Kann Systweak nicht deinstallieren ...

Ilona 3108 · 20.11.2014, 08:18

Hallo ihr Lieben vom Trojaner-Board,
Ich habe einen Acer Aspire. AMD Athlon(tm) 64X2 Dual Core Processor 5000+ Arbeitsspeicher 4,00 GB; Grafik NVIDIA GeForce G100; 32 Bit -Betriebssystem 2 Prozessorkerne; Windows Vista Upgrade Windows 7 Home Premium.
Ich habe ein Programm installiert und 2 bekommen (Tuneup und Adwanced System Protector) und sie lassen sich nicht mehr deinstallieren. Hab sofort gegoogelt, nachdem sich die Webside von Systweak.com nicht geöffnet hat, und euch gefunden. Ich bin kein Profi, nur ein ganz normaler User (weiblich und 57 Jahre alt). Hab die Schritte gemacht. Meine Firewall und die Internet Security ist von Comodo (Firewall und Antivirenprogramme von Microsoft hatte ich abgeschaltet). Nachdem ich GMER ausgeführt habe, habe ich mein Internet wieder aktiviert. Von GMER habe ich abgeschrieben:

Typ: Attached ... Name\Driver\tdx\Devise\lp Value: cmdhlp.sys
Typ: Attached ... Name\Driver\tdx\Devise\Tcp Value: cmdhlp.sys
Typ: Attached ... Name\Driver\tdx\Devise\Udp Value: cmdhlp.sys
Typ: Attached ... Name\Driver\tdx\Devise\Rawlp Value: cmdhlp.sys

Als ich meine Firewall und Internet Security wieder aktivieren wollte, bekam ich die Fehlermeldung: cis.exe konnte nicht starten, installieren Sie das Produkt (Comodo) erneut. Ich kann auf meinem Desktop keine Bilder (.jpeg) und keine Dateien wie .odt oder .txt mehr öffnen. Normale Dateien aber schon.
Ich wollte von der GMER Auswertung eine Kopie machen, ging nicht. Screenshot konnte ich machen, kann die Bilder aber nicht öffnen.
Ich hoffe ihr könnt mir helfen.

Danke und liebe Grüße Ilona 3108

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2014
Ran by Ilona at 2014-11-20 05:54:59
Running from D:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@promt Personal 8.5 German Giant (HKLM\...\{3A0A037A-B652-4FAB-A410-D9AD375590FB}) (Version: 8.5.00005 - PROMT Ltd.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Advanced-System Protector (HKLM\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1) (Version: 2.1.1000.14271 - systweak.com) <==== ATTENTION
AIMP3 (HKLM\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1835384110-3132260679-903909913-1000\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Any Video Converter 5.7.5 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2012 v.10.0.15 (HKLM\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Astrocontact Mondkalender (HKLM\...\Astrocontact Mondkalender_is1) (Version:  - Astrocontact Software)
AstroWorld 2000 (HKLM\...\AstroWorld 2000) (Version:  - )
Brother MFL-Pro Suite DCP-135C (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CameraHelperMsi (Version: 13.50.854.0 - Logitech) Hidden
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
COMODO Firewall (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.)
COMODO Registry Cleaner 1.0.17.23 (HKLM\...\{9ACC9F63-CF54-46D7-9140-D40E57564EDA}_is1) (Version:  - COMODO Security Solutions Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ContentSAFER for Wizmax (HKLM\...\{C19BE821-89B1-4A96-AC7C-873810C0CB5F}) (Version:  - )
Dropbox (HKU\S-1-5-21-1835384110-3132260679-903909913-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
GeekBuddy (HKLM\...\{79B9250E-3714-4877-A2B0-D6C1E93E471A}) (Version: 4.18.121 - Comodo Security Solutions Inc)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GXTranscoder v2 (HKLM\...\GXTranscoder v2) (Version: 2.24.2980 - GermaniXSoft, Uwe Brückner)
Hoffmans Biorhythmus V1.05 (HKLM\...\Hoffmanns Biorhythmus_is1) (Version:  - Hoffmann Software - Eppendorf)
Image Analyzer (HKLM\...\Image Analyzer) (Version:  - )
Internet-TV für Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Klebezettel NG (Version 2.9.14) (HKLM\...\{4F81901F-3655-4340-8227-F687F69A3C79}}_is1) (Version:  - )
Kyodai Mahjongg 2006 v1.42 (HKLM\...\Kyodai Mahjongg 2006_is1) (Version:  - Rene-Gilles Deberdt)
L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version:  - )
L&H TTS3000 Español (HKLM\...\LHTTSSPE) (Version:  - )
L&H TTS3000 Français (HKLM\...\LHTTSFRF) (Version:  - )
L&H TTS3000 Russian (HKLM\...\LHTTSRUR) (Version:  - )
Lernout & Hauspie TruVoice American English TTS Engine (HKLM\...\tv_enua) (Version:  - )
LingoPad 2.6 (Build 360) (HKLM\...\LingoPad_is1) (Version: 2.6 - Lingo4you)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Media Markt Download Player (HKU\S-1-5-21-1835384110-3132260679-903909913-1000\...\3030318691.video-download.mediamarkt.de) (Version:  - video-download.mediamarkt.de)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0080 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1835384110-3132260679-903909913-1000\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.6776 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NWZ-A860 WALKMAN Guide (HKLM\...\{B4B239C1-1DF0-48A9-9A67-F4492866A56A}) (Version: 2.0.2.04130 - Sony Corporation)
office Convert Word Excel PowerPoint To Text Converter Free 5.0 (HKLM\...\office Convert Word Excel PowerPoint To Text Con~11F14E5E_is1) (Version:  - Officeconvert Software, Inc.)
OpenOffice 4.1.0 Language Pack (German) (HKLM\...\{ED7A9584-1F78-4CB0-B3E7-C30E6B7B02FE}) (Version: 4.10.9764 - Apache Software Foundation)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Passfoto Manager Ver. 1.3 (HKLM\...\Passfoto Manager_is1) (Version:  - NoSpy Software Lab)
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
PDF24 Creator 5.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
pdfsam (HKU\S-1-5-21-1835384110-3132260679-903909913-1000\...\pdfsam) (Version: 2.2.1 - )
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PlayStation(R)Network Downloader (HKLM\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.06.00741 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.3.3.12540 - Sony Computer Entertainment Inc.)
PrivDog (HKLM\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6050 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Samsung PC Studio 3 (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.1.80202 - Samsung Electronics Co., Ltd.)
Samsung PC Studio 3 (Version: 3.0.0.80202 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Screenshot Captor 4.9.0 (HKLM\...\ScreenshotCaptor_is1) (Version:  - )
Soda PDF 6 View Module (Version: 6.3.11.17698 - LULU Software Limited) Hidden
Some PDF to Txt Converter 1.5 (HKLM\...\Some PDF to Txt Converter_is1) (Version:  - SomePDF.com)
Songr (HKU\S-1-5-21-1835384110-3132260679-903909913-1000\...\Songr) (Version: 2.0.2310 - Xamasoft)
Spesoft Audio Converter 1.80 (HKLM\...\Spesoft Audio Converter_is1) (Version:  - Spesoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{2201AD15-0668-411A-9CD2-4980F82EE235}\localserver32 -> C:\Users\Ilona\AppData\Local\Songr\Songr.exe (Xamasoft)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{2ECF8574-A364-319D-BECC-CA0E6E9B2AF9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1835384110-3132260679-903909913-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02B98F10-9F2E-47A6-AEFE-999CD780F3E6} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0CBF46DE-0FF0-48F9-B6EB-DA63F0BA945F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {0DBDFDAB-E2F9-44EB-9DAF-47037F44D0FA} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {182E00C7-2715-4D01-B8F8-8C532C42900F} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {223B381A-A51A-4339-81EE-B0716CBFE3B7} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
Task: {28D1EB6B-549B-4625-AE1C-C7209BD36FEF} - System32\Tasks\Tuneup Pro => C:\Program Files\Tuneup Pro\TuneupPro.exe [2014-10-29] (Tuneup Pro)
Task: {3B1D401D-165E-433E-93A8-D3783A27BADF} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {579DCB58-9BF6-4714-B6BD-EA7B5DB492EB} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ReportUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunUploadWinReports
Task: {5F1F3F4F-373B-4CF0-9101-F0C103CE1976} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files\ASP\AdvancedSystemProtector.exe [2014-11-14] () <==== ATTENTION
Task: {6DE9BF46-5C5C-473E-B6C7-7BA324E4AD87} - System32\Tasks\Tuneup Pro_UPDATES => C:\Program Files\Tuneup Pro\TuneupPro.exe [2014-10-29] (Tuneup Pro)
Task: {7AB5BE5F-4299-4CD9-9D92-BDC4C3839C74} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\MatSvc\DataUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RetryDataUpload
Task: {87102393-BE3F-433D-87AA-42634DEC7AFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)
Task: {8A8BE16B-5780-4D58-B746-79655C3B2F06} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {9D1FB2E8-97F9-40BD-B728-15300947EB45} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {C788DB2F-11F9-4568-8A0E-5BF412C3C5AE} - System32\Tasks\Amazon Music Helper => C:\Users\Ilona\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-09-06] ()
Task: {C856F99B-F54D-42D9-94FE-FF4A7606C08D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C998E9BD-DF9C-47E4-B806-259ADEB5987A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D5CBC3C1-591C-462A-90BC-CAD88354AB5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)
Task: {E0488505-50FA-4545-B964-C1ACE8A35E87} - System32\Tasks\Tuneup Pro_DEFAULT => C:\Program Files\Tuneup Pro\TuneupPro.exe [2014-10-29] (Tuneup Pro)
Task: {E4583220-30CB-4307-AA14-94B9F54BAF8E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {F4736DD6-B0AF-4AC9-9D66-7467B5ABC126} - System32\Tasks\ASP => C:\Program Files\Tuneup Pro\systweakasp.exe [2014-10-07] (Systweak Inc                                                )
Task: {F55DA01C-07A4-4926-B3B3-E87DDE45E4E5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FB56B1F1-571F-4EC1-B7AB-5100A3BD3137} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Tuneup Pro_DEFAULT.job => C:\Program Files\Tuneup Pro\TuneupPro.exe
Task: C:\Windows\Tasks\Tuneup Pro_UPDATES.job => C:\Program Files\Tuneup Pro\TuneupPro.exe

==================== Loaded Modules (whitelisted) =============

2012-11-18 07:48 - 2013-01-18 15:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-05-21 11:22 - 2014-05-21 11:22 - 02135232 _____ () C:\Program Files\Comodo\Dragon\dragon_updater.exe
2010-11-30 17:56 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-01-29 11:25 - 2008-01-29 11:25 - 00598016 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2008-01-29 11:17 - 2008-01-29 11:17 - 00102400 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2008-01-29 11:18 - 2008-01-29 11:18 - 00454656 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2014-06-14 20:37 - 2014-09-06 01:54 - 06281536 _____ () C:\Users\Ilona\AppData\Local\Amazon Music\Amazon Music Helper.exe
2008-01-29 11:24 - 2008-01-29 11:24 - 00163840 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2014-11-20 05:14 - 2014-11-20 05:14 - 00043008 _____ () c:\users\ilona\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpalqc22.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Ilona\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 00976080 _____ () C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 02254544 _____ () C:\Program Files\COMODO\GeekBuddy\QtCore4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 08024784 _____ () C:\Program Files\COMODO\GeekBuddy\QtGui4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 00032976 _____ () C:\Program Files\COMODO\GeekBuddy\imageformats\qgif4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 01299664 _____ () C:\Program Files\COMODO\GeekBuddy\QtScript4.dll
2014-11-11 11:59 - 2014-11-11 11:59 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1835384110-3132260679-903909913-500 - Administrator - Disabled)
Gast (S-1-5-21-1835384110-3132260679-903909913-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1835384110-3132260679-903909913-1006 - Limited - Enabled)
Ilona (S-1-5-21-1835384110-3132260679-903909913-1000 - Administrator - Enabled) => C:\Users\Ilona
UpdatusUser (S-1-5-21-1835384110-3132260679-903909913-1008 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: ntiomin
Description: ntiomin
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ntiomin
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2014 05:45:28 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\ASP\AdvancedSystemProtector.exe Files\ASP\AdvancedSystemProtector.exe" -silentscan; Beschreibung = Advanced-System Protector; Fehler = 0x80070005).

Error: (11/20/2014 05:45:27 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {d6e42b21-718d-48f4-b108-d14057f49767}

Error: (11/20/2014 05:29:32 AM) (Source: MatSvc) (EventID: 3) (User: )
Description: Webdienstfehler im MATS-Dienst. hr=0x80072EE2

Error: (11/20/2014 05:24:43 AM) (Source: MatSvc) (EventID: 3) (User: )
Description: Webdienstfehler im MATS-Dienst. hr=0x80072EE2

Error: (11/19/2014 09:20:34 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: Webdienstfehler im MATS-Dienst. hr=0x80072EE2

Error: (11/19/2014 09:19:46 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/11/19 21:19:46.046]: [00001152]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (11/19/2014 08:23:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/11/19 20:23:04.175]: [00001152]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (11/19/2014 07:53:42 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/11/19 19:53:42.514]: [00001152]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (11/19/2014 06:37:19 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/11/19 18:37:19.195]: [00001152]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (11/19/2014 04:25:58 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: Webdienstfehler im MATS-Dienst. hr=0x80072EE2


System errors:
=============
Error: (11/20/2014 05:16:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/20/2014 05:16:15 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/20/2014 05:14:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ntiomin

Error: (11/20/2014 05:14:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/20/2014 05:14:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft Antimalware Service erreicht.

Error: (11/19/2014 04:20:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/19/2014 02:18:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/19/2014 02:18:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/19/2014 02:16:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ntiomin

Error: (11/19/2014 02:15:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (11/20/2014 05:45:28 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\ASP\AdvancedSystemProtector.exe Files\ASP\AdvancedSystemProtector.exe" -silentscanAdvanced-System Protector0x80070005

Error: (11/20/2014 05:45:27 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {d6e42b21-718d-48f4-b108-d14057f49767}

Error: (11/20/2014 05:29:32 AM) (Source: MatSvc) (EventID: 3) (User: )
Description: hr=0x80072EE2IDataUploadService::UploadResult

Error: (11/20/2014 05:24:43 AM) (Source: MatSvc) (EventID: 3) (User: )
Description: hr=0x80072EE2IDataUploadService::UploadResult

Error: (11/19/2014 09:20:34 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: hr=0x80072EE2IDataUploadService::UploadResult

Error: (11/19/2014 09:19:46 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/11/19 21:19:46.046]: [00001152]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (11/19/2014 08:23:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/11/19 20:23:04.175]: [00001152]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (11/19/2014 07:53:42 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/11/19 19:53:42.514]: [00001152]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (11/19/2014 06:37:19 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/11/19 18:37:19.195]: [00001152]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (11/19/2014 04:25:58 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: hr=0x80072EE2IDataUploadService::UploadResult


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 52%
Total physical RAM: 3070.55 MB
Available physical RAM: 1468.5 MB
Total Pagefile: 6141.1 MB
Available Pagefile: 4085.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.09 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:288.58 GB) (Free:206.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:291.59 GB) (Free:40.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 166738BD)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=288.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=291.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014
Ran by Ilona (administrator) on ILONA-PC on 20-11-2014 05:54:09
Running from D:\Downloads
Loaded Profile: Ilona (Available profiles: Ilona & UpdatusUser & DefaultAppPool)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\COMODO\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Users\Ilona\AppData\Local\Amazon Music\Amazon Music Helper.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AdTrustMedia) C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(DonationCoder) C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Dropbox, Inc.) C:\Users\Ilona\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [PrivDogService] => C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe [525480 2013-11-15] (AdTrustMedia)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKU\S-1-5-21-1835384110-3132260679-903909913-1000\...\Run: [SystemExplorer] => [X]
HKU\S-1-5-21-1835384110-3132260679-903909913-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-1835384110-3132260679-903909913-1000\...\Run: [Screenshot Captor] => C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe [9245368 2014-10-08] (DonationCoder)
HKU\S-1-5-21-1835384110-3132260679-903909913-1000\...\Run: [Amazon Music] => C:\Users\Ilona\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-1835384110-3132260679-903909913-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Status Monitor.lnk
ShortcutTarget: Status Monitor.lnk -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
Startup: C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1835384110-3132260679-903909913-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1835384110-3132260679-903909913-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKU\S-1-5-21-1835384110-3132260679-903909913-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x544069AAE8EDCA01
HKU\S-1-5-21-1835384110-3132260679-903909913-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {1F947360-A36C-4D46-B7C8-CD7D8B720B36} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {1F947360-A36C-4D46-B7C8-CD7D8B720B36} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {AB788C76-21CF-40FF-BFFE-D9601FD3DE93} URL = hxxp://url24.info/?id=5221g9001s1254&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835384110-3132260679-903909913-1000 -> DefaultScope {1F947360-A36C-4D46-B7C8-CD7D8B720B36} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835384110-3132260679-903909913-1000 -> {15D25044-73B9-4DF4-A26A-415C90DCF518} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline_internetexplorer-browser-suche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKU\S-1-5-21-1835384110-3132260679-903909913-1000 -> {1F947360-A36C-4D46-B7C8-CD7D8B720B36} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835384110-3132260679-903909913-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-06-13&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835384110-3132260679-903909913-1000 -> {429187E3-AC5C-44DF-906A-1A53C81DF3F2} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
SearchScopes: HKU\S-1-5-21-1835384110-3132260679-903909913-1000 -> {6DAE62C9-CAC5-40AA-8729-73400A769C71} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-1835384110-3132260679-903909913-1000 -> {AB788C76-21CF-40FF-BFFE-D9601FD3DE93} URL = hxxp://url24.info/?id=5221g9001s1254&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1835384110-3132260679-903909913-1000 -> {D8743C12-E1FC-4B45-AE40-EC4267860967} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-1835384110-3132260679-903909913-1000 -> {DDED3C15-0A81-42AB-A8A4-14C780FB9AD5} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
SearchScopes: HKU\S-1-5-21-1835384110-3132260679-903909913-1000 -> {DE29BD25-293F-4C34-B557-96929050B111} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia)
Toolbar: HKLM - PROMT - {892E81F6-EC63-4d13-8422-835A7A05D6EB} - C:\Program Files\PRMT8\PRMTIE\prmtie.dll (PROMT Ltd.)
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  No File
Toolbar: HKU\S-1-5-21-1835384110-3132260679-903909913-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1835384110-3132260679-903909913-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1835384110-3132260679-903909913-1000 -> No Name - {AD6E6555-FB2C-47D4-8339-3E2965509877} -  No File
Toolbar: HKU\S-1-5-21-1835384110-3132260679-903909913-1000 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices.
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A90C734B-BB9A-4735-BAC3-F71CCC4694FA}: [NameServer] 156.154.70.25,156.154.71.25

FireFox:
========
FF ProfilePath: C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF DefaultSearchEngine: DuckDuckGo
FF SearchEngineOrder.1: SuchMaschine
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.sm.de/?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Soda PDF 6 -> C:\Program Files\Soda PDF 6\np-previewer.dll (LULU SOFTWARE LIMITED)
FF Plugin HKU\S-1-5-21-1835384110-3132260679-903909913-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675\searchplugins\search_engine.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\adawaretb.xml
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675\Extensions\artur.dubovoy@gmail.com [2014-11-12]
FF Extension: EverSync - Sync bookmarks, backup your favorites. - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675\Extensions\fvdmedia@gmail.com [2014-11-18]
FF Extension: Low Quality Flash - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675\Extensions\low_quality_flash@pie2k.com [2013-09-07]
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675\Extensions\pavel.sherbakov@gmail.com [2014-11-13]
FF Extension: PrivDog - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675\Extensions\PrivDog@AdTrustMedia.com [2014-11-19]
FF Extension: YouTube Unblocker - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675\Extensions\youtubeunblocker@unblocker.yt [2014-11-05]
FF Extension: ProxTube - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: Personas Plus - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675\Extensions\personas@christopher.beard.xpi [2013-09-07]
FF Extension: عارض PDF - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675\Extensions\uriloader@pdf.js.xpi [2013-09-07]
FF Extension: All-in-One Sidebar - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2013-09-07]
FF Extension: Web Download Compiler Plus - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675\Extensions\{c329748d-2b88-4d0d-a263-0559d7056670}.xpi [2013-11-06]
FF Extension: Adblock Plus - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\me2laux4.default-1378545038675\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-07]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-11-11]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-11-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [598016 2008-01-29] () [File not signed]
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [310272 2012-06-01] (Microsoft Corporation)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
S3 LULU Software CrashHandler; C:\Program Files\Soda PDF 6\crash-handler-ws.exe [744800 2014-07-02] (LULU SOFTWARE LIMITED)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [163840 2008-01-29] () [File not signed]
S3 Soda PDF 6; C:\Program Files\Soda PDF 6\ws.exe [1655136 2014-07-02] (LULU SOFTWARE LIMITED)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-16] (COMODO)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2014-06-13] (GFI Software)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-16] (COMODO)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [560448 2009-11-16] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [20032 2009-11-16] (DiBcom S.A.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 ALSysIO; \??\C:\Users\Ilona\AppData\Local\Temp\ALSysIO.sys [X]
S3 GearAspiWDM; System32\drivers\GEARAspiWDM.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S1 ntiomin; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 05:52 - 2014-11-20 05:54 - 00000000 ____D () C:\FRST
2014-11-20 05:34 - 2014-11-20 05:34 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\Systweak
2014-11-20 05:32 - 2014-11-20 05:45 - 00000000 ____D () C:\Program Files\ASP
2014-11-20 05:32 - 2014-11-20 05:32 - 00001003 _____ () C:\Users\Public\Desktop\Advanced-System Protector.lnk
2014-11-20 05:32 - 2014-11-20 05:32 - 00000000 ____D () C:\ProgramData\Systweak
2014-11-20 05:32 - 2014-11-20 05:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2014-11-20 05:31 - 2014-11-20 05:31 - 00000264 _____ () C:\Windows\Tasks\Tuneup Pro_UPDATES.job
2014-11-20 05:31 - 2014-11-20 05:31 - 00000256 _____ () C:\Windows\Tasks\Tuneup Pro_DEFAULT.job
2014-11-20 05:31 - 2012-07-25 12:03 - 00017136 _____ () C:\Windows\system32\sasnative32.exe
2014-11-20 05:30 - 2014-11-20 05:30 - 00000988 _____ () C:\Users\Public\Desktop\Tuneup Pro.lnk
2014-11-20 05:30 - 2014-10-29 15:42 - 00017688 _____ () C:\Windows\system32\roboot.exe
2014-11-20 05:29 - 2014-11-20 05:39 - 00000000 ____D () C:\Program Files\Tuneup Pro
2014-11-20 05:29 - 2014-11-20 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tuneup Pro
2014-11-19 17:22 - 2014-11-19 17:22 - 00000000 ____D () C:\Program Files\Common Files\COMODO
2014-11-19 11:18 - 2014-11-19 11:18 - 00018874 _____ () C:\Users\Ilona\Desktop\Robert Betz Dein innerer Richter.odt
2014-11-19 10:58 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:58 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 09:47 - 2014-11-18 09:47 - 06480188 _____ () C:\Users\Ilona\Desktop\Papagai tanzt.mp4
2014-11-18 08:55 - 2014-11-18 08:55 - 00000000 __SHD () C:\Users\Ilona\AppData\Local\EmieBrowserModeList
2014-11-18 08:06 - 2014-11-18 10:11 - 00350288 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-11-18 08:06 - 2014-11-18 08:06 - 00000000 ___HD () C:\VTRoot
2014-11-18 08:04 - 2014-11-18 08:05 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-11-18 08:03 - 2014-11-18 08:05 - 00048392 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-11-18 08:03 - 2014-11-18 08:05 - 00000000 ____D () C:\ProgramData\COMODO
2014-11-18 08:03 - 2014-11-18 08:03 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-11-18 08:03 - 2014-11-18 08:03 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-11-18 08:03 - 2014-11-18 08:03 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-11-18 08:03 - 2014-11-18 08:03 - 00000000 ____D () C:\first_launch
2014-11-17 20:12 - 2014-11-19 18:37 - 00000000 ____D () C:\Users\Ilona\Desktop\Konvertiert
2014-11-16 11:39 - 2014-11-16 11:39 - 01079513 _____ () C:\Users\Ilona\Desktop\Katze geniesst.mp4
2014-11-16 11:10 - 2014-11-16 11:10 - 00428375 _____ () C:\Users\Ilona\Desktop\Katze und Wischmop.mp4
2014-11-16 09:58 - 2014-11-20 05:14 - 00000560 _____ () C:\Windows\setupact.log
2014-11-16 09:58 - 2014-11-16 09:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-12 10:32 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 10:32 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 10:32 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 10:32 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:32 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 10:32 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 10:32 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 10:32 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:32 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:32 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:32 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:32 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:32 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:32 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:32 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:32 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:32 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 10:32 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:32 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:32 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 10:28 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 10:28 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 10:28 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 10:28 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 10:28 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 10:28 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 10:28 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 10:28 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 10:28 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 10:28 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 10:28 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 10:28 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 10:28 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 10:28 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 10:28 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 10:28 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 10:28 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 10:28 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 10:28 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 10:28 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 10:28 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 10:28 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 10:28 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 10:27 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 10:27 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 10:27 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 10:27 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 10:27 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 10:27 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 10:27 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 11:59 - 2014-11-11 11:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-11 11:14 - 2014-11-11 11:14 - 00000000 ____D () C:\Users\Ilona\AppData\Local\Webshots
2014-11-11 11:14 - 2014-11-11 11:14 - 00000000 ____D () C:\Users\Ilona\AppData\Local\CrashRpt
2014-11-11 11:14 - 2014-11-11 11:14 - 00000000 ____D () C:\Program Files\Webshots
2014-11-07 14:36 - 2014-11-07 14:36 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-11-07 14:35 - 2014-11-07 14:35 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-10-28 07:42 - 2014-11-18 10:10 - 00000000 ___RD () C:\Users\Ilona\Dropbox
2014-10-28 07:31 - 2014-11-15 08:17 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-28 07:30 - 2014-11-18 09:08 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\Dropbox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 05:50 - 2010-05-09 11:49 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 05:44 - 2012-08-17 06:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-20 05:21 - 2009-07-14 05:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 05:21 - 2009-07-14 05:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 05:20 - 2010-04-26 13:35 - 01783752 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-20 05:18 - 2010-04-26 13:23 - 01711245 _____ () C:\Windows\WindowsUpdate.log
2014-11-20 05:14 - 2010-10-08 13:00 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-11-20 05:14 - 2010-05-09 11:49 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 05:14 - 2010-04-26 14:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-20 05:14 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 05:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2014-11-19 20:02 - 2010-04-26 19:37 - 00000000 ____D () C:\Program Files\LingoPad
2014-11-19 17:36 - 2010-12-05 18:34 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\vlc
2014-11-19 17:22 - 2010-07-31 07:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-11-18 22:19 - 2012-11-16 16:13 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\AIMP3
2014-11-18 20:45 - 2011-07-19 18:25 - 00000000 ____D () C:\Program Files\Common Files\AstroWorld Shared
2014-11-18 13:24 - 2014-09-08 15:11 - 00000600 _____ () C:\Windows\system32\debug.log
2014-11-18 09:07 - 2010-04-26 14:19 - 00704922 _____ () C:\Windows\PFRO.log
2014-11-18 09:05 - 2010-07-31 07:33 - 00000131 _____ () C:\Windows\CRC.INI
2014-11-18 08:56 - 2010-05-09 11:49 - 00000000 ____D () C:\Program Files\Google
2014-11-18 08:56 - 2010-04-26 19:00 - 00000000 ____D () C:\Users\Ilona\AppData\Local\Google
2014-11-18 08:05 - 2010-07-31 07:17 - 00000000 ____D () C:\Program Files\COMODO
2014-11-15 11:51 - 2014-06-23 13:10 - 00014336 ____H () C:\Users\Ilona\Desktop\photothumb.db
2014-11-13 15:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-11-13 09:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 20:14 - 2013-12-23 11:14 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-12 20:13 - 2014-06-18 19:34 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\OpenCandy
2014-11-12 20:13 - 2010-04-26 18:51 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\AnvSoft
2014-11-12 18:44 - 2012-04-04 05:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-12 18:44 - 2011-05-17 05:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 10:45 - 2009-07-14 05:33 - 00476960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 10:44 - 2014-06-07 09:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 10:44 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-12 10:42 - 2013-08-15 05:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 10:36 - 2010-04-26 14:34 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 10:27 - 2014-10-16 09:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-11-12 10:27 - 2013-04-13 09:05 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-11-11 16:32 - 2014-06-13 08:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-07 14:36 - 2010-12-22 16:29 - 00000000 ____D () C:\Program Files\Amazon
2014-11-04 14:30 - 2010-04-26 14:02 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-03 18:14 - 2011-07-19 18:56 - 00001145 _____ () C:\Windows\acmndkal.ini
2014-11-03 15:08 - 2011-12-07 13:04 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\Audacity
2014-11-03 12:31 - 2010-05-04 12:09 - 00000000 ____D () C:\Windows\Lhsp
2014-10-28 07:42 - 2010-04-26 13:34 - 00000000 ____D () C:\Users\Ilona

Some content of TEMP:
====================
C:\Users\Ilona\AppData\Local\Temp\CleanSchedule.exe
C:\Users\Ilona\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpalqc22.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-18 19:07

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---
[/CODE]

schrauber · 20.11.2014, 08:20

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Ilona 3108 · 20.11.2014, 10:01

Danke Schrauber, ich glaube es hat funktioniert.
Kann ich noch meine eigenen Dateien auf eine externe Festplatte speichern, ohne diese zu infizieren?

Kann Comodo Firewall und Security weder beenden noch neu installieren. Zugriff verweigert. Es scheint, als ob mein Desktop eingefroren wird.

Auch auf meine Dateien auf dem Desktop wird mir der Zugriff verweigert.
Ich erinnere mich gerade ... als ich die Programme Tuneup und Adwanced System Protectorin in Programme und Funktionen deinstallieren wollte, bekam ich eine Nachricht, das - Sinngemäß - auf die Programme nur der Systemadministrator Zugriff hat.

Verzeihung ... ich glaube, ich hätte das alles auf eine andere Seite posten müssen?

LG Ilona 3108

schrauber · 20.11.2014, 19:05

Versuchs mal mit Revo:

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Advanced-System Protector
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ilona 3108 · 21.11.2014, 11:51

Hallo Schrauber, ich fürchte es ist zu spät dafür. Wollte meinen PC gegen 18:00 Uhr hoch fahren. Er versuchte es kurz und zeigte Wirrwarr ... und dann war Ende. Er ging aus.
Ich hab noch nie in meinem Leben einen Computer verrecken sehen.
Danke für deine Mühe und deine Hilfe!!
Liebe Grüße Ilona 3108

Hallo Schrauber, meinst du es macht noch Sinn eine CD zu booten? Was kann ich da drauf tun? Ich habe allerdings nur einen externen DVD Player. Der interne ist kaputt. Und wenn das funktionieren sollte, installiere ich die von dir aufgeführten Programme. LG Ilona 3108

Hallo Schrauber, meinst du es macht noch Sinn eine CD zu booten? Was kann ich da drauf tun? Ich habe allerdings nur einen externen DVD Player. Der interne ist kaputt. Und wenn das funktionieren sollte, installiere ich die von dir aufgeführten Programme. LG Ilona 3108

schrauber · 22.11.2014, 11:09

Was genau passiert denn jetzt wenn Du den Rechner normal starten willst?

Ilona 3108 · 22.11.2014, 12:00

Eingabetaste wählen zur Fehlerbehebung. Er sucht nach Problemen im abgesicherten Modus

Er bietet eine Systemwiederherstellung an.

Die habe ich abgelehnt. Danach hat er den PC gescannt. Ergebnis: Die Starthilfe kann diesen Computer nicht reparieren. Ich habe dann auf fertig stellen geklickt und dann ist er wieder aus gegangen. Danke für deine Nachfrage Schrauber. Ich kann mich erst morgen wieder mehr damit beschäftigen, leider. Ich muss zu einem Empfang. Mit freundlichen Grüßen Ilona 3108 und danke nochmals

schrauber · 23.11.2014, 07:51

hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Ilona 3108 · 25.11.2014, 11:44

Hallo Schrauber, hab alles so gemacht. FRST.exe holperte erst ein paar mal beim scannen und fror dann endgültig ein. Nachdem ich eine halbe Stunde gewartet habe und der Bildschirm sich in keiner Weise veränderte, zog ich mit dem Cursor an einer Ecke und der zog eine Schleifspur wie Buchseiten hinter sich her. Da wußte ich, mein PC hat sich aufgehängt. Ich startete noch mehrere Male einen Versuch, kam aber nicht mehr ins Bootmenü, so oft wie ich auch die F12 Taste drückte. Bei mir steht DEL und daneben F12 Bootmenü. Ich trau mich auch nicht, den Stick an mein Wetab anzuschließen. Vielleicht ist der ja jetzt auch infiziert. Ich weiß nicht, wo ich den Stick neu formatieren kann. Was jetzt?
Mit freundlichen Grüßen
Ilona 3108

schrauber · 25.11.2014, 21:05

Der Stick kann nicht infiziert werden wenn Du in der Recovery bist.
Warst Du ganz sicher in der Recovery?

Ilona 3108 · 25.11.2014, 22:28

Hallo Schrauber, ich war beim dritten Versuch im Bootmenü und von dort aus gelangte ich auf die Dos Ebene. Dort habe ich die Laufwerke E bis H durchprobiert und auf H war mein Stick. Den habe ich dann angeklickt. Ich weiß nicht mehr genau an welcher Stelle Computer reparieren kam, aber es war da. Ich war sehr aufgeregt und bemühte mich, nichts Unnützes im Bootmenü zu verändern. Meines Erachtens habe ich von dort aus FRST gestartet. Es war wie in der Anleitung beschrieben, nur das statt F8 F 12 Bootmenü auf dem Monitor zu sehen war und davor stand DEL. LG Ilona

schrauber · 26.11.2014, 21:26

Sehr komisch. LÖsche FRST vom Stick und lade es neu.

Was passiert wenn Du den Rechner neu startest und direkt F8 drückst, mehrfach und schnell hintereinander?

Ilona 3108 · 03.12.2014, 00:50

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014
Ran by SYSTEM on MININT-SHE9QJC on 01-12-2014 16:22:26
Running from H:\
Platform: Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [PrivDogService] => C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe [525480 2013-11-15] (AdTrustMedia)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKU\Ilona\...\Run: [SystemExplorer] => [X]
HKU\Ilona\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\Ilona\...\Run: [Screenshot Captor] => C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe [9245368 2014-10-08] (DonationCoder)
HKU\Ilona\...\Run: [Amazon Music] => C:\Users\Ilona\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\Ilona\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO)
S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [598016 2008-01-29] ()
S2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [310272 2012-06-01] (Microsoft Corporation)
S2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
S3 LULU Software CrashHandler; C:\Program Files\Soda PDF 6\crash-handler-ws.exe [744800 2014-07-02] (LULU SOFTWARE LIMITED)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [163840 2008-01-29] ()
S3 Soda PDF 6; C:\Program Files\Soda PDF 6\ws.exe [1655136 2014-07-02] (LULU SOFTWARE LIMITED)
S2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)
S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows (R) Win 7 DDK provider)
S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-16] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-16] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-16] (COMODO)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2014-06-13] (GFI Software)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-16] (COMODO)
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [560448 2009-11-16] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [20032 2009-11-16] (DiBcom S.A.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 ALSysIO; \??\C:\Users\Ilona\AppData\Local\Temp\ALSysIO.sys [X]
S3 GearAspiWDM; System32\drivers\GEARAspiWDM.sys [X]
S3 kwdorpog; \??\C:\Users\Ilona\AppData\Local\Temp\kwdorpog.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S1 ntiomin; No ImagePath

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys 548CCBD8B48FDF7E2435AD6017920A7F
C:\Windows\system32\drivers\appid.sys E499E422412EF37576092A52648DB2B4
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CFRMD.sys 34B4DB818E86C2822C2AF43108D660F1
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmderd.sys D620158051DC6A9D65C863F6E7211F1E
C:\Windows\System32\DRIVERS\cmdguard.sys 368DFF8B4EBD9002EB428C45759C3117
C:\Windows\System32\DRIVERS\cmdhlp.sys 7C34B6662CC5571648E97EFEA3A0A789
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 560B0DCE52DFED6623B27C9BAFA6F236
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\gfibto.sys 483924F92E55A5F9423201EC635E2CED
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStor.sys D483687EACE0C065EE772481A96E05F5
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\inspect.sys 5F83E9EE7BD099FA34660C2A91FBD3AC
C:\Windows\System32\drivers\RTKVHDA.sys 01ABFE5F855DEC02EE61A09A71586943
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4120DA10AA42A9996F4575DB9E3E6E6E
C:\Windows\System32\Drivers\ksecpkg.sys 1E1845606C5A4579F7F3D95796CC1ED1
C:\Windows\System32\DRIVERS\Lbd.sys B7C19EC8B0DD7EFA58AD41FFEB8B8CDA
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvrs.sys ED643E777BA3F7151EF3F0FB6BE4F7F0
C:\Windows\System32\DRIVERS\lvuvc.sys 5BC80451109A8DD7F2DDD35BCE2929A3
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mod7700.sys 0E22A7045E267D4B2A225EC3D0E142AB
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\modrc.sys E405A1F611599EA42DC5F634F4CF1F8D
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6460D4A5C981567E74A7AC1349DE10F5
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvmfdx32.sys AE78A7285DF03A277415FC62F8CE8F24
C:\Windows\System32\drivers\nvhda32v.sys 77F9F9A199B87FE3F852E12F5419240B
C:\Windows\System32\DRIVERS\nvlddmkm.sys B69E6F70CE1151C8D62ABC9DEF64DFBE
C:\Windows\System32\DRIVERS\nvmf6232.sys 1DE923088878B495CD4219E47BA34EB8
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\System32\DRIVERS\nvsmu.sys C44EE36DD84FA95EB81D79C374756003
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\System32\DRIVERS\nvstor32.sys FA7B8ECA6E845B244B7E30A9DCD82C6C
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 344D1FA0438A967F1A2BAA42C86D6E19
C:\Windows\System32\DRIVERS\point32.sys E1BDA4A545CB54889CC24DF72A024E75
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\System32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\System32\DRIVERS\ssudmdm.sys 585FDB94DB04AC1C56298D1FD1F1389E
C:\Windows\System32\Drivers\StarOpen.sys 306521935042FC0A6988D528643619B3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 18:05 - 2014-11-24 17:36 - 300658324 _____ () C:\Windows\MEMORY.DMP
2014-11-20 11:21 - 2014-11-20 11:21 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\Tuneup Pro
2014-11-20 07:33 - 2014-11-20 09:39 - 00000000 ____D () C:\Users\Ilona\Desktop\Gmer
2014-11-20 07:14 - 2014-11-20 07:15 - 00000000 ____D () C:\Users\Ilona\Desktop\FRST 1
2014-11-20 07:08 - 2014-11-20 07:08 - 00380416 _____ () C:\Users\Ilona\Desktop\Gmer-19357.exe
2014-11-20 06:55 - 2014-11-20 06:59 - 00000472 _____ () C:\Users\Ilona\Desktop\defogger_disable.log
2014-11-20 06:55 - 2014-11-20 06:55 - 00000000 _____ () C:\Users\Ilona\defogger_reenable
2014-11-20 06:34 - 2014-11-20 06:35 - 00050477 _____ () C:\Users\Ilona\Desktop\Defogger.exe
2014-11-20 05:52 - 2014-12-01 16:22 - 00000000 ____D () C:\FRST
2014-11-20 05:51 - 2014-11-20 05:51 - 01108992 _____ (Farbar) C:\Users\Ilona\Desktop\FRST.exe
2014-11-20 05:34 - 2014-11-20 05:34 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\Systweak
2014-11-20 05:32 - 2014-11-20 05:45 - 00000000 ____D () C:\Program Files\ASP
2014-11-20 05:32 - 2014-11-20 05:32 - 00000000 ____D () C:\ProgramData\Systweak
2014-11-20 05:31 - 2012-07-25 12:03 - 00017136 _____ () C:\Windows\System32\sasnative32.exe
2014-11-20 05:30 - 2014-10-29 15:42 - 00017688 _____ () C:\Windows\System32\roboot.exe
2014-11-20 05:29 - 2014-11-20 05:39 - 00000000 ____D () C:\Program Files\Tuneup Pro
2014-11-19 17:22 - 2014-11-19 17:22 - 00000000 ____D () C:\Program Files\Common Files\COMODO
2014-11-19 11:18 - 2014-11-19 11:18 - 00018874 _____ () C:\Users\Ilona\Desktop\Robert Betz Dein innerer Richter.odt
2014-11-19 10:58 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-19 10:58 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2014-11-18 09:47 - 2014-11-18 09:47 - 06480188 _____ () C:\Users\Ilona\Desktop\Papagai tanzt.mp4
2014-11-18 08:55 - 2014-11-18 08:55 - 00000000 __SHD () C:\Users\Ilona\AppData\Local\EmieBrowserModeList
2014-11-18 08:06 - 2014-11-18 10:11 - 00350288 _____ () C:\Windows\System32\Drivers\fvstore.dat
2014-11-18 08:06 - 2014-11-18 08:06 - 00000000 ___HD () C:\VTRoot
2014-11-18 08:04 - 2014-11-18 08:05 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-11-18 08:03 - 2014-11-18 08:05 - 00048392 _____ (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2014-11-18 08:03 - 2014-11-18 08:05 - 00000000 ____D () C:\ProgramData\COMODO
2014-11-18 08:03 - 2014-11-18 08:03 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-11-18 08:03 - 2014-11-18 08:03 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-11-18 08:03 - 2014-11-18 08:03 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-11-18 08:03 - 2014-11-18 08:03 - 00000000 ____D () C:\first_launch
2014-11-17 20:12 - 2014-11-19 18:37 - 00000000 ____D () C:\Users\Ilona\Desktop\Konvertiert
2014-11-16 11:39 - 2014-11-16 11:39 - 01079513 _____ () C:\Users\Ilona\Desktop\Katze geniesst.mp4
2014-11-16 11:10 - 2014-11-16 11:10 - 00428375 _____ () C:\Users\Ilona\Desktop\Katze und Wischmop.mp4
2014-11-16 09:58 - 2014-11-20 05:14 - 00000560 _____ () C:\Windows\setupact.log
2014-11-16 09:58 - 2014-11-16 09:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-12 10:32 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-11-12 10:32 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-11-12 10:32 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-11-12 10:32 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-11-12 10:32 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-11-12 10:32 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-11-12 10:32 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-11-12 10:32 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-11-12 10:32 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-11-12 10:32 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2014-11-12 10:32 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-11-12 10:32 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-11-12 10:32 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-11-12 10:32 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-11-12 10:32 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-11-12 10:32 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-11-12 10:32 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-11-12 10:32 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-11-12 10:32 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-11-12 10:32 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2014-11-12 10:28 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-11-12 10:28 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-12 10:28 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-11-12 10:28 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-11-12 10:28 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-11-12 10:28 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-12 10:28 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-11-12 10:28 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-12 10:28 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-12 10:28 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-11-12 10:28 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-11-12 10:28 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-12 10:28 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-12 10:28 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-12 10:28 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-11-12 10:28 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-12 10:28 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-12 10:28 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-11-12 10:28 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-12 10:28 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-12 10:28 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-12 10:28 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-12 10:28 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-11-12 10:27 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-12 10:27 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-12 10:27 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-11-12 10:27 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-12 10:27 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-12 10:27 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-12 10:27 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-11-11 11:59 - 2014-11-11 11:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-11 11:14 - 2014-11-11 11:14 - 00000000 ____D () C:\Users\Ilona\AppData\Local\Webshots
2014-11-11 11:14 - 2014-11-11 11:14 - 00000000 ____D () C:\Users\Ilona\AppData\Local\CrashRpt
2014-11-11 11:14 - 2014-11-11 11:14 - 00000000 ____D () C:\Program Files\Webshots
2014-11-07 14:35 - 2014-11-07 14:35 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 17:36 - 2010-04-26 14:19 - 00705602 _____ () C:\Windows\PFRO.log
2014-11-22 11:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-11-20 11:23 - 2010-10-08 13:00 - 00196608 _____ () C:\Windows\System32\Ikeext.etl
2014-11-20 11:23 - 2010-04-26 13:23 - 01712334 _____ () C:\Windows\WindowsUpdate.log
2014-11-20 11:15 - 2010-04-26 13:35 - 01783752 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-20 11:11 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2014-11-20 09:09 - 2014-06-23 13:10 - 00016384 ____H () C:\Users\Ilona\Desktop\photothumb.db
2014-11-20 07:11 - 2010-05-04 12:09 - 00000000 ____D () C:\Windows\Lhsp
2014-11-20 06:55 - 2010-04-26 13:34 - 00000000 ____D () C:\users\Ilona
2014-11-20 06:37 - 2010-04-26 19:37 - 00000000 ____D () C:\Program Files\LingoPad
2014-11-20 05:21 - 2009-07-14 05:34 - 00023168 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 05:21 - 2009-07-14 05:34 - 00023168 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 05:14 - 2010-04-26 14:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-19 17:36 - 2010-12-05 18:34 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\vlc
2014-11-18 22:19 - 2012-11-16 16:13 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\AIMP3
2014-11-18 20:45 - 2011-07-19 18:25 - 00000000 ____D () C:\Program Files\Common Files\AstroWorld Shared
2014-11-18 13:24 - 2014-09-08 15:11 - 00000600 _____ () C:\Windows\System32\debug.log
2014-11-18 10:10 - 2014-10-28 07:42 - 00000000 ___RD () C:\Users\Ilona\Dropbox
2014-11-18 09:08 - 2014-10-28 07:30 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\Dropbox
2014-11-18 09:05 - 2010-07-31 07:33 - 00000131 _____ () C:\Windows\CRC.INI
2014-11-18 08:56 - 2010-05-09 11:49 - 00000000 ____D () C:\Program Files\Google
2014-11-18 08:56 - 2010-04-26 19:00 - 00000000 ____D () C:\Users\Ilona\AppData\Local\Google
2014-11-18 08:05 - 2010-07-31 07:17 - 00000000 ____D () C:\Program Files\COMODO
2014-11-13 15:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-11-13 09:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 20:14 - 2013-12-23 11:14 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-12 20:13 - 2014-06-18 19:34 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\OpenCandy
2014-11-12 20:13 - 2010-04-26 18:51 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\AnvSoft
2014-11-12 18:44 - 2012-04-04 05:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-11-12 18:44 - 2011-05-17 05:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-11-12 10:45 - 2009-07-14 05:33 - 00476960 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-12 10:44 - 2014-06-07 09:47 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-11-12 10:44 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\de-DE
2014-11-12 10:42 - 2013-08-15 05:02 - 00000000 ____D () C:\Windows\System32\MRT
2014-11-12 10:36 - 2010-04-26 14:34 - 100445232 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-11-12 10:27 - 2014-10-16 09:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-11-12 10:27 - 2013-04-13 09:05 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-11-11 16:32 - 2014-06-13 08:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-07 14:36 - 2010-12-22 16:29 - 00000000 ____D () C:\Program Files\Amazon
2014-11-04 14:30 - 2010-04-26 14:02 - 00229000 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-11-03 18:14 - 2011-07-19 18:56 - 00001145 _____ () C:\Windows\acmndkal.ini
2014-11-03 15:08 - 2011-12-07 13:04 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\Audacity

Some content of TEMP:
====================
C:\Users\Ilona\AppData\Local\Temp\CleanSchedule.exe
C:\Users\Ilona\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpalqc22.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2014-10-15 20:41] - [2014-07-17 02:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-09-30 07:15:23
Restore point made on: 2014-10-01 10:48:29
Restore point made on: 2014-10-07 10:30:23
Restore point made on: 2014-10-10 19:09:35
Restore point made on: 2014-10-14 11:06:28
Restore point made on: 2014-10-15 20:39:55
Restore point made on: 2014-10-16 09:25:08
Restore point made on: 2014-10-16 09:31:03
Restore point made on: 2014-10-16 13:30:39
Restore point made on: 2014-10-17 13:34:36
Restore point made on: 2014-10-20 09:19:54
Restore point made on: 2014-10-23 17:41:59
Restore point made on: 2014-10-27 08:17:35
Restore point made on: 2014-10-30 12:22:25
Restore point made on: 2014-11-03 09:37:55
Restore point made on: 2014-11-06 19:52:14
Restore point made on: 2014-11-10 18:39:51
Restore point made on: 2014-11-12 10:35:22
Restore point made on: 2014-11-18 07:41:26
Restore point made on: 2014-11-18 08:04:30
Restore point made on: 2014-11-18 08:56:34
Restore point made on: 2014-11-18 09:01:50
Restore point made on: 2014-11-19 11:31:01

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {8502a0cc-3fd8-11df-99fd-001d72b26580}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {8502a0ca-3fd8-11df-99fd-001d72b26580}
device                  ramdisk=[C:]\Recovery\8502a0ca-3fd8-11df-99fd-001d72b26580\Winre.wim,{8502a0cb-3fd8-11df-99fd-001d72b26580}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\8502a0ca-3fd8-11df-99fd-001d72b26580\Winre.wim,{8502a0cb-3fd8-11df-99fd-001d72b26580}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {8502a0cc-3fd8-11df-99fd-001d72b26580}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\8502a0ce-3fd8-11df-99fd-001d72b26580\Winre.wim,{8502a0cf-3fd8-11df-99fd-001d72b26580}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\8502a0ce-3fd8-11df-99fd-001d72b26580\Winre.wim,{8502a0cf-3fd8-11df-99fd-001d72b26580}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {8502a0cc-3fd8-11df-99fd-001d72b26580}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows-Legacybetriebssystem-Ladeprogramm
-----------------------------------------
Bezeichner              {ntldr}
device                  unknown
path                    \ntldr
description             Frhere Windows-Version

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {8502a0c5-3fd8-11df-99fd-001d72b26580}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8502a0c4-3fd8-11df-99fd-001d72b26580\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {8502a0c7-3fd8-11df-99fd-001d72b26580}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8502a0c6-3fd8-11df-99fd-001d72b26580\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {8502a0c9-3fd8-11df-99fd-001d72b26580}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8502a0c8-3fd8-11df-99fd-001d72b26580\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {8502a0cb-3fd8-11df-99fd-001d72b26580}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8502a0ca-3fd8-11df-99fd-001d72b26580\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {8502a0cf-3fd8-11df-99fd-001d72b26580}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8502a0ce-3fd8-11df-99fd-001d72b26580\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 3838.55 MB
Available physical RAM: 3349.82 MB
Total Pagefile: 3836.83 MB
Available Pagefile: 3340.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.44 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:288.58 GB) (Free:209 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:291.59 GB) (Free:40.15 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:16 GB) (Free:6.21 GB) NTFS
Drive h: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.44 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 166738BD)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=288.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=291.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)


LastRegBack: 2014-11-18 19:07

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

[/CODE]

Hallo Schrauber, hab es geschafft. Mein PC hat sich dieses mal nicht aufgehängt. Habe ihn danach gleich wieder runtergefahren.
Gruß Ilona 3108

Hallo Schrauber, hab es geschafft. Mein PC hat sich dieses mal nicht aufgehängt. Habe ihn danach gleich wieder runtergefahren.
Gruß Ilona 3108

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014
Ran by SYSTEM on MININT-SHE9QJC on 01-12-2014 16:22:26
Running from H:\
Platform: Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [PrivDogService] => C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe [525480 2013-11-15] (AdTrustMedia)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKU\Ilona\...\Run: [SystemExplorer] => [X]
HKU\Ilona\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\Ilona\...\Run: [Screenshot Captor] => C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe [9245368 2014-10-08] (DonationCoder)
HKU\Ilona\...\Run: [Amazon Music] => C:\Users\Ilona\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\Ilona\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO)
S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [598016 2008-01-29] ()
S2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [310272 2012-06-01] (Microsoft Corporation)
S2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
S3 LULU Software CrashHandler; C:\Program Files\Soda PDF 6\crash-handler-ws.exe [744800 2014-07-02] (LULU SOFTWARE LIMITED)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [163840 2008-01-29] ()
S3 Soda PDF 6; C:\Program Files\Soda PDF 6\ws.exe [1655136 2014-07-02] (LULU SOFTWARE LIMITED)
S2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)
S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows (R) Win 7 DDK provider)
S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-16] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-16] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-16] (COMODO)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2014-06-13] (GFI Software)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-16] (COMODO)
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [560448 2009-11-16] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [20032 2009-11-16] (DiBcom S.A.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 ALSysIO; \??\C:\Users\Ilona\AppData\Local\Temp\ALSysIO.sys [X]
S3 GearAspiWDM; System32\drivers\GEARAspiWDM.sys [X]
S3 kwdorpog; \??\C:\Users\Ilona\AppData\Local\Temp\kwdorpog.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S1 ntiomin; No ImagePath

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys 548CCBD8B48FDF7E2435AD6017920A7F
C:\Windows\system32\drivers\appid.sys E499E422412EF37576092A52648DB2B4
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CFRMD.sys 34B4DB818E86C2822C2AF43108D660F1
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmderd.sys D620158051DC6A9D65C863F6E7211F1E
C:\Windows\System32\DRIVERS\cmdguard.sys 368DFF8B4EBD9002EB428C45759C3117
C:\Windows\System32\DRIVERS\cmdhlp.sys 7C34B6662CC5571648E97EFEA3A0A789
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 560B0DCE52DFED6623B27C9BAFA6F236
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\gfibto.sys 483924F92E55A5F9423201EC635E2CED
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStor.sys D483687EACE0C065EE772481A96E05F5
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\inspect.sys 5F83E9EE7BD099FA34660C2A91FBD3AC
C:\Windows\System32\drivers\RTKVHDA.sys 01ABFE5F855DEC02EE61A09A71586943
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4120DA10AA42A9996F4575DB9E3E6E6E
C:\Windows\System32\Drivers\ksecpkg.sys 1E1845606C5A4579F7F3D95796CC1ED1
C:\Windows\System32\DRIVERS\Lbd.sys B7C19EC8B0DD7EFA58AD41FFEB8B8CDA
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvrs.sys ED643E777BA3F7151EF3F0FB6BE4F7F0
C:\Windows\System32\DRIVERS\lvuvc.sys 5BC80451109A8DD7F2DDD35BCE2929A3
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mod7700.sys 0E22A7045E267D4B2A225EC3D0E142AB
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\modrc.sys E405A1F611599EA42DC5F634F4CF1F8D
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6460D4A5C981567E74A7AC1349DE10F5
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvmfdx32.sys AE78A7285DF03A277415FC62F8CE8F24
C:\Windows\System32\drivers\nvhda32v.sys 77F9F9A199B87FE3F852E12F5419240B
C:\Windows\System32\DRIVERS\nvlddmkm.sys B69E6F70CE1151C8D62ABC9DEF64DFBE
C:\Windows\System32\DRIVERS\nvmf6232.sys 1DE923088878B495CD4219E47BA34EB8
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\System32\DRIVERS\nvsmu.sys C44EE36DD84FA95EB81D79C374756003
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\System32\DRIVERS\nvstor32.sys FA7B8ECA6E845B244B7E30A9DCD82C6C
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 344D1FA0438A967F1A2BAA42C86D6E19
C:\Windows\System32\DRIVERS\point32.sys E1BDA4A545CB54889CC24DF72A024E75
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\System32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\System32\DRIVERS\ssudmdm.sys 585FDB94DB04AC1C56298D1FD1F1389E
C:\Windows\System32\Drivers\StarOpen.sys 306521935042FC0A6988D528643619B3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 18:05 - 2014-11-24 17:36 - 300658324 _____ () C:\Windows\MEMORY.DMP
2014-11-20 11:21 - 2014-11-20 11:21 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\Tuneup Pro
2014-11-20 07:33 - 2014-11-20 09:39 - 00000000 ____D () C:\Users\Ilona\Desktop\Gmer
2014-11-20 07:14 - 2014-11-20 07:15 - 00000000 ____D () C:\Users\Ilona\Desktop\FRST 1
2014-11-20 07:08 - 2014-11-20 07:08 - 00380416 _____ () C:\Users\Ilona\Desktop\Gmer-19357.exe
2014-11-20 06:55 - 2014-11-20 06:59 - 00000472 _____ () C:\Users\Ilona\Desktop\defogger_disable.log
2014-11-20 06:55 - 2014-11-20 06:55 - 00000000 _____ () C:\Users\Ilona\defogger_reenable
2014-11-20 06:34 - 2014-11-20 06:35 - 00050477 _____ () C:\Users\Ilona\Desktop\Defogger.exe
2014-11-20 05:52 - 2014-12-01 16:22 - 00000000 ____D () C:\FRST
2014-11-20 05:51 - 2014-11-20 05:51 - 01108992 _____ (Farbar) C:\Users\Ilona\Desktop\FRST.exe
2014-11-20 05:34 - 2014-11-20 05:34 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\Systweak
2014-11-20 05:32 - 2014-11-20 05:45 - 00000000 ____D () C:\Program Files\ASP
2014-11-20 05:32 - 2014-11-20 05:32 - 00000000 ____D () C:\ProgramData\Systweak
2014-11-20 05:31 - 2012-07-25 12:03 - 00017136 _____ () C:\Windows\System32\sasnative32.exe
2014-11-20 05:30 - 2014-10-29 15:42 - 00017688 _____ () C:\Windows\System32\roboot.exe
2014-11-20 05:29 - 2014-11-20 05:39 - 00000000 ____D () C:\Program Files\Tuneup Pro
2014-11-19 17:22 - 2014-11-19 17:22 - 00000000 ____D () C:\Program Files\Common Files\COMODO
2014-11-19 11:18 - 2014-11-19 11:18 - 00018874 _____ () C:\Users\Ilona\Desktop\Robert Betz Dein innerer Richter.odt
2014-11-19 10:58 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-19 10:58 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2014-11-18 09:47 - 2014-11-18 09:47 - 06480188 _____ () C:\Users\Ilona\Desktop\Papagai tanzt.mp4
2014-11-18 08:55 - 2014-11-18 08:55 - 00000000 __SHD () C:\Users\Ilona\AppData\Local\EmieBrowserModeList
2014-11-18 08:06 - 2014-11-18 10:11 - 00350288 _____ () C:\Windows\System32\Drivers\fvstore.dat
2014-11-18 08:06 - 2014-11-18 08:06 - 00000000 ___HD () C:\VTRoot
2014-11-18 08:04 - 2014-11-18 08:05 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-11-18 08:03 - 2014-11-18 08:05 - 00048392 _____ (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2014-11-18 08:03 - 2014-11-18 08:05 - 00000000 ____D () C:\ProgramData\COMODO
2014-11-18 08:03 - 2014-11-18 08:03 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-11-18 08:03 - 2014-11-18 08:03 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-11-18 08:03 - 2014-11-18 08:03 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-11-18 08:03 - 2014-11-18 08:03 - 00000000 ____D () C:\first_launch
2014-11-17 20:12 - 2014-11-19 18:37 - 00000000 ____D () C:\Users\Ilona\Desktop\Konvertiert
2014-11-16 11:39 - 2014-11-16 11:39 - 01079513 _____ () C:\Users\Ilona\Desktop\Katze geniesst.mp4
2014-11-16 11:10 - 2014-11-16 11:10 - 00428375 _____ () C:\Users\Ilona\Desktop\Katze und Wischmop.mp4
2014-11-16 09:58 - 2014-11-20 05:14 - 00000560 _____ () C:\Windows\setupact.log
2014-11-16 09:58 - 2014-11-16 09:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-12 10:32 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-11-12 10:32 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-11-12 10:32 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-11-12 10:32 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-11-12 10:32 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-11-12 10:32 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-11-12 10:32 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-11-12 10:32 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-11-12 10:32 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-11-12 10:32 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2014-11-12 10:32 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-11-12 10:32 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-11-12 10:32 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-11-12 10:32 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-11-12 10:32 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-11-12 10:32 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-11-12 10:32 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-11-12 10:32 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-11-12 10:32 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-11-12 10:32 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-11-12 10:32 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2014-11-12 10:28 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-11-12 10:28 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-12 10:28 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-11-12 10:28 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-11-12 10:28 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-11-12 10:28 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-12 10:28 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-11-12 10:28 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-12 10:28 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-12 10:28 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-11-12 10:28 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-11-12 10:28 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-12 10:28 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-12 10:28 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-12 10:28 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-11-12 10:28 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-12 10:28 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-12 10:28 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-11-12 10:28 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-12 10:28 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-12 10:28 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-12 10:28 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-12 10:28 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-11-12 10:27 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-12 10:27 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-12 10:27 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-11-12 10:27 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-12 10:27 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-12 10:27 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-12 10:27 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-11-11 11:59 - 2014-11-11 11:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-11 11:14 - 2014-11-11 11:14 - 00000000 ____D () C:\Users\Ilona\AppData\Local\Webshots
2014-11-11 11:14 - 2014-11-11 11:14 - 00000000 ____D () C:\Users\Ilona\AppData\Local\CrashRpt
2014-11-11 11:14 - 2014-11-11 11:14 - 00000000 ____D () C:\Program Files\Webshots
2014-11-07 14:35 - 2014-11-07 14:35 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 17:36 - 2010-04-26 14:19 - 00705602 _____ () C:\Windows\PFRO.log
2014-11-22 11:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-11-20 11:23 - 2010-10-08 13:00 - 00196608 _____ () C:\Windows\System32\Ikeext.etl
2014-11-20 11:23 - 2010-04-26 13:23 - 01712334 _____ () C:\Windows\WindowsUpdate.log
2014-11-20 11:15 - 2010-04-26 13:35 - 01783752 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-20 11:11 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2014-11-20 09:09 - 2014-06-23 13:10 - 00016384 ____H () C:\Users\Ilona\Desktop\photothumb.db
2014-11-20 07:11 - 2010-05-04 12:09 - 00000000 ____D () C:\Windows\Lhsp
2014-11-20 06:55 - 2010-04-26 13:34 - 00000000 ____D () C:\users\Ilona
2014-11-20 06:37 - 2010-04-26 19:37 - 00000000 ____D () C:\Program Files\LingoPad
2014-11-20 05:21 - 2009-07-14 05:34 - 00023168 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 05:21 - 2009-07-14 05:34 - 00023168 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 05:14 - 2010-04-26 14:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-19 17:36 - 2010-12-05 18:34 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\vlc
2014-11-18 22:19 - 2012-11-16 16:13 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\AIMP3
2014-11-18 20:45 - 2011-07-19 18:25 - 00000000 ____D () C:\Program Files\Common Files\AstroWorld Shared
2014-11-18 13:24 - 2014-09-08 15:11 - 00000600 _____ () C:\Windows\System32\debug.log
2014-11-18 10:10 - 2014-10-28 07:42 - 00000000 ___RD () C:\Users\Ilona\Dropbox
2014-11-18 09:08 - 2014-10-28 07:30 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\Dropbox
2014-11-18 09:05 - 2010-07-31 07:33 - 00000131 _____ () C:\Windows\CRC.INI
2014-11-18 08:56 - 2010-05-09 11:49 - 00000000 ____D () C:\Program Files\Google
2014-11-18 08:56 - 2010-04-26 19:00 - 00000000 ____D () C:\Users\Ilona\AppData\Local\Google
2014-11-18 08:05 - 2010-07-31 07:17 - 00000000 ____D () C:\Program Files\COMODO
2014-11-13 15:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-11-13 09:21 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 20:14 - 2013-12-23 11:14 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-12 20:13 - 2014-06-18 19:34 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\OpenCandy
2014-11-12 20:13 - 2010-04-26 18:51 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\AnvSoft
2014-11-12 18:44 - 2012-04-04 05:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-11-12 18:44 - 2011-05-17 05:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-11-12 10:45 - 2009-07-14 05:33 - 00476960 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-12 10:44 - 2014-06-07 09:47 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-11-12 10:44 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\de-DE
2014-11-12 10:42 - 2013-08-15 05:02 - 00000000 ____D () C:\Windows\System32\MRT
2014-11-12 10:36 - 2010-04-26 14:34 - 100445232 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-11-12 10:27 - 2014-10-16 09:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-11-12 10:27 - 2013-04-13 09:05 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-11-11 16:32 - 2014-06-13 08:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-07 14:36 - 2010-12-22 16:29 - 00000000 ____D () C:\Program Files\Amazon
2014-11-04 14:30 - 2010-04-26 14:02 - 00229000 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-11-03 18:14 - 2011-07-19 18:56 - 00001145 _____ () C:\Windows\acmndkal.ini
2014-11-03 15:08 - 2011-12-07 13:04 - 00000000 ____D () C:\Users\Ilona\AppData\Roaming\Audacity

Some content of TEMP:
====================
C:\Users\Ilona\AppData\Local\Temp\CleanSchedule.exe
C:\Users\Ilona\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpalqc22.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2014-10-15 20:41] - [2014-07-17 02:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-09-30 07:15:23
Restore point made on: 2014-10-01 10:48:29
Restore point made on: 2014-10-07 10:30:23
Restore point made on: 2014-10-10 19:09:35
Restore point made on: 2014-10-14 11:06:28
Restore point made on: 2014-10-15 20:39:55
Restore point made on: 2014-10-16 09:25:08
Restore point made on: 2014-10-16 09:31:03
Restore point made on: 2014-10-16 13:30:39
Restore point made on: 2014-10-17 13:34:36
Restore point made on: 2014-10-20 09:19:54
Restore point made on: 2014-10-23 17:41:59
Restore point made on: 2014-10-27 08:17:35
Restore point made on: 2014-10-30 12:22:25
Restore point made on: 2014-11-03 09:37:55
Restore point made on: 2014-11-06 19:52:14
Restore point made on: 2014-11-10 18:39:51
Restore point made on: 2014-11-12 10:35:22
Restore point made on: 2014-11-18 07:41:26
Restore point made on: 2014-11-18 08:04:30
Restore point made on: 2014-11-18 08:56:34
Restore point made on: 2014-11-18 09:01:50
Restore point made on: 2014-11-19 11:31:01

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {8502a0cc-3fd8-11df-99fd-001d72b26580}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {8502a0ca-3fd8-11df-99fd-001d72b26580}
device                  ramdisk=[C:]\Recovery\8502a0ca-3fd8-11df-99fd-001d72b26580\Winre.wim,{8502a0cb-3fd8-11df-99fd-001d72b26580}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\8502a0ca-3fd8-11df-99fd-001d72b26580\Winre.wim,{8502a0cb-3fd8-11df-99fd-001d72b26580}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {8502a0cc-3fd8-11df-99fd-001d72b26580}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\8502a0ce-3fd8-11df-99fd-001d72b26580\Winre.wim,{8502a0cf-3fd8-11df-99fd-001d72b26580}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\8502a0ce-3fd8-11df-99fd-001d72b26580\Winre.wim,{8502a0cf-3fd8-11df-99fd-001d72b26580}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {8502a0cc-3fd8-11df-99fd-001d72b26580}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows-Legacybetriebssystem-Ladeprogramm
-----------------------------------------
Bezeichner              {ntldr}
device                  unknown
path                    \ntldr
description             Frhere Windows-Version

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {8502a0c5-3fd8-11df-99fd-001d72b26580}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8502a0c4-3fd8-11df-99fd-001d72b26580\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {8502a0c7-3fd8-11df-99fd-001d72b26580}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8502a0c6-3fd8-11df-99fd-001d72b26580\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {8502a0c9-3fd8-11df-99fd-001d72b26580}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8502a0c8-3fd8-11df-99fd-001d72b26580\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {8502a0cb-3fd8-11df-99fd-001d72b26580}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8502a0ca-3fd8-11df-99fd-001d72b26580\boot.sdi

Ger„teoptionen
--------------
Bezeichner              {8502a0cf-3fd8-11df-99fd-001d72b26580}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8502a0ce-3fd8-11df-99fd-001d72b26580\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 3838.55 MB
Available physical RAM: 3349.82 MB
Total Pagefile: 3836.83 MB
Available Pagefile: 3340.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.44 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:288.58 GB) (Free:209 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:291.59 GB) (Free:40.15 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:16 GB) (Free:6.21 GB) NTFS
Drive h: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.44 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 166738BD)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=288.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=291.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)


LastRegBack: 2014-11-18 19:07

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

[/CODE]

Hi Schrauber, ich schreibe hier auf einem WeTab. Es hat seit 2012 keinen Support mehr. Deshalb funktioniert er nicht mehr richtig. Sorry, wenn manches doppelt ist. MfG Ilona 3108

Hi Schrauber, ich schreibe hier auf einem WeTab. Es hat seit 2012 keinen Support mehr. Deshalb funktioniert er nicht mehr richtig. Sorry, wenn manches doppelt ist. MfG Ilona 3108

Hallo Schrauber, ich habe ein Foto von der DOS Ebene gemacht und wollte es hier rein stellen. Ich habe mit netstat die aktiven Verbindungen anzeigen lassen.
Proto Lokale Adresse Remoteadresse Status
TCP 0.0.0.0:80 Ilona-PC:0 ABHÖREN
TCP 0.0.0.0:135 Ilona-PC:0 ABHÖREN
TCP 0.0.0.0:445 Ilona-PC:0 ABHÖREN
TCP 0.0.0.0:5000 Ilona-PC:0 ABHÖREN
TCP 0.0.0.0:49152 Ilona-PC:0 ABHÖREN
TCP 0.0.0.0:49153 und so weiter bis 0.0.0.0:49156 Ilona-PC ABHÖREN
TCP 127.0.0.1:4750 Ilona-PC:0 ABHÖREN
TCP [::]:80 Ilona-PC:0 ABHÖREN
TCP [::]:135 und so weiter bis [::]:49156 Ilona-PC ABHÖREN
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:623 *:*
UDP 0.0.0.0664 *:* und so weiter
da war weiter kein Trojaner mehr. Bitte gib mir doch irgendetwas um sie los zu werden!!!

Hallo Schrauber, ich habe ein Foto von der DOS Ebene gemacht und wollte es hier rein stellen. Ich habe mit netstat die aktiven Verbindungen anzeigen lassen.
Proto Lokale Adresse Remoteadresse Status
TCP 0.0.0.0:80 Ilona-PC:0 ABHÖREN
TCP 0.0.0.0:135 Ilona-PC:0 ABHÖREN
TCP 0.0.0.0:445 Ilona-PC:0 ABHÖREN
TCP 0.0.0.0:5000 Ilona-PC:0 ABHÖREN
TCP 0.0.0.0:49152 Ilona-PC:0 ABHÖREN
TCP 0.0.0.0:49153 und so weiter bis 0.0.0.0:49156 Ilona-PC ABHÖREN
TCP 127.0.0.1:4750 Ilona-PC:0 ABHÖREN
TCP [::]:80 Ilona-PC:0 ABHÖREN
TCP [::]:135 und so weiter bis [::]:49156 Ilona-PC ABHÖREN
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:623 *:*
UDP 0.0.0.0664 *:* und so weiter
da war weiter kein Trojaner mehr. Bitte gib mir doch irgendetwas um sie los zu werden!!!

schrauber · 03.12.2014, 20:53

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

LastRegBack: 2014-11-18 19:07

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

22.11.2014, 11:09	#6
schrauber /// the machine /// TB-Ausbilder	Kann Systweak nicht deinstallieren ... Was genau passiert denn jetzt wenn Du den Rechner normal starten willst? __________________ --> Kann Systweak nicht deinstallieren ...

25.11.2014, 21:05	#10
schrauber /// the machine /// TB-Ausbilder	Kann Systweak nicht deinstallieren ... Der Stick kann nicht infiziert werden wenn Du in der Recovery bist. Warst Du ganz sicher in der Recovery? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Kann Systweak nicht deinstallieren ...

Log-Analyse und Auswertung: Kann Systweak nicht deinstallieren ...