| |
| |||||||
Log-Analyse und Auswertung: Trojaner an BordWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.12.2014, 03:14
| #1 |
 |  Trojaner an Bord Liebe Mitglieder Ich hatte vor kurzem vom meiner Firewall (Comodo) eine Warnung bezüglich eines Trojaners. Mit diesem Trojaner (Bild2) kamen verschiedene Meldungen, ich solle dies und das erlauben (Siehe Bild). Als ich die Datei überprüfen wollte, existierte sie nicht. Ich habe dann meine Firewall in Hips auf *Sicherer Modus* gestellt und habe die Firewall auf Proaktiv Security eingestellt. Dann kam nur noch ein schwarzer Bildschirm und nur den Task Manager konnte ich bedienen. Ich habe den Pc zurückgesetzt, mit mühe den Antivir neu installiert und habe jetzt alles wieder umgestellt (Firewall), jedoch ist der Pc immer noch langsam. Ich habe mich an Eure Anweisungen gehalten. Der Defogger hat keine Probleme angegeben. Der Malewarebites hat nur ein Problem von Softonic angegeben. Nichts weiter. Die Posts von First seht ihr. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Alexander (administrator) on HEARD on 16-12-2014 02:49:59
Running from C:\Users\Alexander\Downloads
Loaded Profiles: UpdatusUser & Alexander (Available profiles: UpdatusUser & Alexander)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Comodo Security Solutions Inc.) C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [gbrspcontrol] => C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [1851088 2012-11-26] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-12-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GBMLite8AgentLaCie] => C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe [189056 2008-09-18] (Genie-soft)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-12-14] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-12-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\Run: [GBMLite8AgentLaCie] => C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe [189056 2008-09-18] (Genie-soft)
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\Run: [LaCie Backup] => C:\Program Files (x86)\LaCie\Backup Software\\LaCieBackup.exe [2600960 2007-12-03] (LaCie SA)
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\RunOnce: [Uninstall C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\RunOnce: [Uninstall C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cardisabled ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
SearchScopes: HKLM-x32 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> DefaultScope {9E31384B-B8C1-47E9-90D3-F47C2C92E743} URL =
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {07E9E396-7F33-44E7-B066-CBF21B021CF4} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=75b0956a-7e55-491a-b118-4cab8277ef97&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {27E1DED4-EDB0-4E4B-A13B-DDA98E3E4F13} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=75b0956a-7e55-491a-b118-4cab8277ef97&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {2EECB4C1-B310-4039-9372-94D19751826A} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=75b0956a-7e55-491a-b118-4cab8277ef97&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {9D669AE8-B88C-4384-ABF2-1109999D6FD6} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=75b0956a-7e55-491a-b118-4cab8277ef97&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {9E31384B-B8C1-47E9-90D3-F47C2C92E743} URL =
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {A1CC19AC-9555-47FB-825C-DDC4F5F09D55} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=75b0956a-7e55-491a-b118-4cab8277ef97&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {A56517D7-41EA-4EA0-9F4C-715CB3AF232C} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=75b0956a-7e55-491a-b118-4cab8277ef97&pid=ccleanerde&mode=bounce&k=0
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3E66DC7E-1DDF-4498-AC18-B67AAEC37C10}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{54D06BD9-5899-4B7A-9B9B-7B096776C8DA}: [NameServer] 156.154.70.22,156.154.71.22
FireFox:
========
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084
FF Homepage: https://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{182819A4-76E1-4904-B524-57BD97D331FE}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{1ECF327F-9323-4F78-915A-B773D82836B4}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{2F1EFC18-1E34-4556-BFBF-55F9C96AA2B3}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{46684930-0392-4B6A-9D23-9C58CD4D3695}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{DBA6F414-2532-49D1-96E0-38227CAB4E68}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{E570FFCE-FBB6-4C39-B969-0B13BC7ADC96}.xml
FF Extension: German Dictionary - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-10]
FF Extension: Facebook Blocker - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\Extensions\info@skymeissner.com.xpi [2014-01-13]
FF Extension: Adblock Plus - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-13]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-14] (Avira Operations GmbH & Co. KG)
S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-12-14] (Avira Operations GmbH & Co. KG)
S2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-21] (Broadcom Corp.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe [70352 2012-12-19] (Comodo Security Solutions Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [1851088 2012-11-26] (Comodo Security Solutions, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-06] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 AddonsHelper; C:\Users\Alexander\AppData\Local\Temp\OCS\Downloads\d340164aef134ca45f5d3a3a8b8d1b79\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-12-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-12-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-12-14] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [40224 2012-09-21] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2014-12-09] (COMODO)
R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [35080 2014-12-09] (COMODO)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2014-12-09] (COMODO)
S0 jllwdb; No ImagePath
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-06] (Dritek System Inc.)
S0 tvelms; No ImagePath
S0 vhjrap; No ImagePath
S0 wjtvys; No ImagePath
S0 zedltn; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-16 02:49 - 2014-12-16 02:50 - 00021573 _____ () C:\Users\Alexander\Downloads\FRST.txt
2014-12-16 02:49 - 2014-12-16 02:50 - 00000000 ____D () C:\FRST
2014-12-16 02:49 - 2014-12-16 02:49 - 02119168 _____ (Farbar) C:\Users\Alexander\Downloads\FRST64.exe
2014-12-16 02:48 - 2014-12-16 02:48 - 00000480 _____ () C:\Users\Alexander\Downloads\defogger_disable.log
2014-12-16 02:48 - 2014-12-16 02:48 - 00000000 _____ () C:\Users\Alexander\defogger_reenable
2014-12-16 02:47 - 2014-12-16 02:47 - 00050477 _____ () C:\Users\Alexander\Downloads\Defogger.exe
2014-12-16 02:47 - 2014-12-16 02:47 - 00050477 _____ () C:\Users\Alexander\Downloads\Defogger(1).exe
2014-12-16 02:30 - 2014-12-14 01:14 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-16 02:30 - 2014-12-14 01:14 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-16 01:53 - 2014-12-16 01:53 - 00112956 _____ () C:\Users\Alexander\AppData\Local\recently-used.xbel
2014-12-14 05:07 - 2014-12-14 05:07 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Avira
2014-12-14 04:59 - 2014-12-14 05:00 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-14 04:59 - 2014-12-14 05:00 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-14 04:59 - 2014-12-14 05:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-14 04:52 - 2014-12-14 05:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-14 04:52 - 2014-12-14 04:59 - 00000000 ____D () C:\ProgramData\Avira
2014-12-14 04:52 - 2014-12-14 04:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-14 04:52 - 2014-12-14 04:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-14 03:42 - 2014-12-16 02:33 - 00003308 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-12-14 03:42 - 2014-12-14 03:42 - 00000000 ___HD () C:\VTRoot
2014-12-14 03:33 - 2014-12-16 02:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-14 03:32 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-14 03:32 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-14 03:32 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-14 03:30 - 2014-12-14 03:30 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Alexander\Downloads\avira_de_av_5711525820__ws.exe
2014-12-14 02:49 - 2014-12-14 02:49 - 00000295 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (5).lnk
2014-12-14 02:49 - 2014-12-14 02:49 - 00000295 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (4).lnk
2014-12-14 02:47 - 2014-12-14 02:47 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Alexander\Downloads\avira_de_av___ws.exe
2014-12-14 01:47 - 2014-12-14 03:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-14 01:47 - 2014-12-14 01:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-14 01:20 - 2014-12-14 01:20 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-12-14 01:20 - 2014-12-14 01:20 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-14 01:20 - 2014-12-14 01:20 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-14 01:20 - 2014-12-14 01:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-12-14 01:20 - 2014-12-14 01:20 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-14 01:18 - 2014-12-14 01:18 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-12-14 01:18 - 2014-12-14 01:18 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-12-14 01:18 - 2014-12-14 01:18 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-14 01:18 - 2014-12-14 01:18 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-14 01:16 - 2014-12-14 01:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-14 01:16 - 2014-12-14 01:16 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-14 01:16 - 2014-12-14 01:16 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-14 01:16 - 2014-11-21 08:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-14 01:16 - 2014-11-21 07:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-14 01:15 - 2014-12-14 01:15 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 01125376 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-14 01:15 - 2014-12-14 01:15 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-14 01:15 - 2014-12-14 01:15 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-14 01:14 - 2014-12-14 01:14 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-14 01:14 - 2014-12-14 01:14 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-14 01:14 - 2014-12-14 01:14 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-14 01:14 - 2014-12-14 01:14 - 00510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-14 01:13 - 2014-12-14 01:13 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-13 16:12 - 2014-12-13 16:12 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-13 16:12 - 2014-12-13 16:12 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-13 16:12 - 2014-12-13 16:12 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-13 15:43 - 2014-12-16 01:42 - 01894095 ____N () C:\Windows\WindowsUpdate.log
2014-12-12 15:32 - 2014-12-14 02:19 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Cliqz
2014-12-01 17:01 - 2014-12-14 03:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-25 23:53 - 2014-12-14 02:08 - 122762488 _____ (Microsoft Corporation) C:\Users\Alexander\Downloads\msert(1).exe
2014-11-18 01:39 - 2014-11-18 02:28 - 00000000 ____D () C:\Users\Alexander\Documents\Kettler
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-16 02:48 - 2013-02-13 00:31 - 00000000 ____D () C:\Users\Alexander
2014-12-16 02:35 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 02:27 - 2014-08-13 14:07 - 00319296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-16 02:24 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-16 02:21 - 2013-02-13 07:18 - 00000000 ____D () C:\Users\Alexander\AppData\Local\CrashDumps
2014-12-16 02:19 - 2013-02-16 19:01 - 00000000 ____D () C:\Users\Alexander\.gimp-2.8
2014-12-16 02:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-12-16 01:31 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-16 01:24 - 2013-02-19 19:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-14 04:41 - 2013-08-18 13:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-14 04:35 - 2014-03-06 15:01 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-14 04:35 - 2013-02-15 18:41 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-14 03:59 - 2013-04-12 10:44 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-12-14 03:42 - 2012-11-06 09:39 - 01473568 _____ () C:\Windows\system32\perfh007.dat
2014-12-14 03:42 - 2012-11-06 09:39 - 00386860 _____ () C:\Windows\system32\perfc007.dat
2014-12-14 02:52 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-14 02:28 - 2014-07-10 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-14 02:28 - 2012-07-26 06:37 - 00000000 ____D () C:\Windows\servicing
2014-12-14 02:27 - 2012-07-26 09:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-14 02:27 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-12-14 02:27 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-14 02:27 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-14 02:27 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-12-14 02:27 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\setup
2014-12-14 02:26 - 2014-03-09 10:33 - 00000000 ____D () C:\Users\Public\CyberLink
2014-12-14 02:26 - 2013-12-25 12:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-14 02:26 - 2013-06-25 14:41 - 00000000 ____D () C:\Users\Alexander\AppData\Local\clear.fi
2014-12-14 02:26 - 2013-06-11 22:21 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\RegCool
2014-12-14 02:26 - 2013-02-16 19:02 - 00000000 ____D () C:\ProgramData\MGTEK
2014-12-14 02:26 - 2012-11-06 09:37 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-12-14 02:26 - 2012-09-03 12:19 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-14 02:23 - 2014-07-10 15:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-14 02:23 - 2013-02-18 13:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-14 02:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\registration
2014-12-13 15:43 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-12-12 20:23 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-09 01:20 - 2013-01-24 21:43 - 00437792 _____ (COMODO) C:\Windows\system32\guard64.dll
2014-12-09 01:20 - 2013-01-24 21:43 - 00352272 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2014-12-09 01:20 - 2013-01-24 21:43 - 00040736 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2014-12-09 01:20 - 2013-01-24 21:42 - 00354520 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2014-12-09 01:20 - 2013-01-24 21:42 - 00286424 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2014-12-09 01:20 - 2013-01-24 21:42 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2014-12-09 01:20 - 2013-01-24 21:42 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2014-12-09 01:20 - 2013-01-16 18:51 - 00807568 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2014-12-09 01:20 - 2013-01-16 18:51 - 00126208 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2014-12-09 01:20 - 2013-01-16 18:51 - 00035080 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2014-12-09 01:20 - 2013-01-16 18:51 - 00020184 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2014-12-06 16:22 - 2014-10-16 21:34 - 00000000 ____D () C:\Users\Alexander\Documents\Uhrensammlung
2014-12-03 10:54 - 2013-02-18 17:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-28 12:45 - 2013-02-13 00:59 - 00000000 ____D () C:\Users\Alexander\Documents\Schätzäli
2014-11-26 01:45 - 2013-02-13 00:38 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2127761620-263245445-1561870019-1002
2014-11-25 23:09 - 2014-08-28 21:49 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Adobe
2014-11-25 23:09 - 2013-11-08 22:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-25 23:08 - 2013-07-01 17:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-25 23:08 - 2013-02-19 19:44 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 23:06 - 2014-08-19 14:33 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-25 23:06 - 2014-08-19 14:33 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-25 23:06 - 2014-08-19 14:33 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-25 23:06 - 2014-08-19 14:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-25 23:06 - 2013-11-08 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-24 15:40 - 2012-07-26 08:28 - 01772590 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-18 11:04 - 2013-02-12 10:34 - 00000000 ____D () C:\Users\Alexander\Desktop\Glaube
Some content of TEMP:
====================
C:\Users\Alexander\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-12 17:53
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Alexander at 2014-12-16 02:54:32
Running from C:\Users\Alexander\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
clear.fi SDK - Video 2 (x32 Version: 2.1.2308 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.03.2004.0 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.03.2004.0 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP495 series Benutzerregistrierung (HKLM-x32\...\Canon MP495 series Benutzerregistrierung) (Version: - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.3 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
COMODO Internet Security (HKLM\...\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}) (Version: 6.0.2566.2708 - COMODO Security Solutions Inc.)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.)
GeekBuddy (HKLM-x32\...\{43C0CACD-F9A8-4F17-A84C-0A203B2BAE6D}) (Version: 4.3.43 - Comodo Security Solutions Inc)
Genie Backup Assistant (HKLM-x32\...\{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1) (Version: 8.0.364.534 - LaCie)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
HDR Projects platin Demo (64-Bit) (HKLM\...\HDR Projects platin Demo_is1) (Version: 1.21 - Franzis Verlag GmbH)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LaCie Backup Software v1.7.2893 (HKLM-x32\...\{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}) (Version: 1.7.2893 - LaCie SA)
LaCie Desktop Manager 2.1.3 (HKLM-x32\...\{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1) (Version: 2.1.3 - LaCie)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
04-12-2014 00:39:17 Geplanter Prüfpunkt
12-12-2014 13:54:43 Geplanter Prüfpunkt
14-12-2014 00:02:10 Installed QuickTime 7
14-12-2014 00:58:47 Wiederherstellungsvorgang
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 06:26 - 2013-12-25 14:02 - 00450639 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {056DC531-D794-4391-8A6B-C16C472DDC28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {234A859C-628E-4A7E-8DE0-F23C1E39B138} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {3B04812C-632E-440A-9B5B-B3AEF5B353AF} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {4C3D05D0-A663-40D6-AE59-81AC0F0C8B67} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {50C7FABB-61BA-4DF8-9B14-D767BFE59CFC} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {5538C073-B43E-4D37-80E1-F594E51B8DBD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {82A33F17-1025-4A07-894B-EE94FA7B0192} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {B7FF15ED-EA7E-4BD3-861B-A8B8547E91C3} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {B8C26AEE-5B29-42FC-B8C3-016E26202466} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-14] (Microsoft Corporation)
Task: {C29914B2-FB69-4A6D-ADCA-C1C36A633DD5} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {C341B950-78E9-4675-92A8-24B8C322BA0D} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {E1B232EC-44E8-4A4C-974B-D2ECB59CF591} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {E3A2E92C-8A5E-469E-83FB-DFCC1F111F33} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {FAEE2106-6E18-441D-B4F9-B75652015D4B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 ____N () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-11-06 09:03 - 2013-08-29 23:43 - 00097568 ____N () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-20 19:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-02-12 18:06 - 2013-01-22 21:41 - 00093768 ____N () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-01-28 13:45 - 2013-01-28 13:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 13:42 - 2013-01-28 13:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 13:47 - 2013-01-28 13:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-09-03 12:50 - 2012-08-08 16:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-22 23:04 - 2012-08-22 23:04 - 00044176 ____N () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-02 15:38 - 2012-11-02 15:38 - 00465384 ____N () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-02 15:37 - 2012-11-02 15:37 - 00125504 ____N () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-02 15:38 - 2012-11-02 15:38 - 00155712 ____N () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-02 15:37 - 2012-11-02 15:37 - 00118336 ____N () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-02 15:37 - 2012-11-02 15:37 - 01081408 ____N () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-02 15:37 - 2012-11-02 15:37 - 00052288 ____N () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-02 15:37 - 2012-11-02 15:37 - 00727616 ____N () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2014-11-15 22:36 - 2014-11-15 22:36 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-02-12 18:06 - 2013-01-22 21:41 - 00075848 ____N () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2012-11-06 09:11 - 2012-06-25 18:41 - 01198912 ____N () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-14 03:41 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcr120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tssdisai.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcr120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avgntflt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avipbb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avkmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Users\Alexander\Downloads\Defogger(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Alexander\Downloads\Defogger(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Alexander\Downloads\Defogger.exe:$CmdTcID
AlternateDataStreams: C:\Users\Alexander\Downloads\Defogger.exe:$CmdZnID
AlternateDataStreams: C:\Users\Alexander\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Alexander\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Alexander\Downloads\msert(1).exe:$CmdTcID
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: TapiSrv => 3
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "gbrspcontrol"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "GBMLite8AgentLaCie"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "Uninstall C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "Uninstall C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "GBMLite8AgentLaCie"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "LaCie Desktop Manager 2 Startup"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "LaCie Backup"
========================= Accounts: ==========================
Administrator (S-1-5-21-2127761620-263245445-1561870019-500 - Administrator - Disabled)
Alexander (S-1-5-21-2127761620-263245445-1561870019-1002 - Administrator - Enabled) => C:\Users\Alexander
Gast (S-1-5-21-2127761620-263245445-1561870019-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2127761620-263245445-1561870019-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microphone (Realtek High Definition Audio)
Description: Audioendpunkt
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HD WebCam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/16/2014 02:37:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Name des fehlerhaften Moduls: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005fc4
ID des fehlerhaften Prozesses: 0x30c
Startzeit der fehlerhaften Anwendung: 0xBrcmCardReader.exe0
Pfad der fehlerhaften Anwendung: BrcmCardReader.exe1
Pfad des fehlerhaften Moduls: BrcmCardReader.exe2
Berichtskennung: BrcmCardReader.exe3
Vollständiger Name des fehlerhaften Pakets: BrcmCardReader.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BrcmCardReader.exe5
Error: (12/16/2014 02:35:40 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0
Error: (12/16/2014 02:33:21 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x00000005
Error: (12/16/2014 02:30:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Name des fehlerhaften Moduls: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005fc4
ID des fehlerhaften Prozesses: 0x7b8
Startzeit der fehlerhaften Anwendung: 0xBrcmCardReader.exe0
Pfad der fehlerhaften Anwendung: BrcmCardReader.exe1
Pfad des fehlerhaften Moduls: BrcmCardReader.exe2
Berichtskennung: BrcmCardReader.exe3
Vollständiger Name des fehlerhaften Pakets: BrcmCardReader.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BrcmCardReader.exe5
Error: (12/16/2014 02:28:17 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0
Error: (12/16/2014 02:20:53 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\Windows\system32\mscoree.dll8
Error: (12/16/2014 01:10:51 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (12/16/2014 00:29:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Name des fehlerhaften Moduls: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005fc4
ID des fehlerhaften Prozesses: 0x344
Startzeit der fehlerhaften Anwendung: 0xBrcmCardReader.exe0
Pfad der fehlerhaften Anwendung: BrcmCardReader.exe1
Pfad des fehlerhaften Moduls: BrcmCardReader.exe2
Berichtskennung: BrcmCardReader.exe3
Vollständiger Name des fehlerhaften Pakets: BrcmCardReader.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BrcmCardReader.exe5
Error: (12/16/2014 00:29:11 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0
Error: (12/14/2014 04:55:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Name des fehlerhaften Moduls: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005fc4
ID des fehlerhaften Prozesses: 0x7b4
Startzeit der fehlerhaften Anwendung: 0xBrcmCardReader.exe0
Pfad der fehlerhaften Anwendung: BrcmCardReader.exe1
Pfad des fehlerhaften Moduls: BrcmCardReader.exe2
Berichtskennung: BrcmCardReader.exe3
Vollständiger Name des fehlerhaften Pakets: BrcmCardReader.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BrcmCardReader.exe5
System errors:
=============
Error: (12/16/2014 02:37:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Broadcom Card Reader Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/16/2014 02:35:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AddonsHelper" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/16/2014 02:35:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 16.12.2014 um 02:32:00 unerwartet heruntergefahren.
Error: (12/16/2014 02:33:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/16/2014 02:32:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/16/2014 02:30:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Broadcom Card Reader Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/16/2014 02:28:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AddonsHelper" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/16/2014 02:27:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 16.12.2014 um 02:08:45 unerwartet heruntergefahren.
Error: (12/16/2014 02:16:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/16/2014 02:13:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (12/16/2014 02:37:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BrcmCardReader.exe1.0.1.05032b842BrcmCardReader.exe1.0.1.05032b842c00000050000000000005fc430c01d018d0968807a2C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exeC:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe21e94513-84c4-11e4-8352-689423ba5927
Error: (12/16/2014 02:35:40 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0
Error: (12/16/2014 02:33:21 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x00000005
Error: (12/16/2014 02:30:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BrcmCardReader.exe1.0.1.05032b842BrcmCardReader.exe1.0.1.05032b842c00000050000000000005fc47b801d018cf8ee729a0C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exeC:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe23321817-84c3-11e4-8351-689423ba5927
Error: (12/16/2014 02:28:17 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0
Error: (12/16/2014 02:20:53 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\Windows\system32\mscoree.dll8
Error: (12/16/2014 01:10:51 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (12/16/2014 00:29:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BrcmCardReader.exe1.0.1.05032b842BrcmCardReader.exe1.0.1.05032b842c00000050000000000005fc434401d018bee892906aC:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exeC:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe3b494b22-84b2-11e4-834f-b888e3a7d574
Error: (12/16/2014 00:29:11 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0
Error: (12/14/2014 04:55:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BrcmCardReader.exe1.0.1.05032b842BrcmCardReader.exe1.0.1.05032b842c00000050000000000005fc47b401d01751c06402bdC:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exeC:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe1bf6346f-8345-11e4-834e-689423ba5927
CodeIntegrity Errors:
===================================
Date: 2014-12-16 02:40:02.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-16 02:12:58.129
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-16 02:00:04.608
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-16 01:52:52.621
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-16 00:34:23.710
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-14 06:19:44.073
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-14 04:57:17.310
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-14 04:47:15.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-14 04:41:29.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-14 03:59:22.244
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 28%
Total physical RAM: 8007.27 MB
Available physical RAM: 5700.36 MB
Total Pagefile: 9223.27 MB
Available Pagefile: 6623.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:447.19 GB) (Free:324.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 995A3963)
Partition: GPT Partition Type.
==================== End Of Log ============================
Geändert von herzmensch (16.12.2014 um 03:21 Uhr) |
| Themen zu Trojaner an Bord |
| alternate, antivir, antivirus, association, avgntflt.sys, avira, bildschirm, desktop, failed, farbar, firefox, flash player, helper, home, homepage, installation, local\temp, mozilla, onedrive, plug-in, realtek, registry, scan, schwarzer bildschirm, security, software, start menu, svchost.exe, system, trojaner, usb, warnung, windows |
Baum-Darstellung