa\Downloads\adwcleaner_3.303.exe 2014-08-04 16:19 - 2014-08-04 16:19 - 00000936 _____ () C:\Users\contesssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk 2014-08-04 15:20 - 2014-08-04 14:56 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nico Mak Computing 2014-08-04 15:18 - 2014-08-04 15:18 - 02094080 _____ (Farbar) C:\Users\contesssa\Downloads\FRST64.exe 2014-08-04 10:16 - 2014-08-04 10:16 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iTunes 2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files\iPod 2014-08-04 10:16 - 2014-08-04 10:16 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-08-04 09:40 - 2013-10-23 18:45 - 00000000 ____D () C:\Conny 2014-08-04 09:11 - 2013-10-26 15:04 - 00000000 ____D () C:\ProgramData\tmp 2014-08-04 09:03 - 2014-08-04 09:03 - 00000000 ____D () C:\Users\contesssa\AppData\Local\Adobe 2014-08-04 08:51 - 2014-01-09 23:17 - 00000000 ____D () C:\Users\contesssa 2014-08-03 11:50 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-03 11:50 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat 2014-08-03 11:50 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-23 21:30 - 2013-10-27 22:03 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Skype 2014-07-22 11:52 - 2013-10-17 16:57 - 00000000 ___RD () C:\Users\contesssa\Desktop\Anwendungen 2014-07-22 11:50 - 2013-10-27 22:03 - 00000000 ____D () C:\ProgramData\Skype 2014-07-22 11:50 - 2013-10-27 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-07-22 11:43 - 2013-10-27 21:46 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-07-22 11:27 - 2013-10-27 16:09 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-07-22 01:30 - 2013-10-27 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-07-21 11:55 - 2014-07-21 11:55 - 03736040 _____ (Piriform Ltd) C:\Users\contesssa\Downloads\ccsetup415_slim.exe 2014-07-21 11:55 - 2014-07-21 11:55 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2014-07-21 11:55 - 2014-07-21 11:55 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-07-21 11:55 - 2014-07-21 11:55 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-21 10:41 - 2014-07-21 10:41 - 00000085 _____ () C:\WINDOWS\wininit.ini 2014-07-21 10:41 - 2014-07-21 10:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-07-21 10:30 - 2014-07-21 10:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking 2014-07-20 13:27 - 2014-04-14 14:56 - 00000163 _____ () C:\WINDOWS\Reimage.ini 2014-07-19 13:00 - 2014-07-15 00:37 - 00000000 ____D () C:\WINDOWS\Minidump 2014-07-19 11:58 - 2013-08-22 15:25 - 00000194 _____ () C:\WINDOWS\win.ini 2014-07-15 16:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-07-15 14:34 - 2014-03-17 13:28 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2014-07-15 00:37 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-15 00:30 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-15 00:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-07-15 00:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-07-15 00:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-15 00:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-14 21:19 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-07-14 21:17 - 2013-10-25 14:06 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-14 21:15 - 2013-10-25 14:05 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-14 21:15 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-07-10 10:02 - 2013-10-26 15:33 - 00000000 ____D () C:\Users\contesssa\AppData\Roaming\Nitro PDF 2014-07-10 09:35 - 2014-07-10 09:31 - 00019921 _____ () C:\Users\contesssa\Downloads\UStVA2014_II._Quartal_Cornelia_Zink.elfo 2014-07-10 09:01 - 2014-07-10 09:01 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-07-09 19:47 - 2014-02-26 14:45 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater Some content of TEMP: ==================== C:\Users\contesssa\AppData\Local\Temp\avgnt.exe C:\Users\contesssa\AppData\Local\Temp\jre-8u11-windows-au.exe C:\Users\contesssa\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-08 01:13 ==================== End Of Log ============================ --- --- --- --- --- --- Habe es geschafft Anti-Malware zu downloaden.. es waren 8 unerwünschte Miststücke drauf. Ab in quarantäne und hab den laptop neu gestartet und den suchlauf auch nochmal neu....und war alles sauber. dann versuchte ich den text zu exportieren..vergebends es ging nicht adobe sprang an und hat es nicht zu gelassen rauszuschicken. viele sonnige grüsse |
|
08.08.2014, 16:30
| #12 |
| /// TB-Ausbilder | TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe [gelöst] Servus, bekomme ich noch die Logdatei von AdwCleaner? Wieso hast du nochmal eine Logdatei von FRST gepostet? |
|
11.08.2014, 11:14
| #13 |
| /// TB-Ausbilder | TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe [gelöst] Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
11.08.2014, 19:04
| #14 |
| | TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe [gelöst] --------------------------- - AdwCleaner - Informationen - --------------------------- Wenn Ihnen gesagt wurde AdwCleaner zu benutzen, so liegt es wahrscheinlich daran, dass Ihr PC unerwünschte Programme oder Adware beinhaltet. Potentiell unerwünschte Programme werden oft während der Installation von Software angeboten. Dies kann mit Hilfe von Toolbars geschehen, die manchmal die Startseite ihres Browsers verändern und das Surfen im Internet verlangsamen. Um die Installation von derartigen Programmen zu vermeiden, ist es notwendig, dass Sie die folgenden Tipps befolgen: - Laden Sie ein Programm stets von der offiziellen Seite oder einer vertrauenswürdigen Seite herunter. - Wenn Sie ein Programm installieren, klicken Sie nicht zu schnell auf [Weiter] ohne die Nutzungsbedingungen oder die Programme von Dritt-Anbietern zu beachten. - Sollten Programme von Dritt-Anbietern zur Verfügung stehen (Toolbars, etc. ), entfernen Sie alle Haken davor. - Aktivieren Sie die Erkennung von PUPs in Ihrer Antivirus-Software. Sie können auch Hosts Anti-PUP/Adware von AdwCleaner aus installieren, indem Sie auf "Tools" und dann auf "Hosts Anti-PUP/Adware" klicken. --------------------------- OK --------------------------- Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Suchlauf Datum: 08.08.2014 Suchlauf-Zeit: 14:39:21 Logdatei: anti malware.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.08.02 Rootkit Datenbank: v2014.08.04.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: contesssa Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 316996 Verstrichene Zeit: 12 Min, 43 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Hallo ich kam mit den berichten nicht zu recht. viele Grüße Conny |
|
12.08.2014, 09:43
| #15 |
| /// TB-Ausbilder | TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe [gelöst] Servus, das erste ist nicht die Logdatei von AdwCleaner. Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Sx].txt. (x = fortlaufende Nummer). Bitte nachreichen. |
|
| Themen zu TR/Buzy.4089.3 C:/ Windows/ bsfvc64.exe |
| .exe, leute, liebe, scan, scanner, stelle, troja, trojaner, virenscan, virenscanner, windows, windows 8 |
Linear-Darstellung
