| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.01.2015, 09:19
| #31 |
 |  Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefundenCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Carolin at 2015-01-14 09:16:20
Running from C:\Users\Carolin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.25.0.1074 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kochbuch 2.4.1 (HKLM\...\Kochbuch_is1) (Version: 2.4.1 - Flo & Seb Engineering)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
MAGIX Video easy TERRATEC Edition (HKLM-x32\...\MAGIX_{2FA06473-23F0-4372-8DD5-1EAE42503D93}) (Version: 3.0.1.50 - MAGIX AG)
MAGIX Video easy TERRATEC Edition (Version: 3.0.1.50 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MergeModule_x64 (Version: 9.0.01 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.0.01 - Sony Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.32c - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.32c - NTI Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
Photo Collage 3.0 (HKLM-x32\...\{8D42CBBC-2089-44AB-8021-369DDB962816}) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Collage Maker Pro 4.1.2 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.0.02.10030 - Sony Corporation)
PMB_ModeEditor_ACMC (x32 Version: 9.0.02 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.0.02 - Sony Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.39 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.28140 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 8.1.0.17 - WildTangent, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.5 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TERRATEC GRABBY (64 Bit) (HKLM-x32\...\{17CC47BB-ADA7-4EB3-B3D0-FFE461E0CEBE}) (Version: 5.201.1823.0 - TERRATEC)
TERRATEC GRABBY (HKLM-x32\...\{BD1F3804-4AB5-42A7-AF41-EACDB3498E21}) (Version: 5.201.1823.0 - )
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD My Cloud (HKLM\...\{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}) (Version: 1.0.6.13 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{C58994CF-D15D-41E3-A03B-587B39EAA903}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{142D42E3-07A9-4AAC-BD3B-636392891706}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - TERRATEC (USB28xxBGA) Media (05/16/2013 5.2011.823.0) (HKLM\...\2752F9F448205AF04D07DBF6BD4573D7F4AC1CC6) (Version: 05/16/2013 5.2011.823.0 - TERRATEC )
WISO Mein Geld 2014 Professional (HKLM-x32\...\WISO Mein Geld 2014 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Carolin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Carolin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
10-01-2015 14:46:21 Ende der Bereinigung
14-01-2015 08:09:51 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {32DD49E9-F389-4E91-8ABF-8546D1C8A93C} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {6900A5A9-761A-4F91-882A-00F5770A7633} - System32\Tasks\Bitdefender Auto-Scan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2014-11-14] (Bitdefender)
Task: {6B7DDCCB-393E-42C7-A338-0912726B1BEA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CAROLIN-Carolin Carolin => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {89098DFA-1AF8-4278-ABD8-9DE3D201B9DB} - System32\Tasks\START SKYDRIVE => C:\WINDOWS\System32\SkyDrive.exe [2014-08-16] (Microsoft Corporation)
Task: {8D7FA9BC-357A-4C5E-ACEC-19B232E53734} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-16] (Microsoft Corporation)
Task: {8F2B5D50-FC49-4F37-99F2-E4CA803398A2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {90FA9D9F-99B5-4AAB-B09B-B44065352E8E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {93DA4D11-A582-426E-84A2-F5F452DEFA63} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {A94EBFDB-8ADB-497F-A272-26C68D1DFCF0} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {E0016269-49ED-4B59-9C2E-237CEE23361A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {E67671C1-2FC7-47FA-A5D0-A7A7D7F6B946} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4293654675-2556177190-2138456915-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {E74F1321-91CB-4D6B-AAF4-8050A540DD42} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F4AD76AD-5039-4D0A-A97D-963EC5FD610F} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-17] (Acer Incorporate)
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2014-11-14 09:02 - 2014-11-14 09:02 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-11-14 09:02 - 2014-11-14 09:02 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-02-26 09:52 - 2011-11-14 19:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-11-14 09:02 - 2014-11-14 09:02 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-07-24 08:57 - 2014-07-24 08:57 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttpbr.mdl
2014-07-24 08:57 - 2014-07-24 08:57 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttpdsp.mdl
2014-07-24 08:57 - 2014-07-24 08:57 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttpph.mdl
2014-07-24 08:57 - 2014-07-24 08:57 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttprbl.mdl
2014-08-04 08:33 - 2014-08-04 08:33 - 00034304 _____ () C:\WINDOWS\System32\ssj1mlm.dll
2014-03-28 06:17 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-01-24 23:09 - 2013-01-24 23:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-24 23:05 - 2013-01-24 23:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-24 23:12 - 2013-01-24 23:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-02-05 13:29 - 2013-02-05 13:29 - 00465824 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2013-10-23 03:02 - 2013-01-23 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-16 08:57 - 2014-11-16 08:57 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-11-16 08:58 - 2014-11-16 08:58 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Carolin\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Carolin\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ACMC_4001DL (1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ACMC_4001DL (2).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ACMC_4001DL.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ccsetup413_slim.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ccsetup501.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\chromeinstall-7u51.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\chromeinstall-7u65.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\COMPUTER_BILD-Download-Manager_fuer_adwcleaner.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ElsterFormular-15.0.20140212p.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\epson378345eu.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\Fotowall_0.9_WinXP_Vista_7.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\iCloudSetup (1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\iCloudSetup (2).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\iCloudSetup.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\Install_CopyTransControlCenter.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\mbam-setup-2.0.1.1004.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\mc_windows_setup.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de(1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\picasa39-setup_3.9.137.118.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\PictureCollageMakerPro_CB-DL-Manager.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\PMHOME_4001DL.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\PSISetup10004.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\schrankplaner_setup.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\scribus-1.4.3-windows.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ShapeCollage-3.1-Setup (1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\Update_HDRAS100VV200.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\WDMyCloud_win.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\XMediaRecode3193_setup.exe:BDU
AlternateDataStreams: C:\Users\Stefan\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "BackupNowEZtray"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "SkyDrive"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "Bitdefender-Geldbörse"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Agent"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Anwendungs-Agent"
========================= Accounts: ==========================
Administrator (S-1-5-21-4293654675-2556177190-2138456915-500 - Administrator - Disabled)
Carolin (S-1-5-21-4293654675-2556177190-2138456915-1002 - Administrator - Enabled) => C:\Users\Carolin
Gast (S-1-5-21-4293654675-2556177190-2138456915-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4293654675-2556177190-2138456915-1007 - Limited - Enabled)
Stefan (S-1-5-21-4293654675-2556177190-2138456915-1008 - Limited - Enabled) => C:\Users\Stefan
UpdatusUser (S-1-5-21-4293654675-2556177190-2138456915-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/14/2015 08:24:29 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/14/2015 08:24:29 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/14/2015 08:24:29 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/14/2015 08:12:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/14/2015 08:12:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/14/2015 08:12:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/13/2015 10:21:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: MSMAIL.DLL, Version: 16.4.3528.331, Zeitstempel: 0x533a408a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000c4921
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3
Vollständiger Name des fehlerhaften Pakets: wlmail.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wlmail.exe5
Error: (01/12/2015 07:07:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12969
Error: (01/12/2015 07:07:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12969
Error: (01/12/2015 07:07:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (01/10/2015 03:29:47 PM) (Source: DCOM) (EventID: 10016) (User: CAROLIN)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}CarolinCarolinS-1-5-21-4293654675-2556177190-2138456915-1002LocalHost (unter Verwendung von LRPC)Microsoft.BingHealthAndFitness_3.0.4.254_x64__8wekyb3d8bbweS-1-15-2-1138804039-612586356-661925973-101396967-3526483782-2490177615-3594119953
Error: (01/10/2015 02:53:45 PM) (Source: DCOM) (EventID: 10010) (User: CAROLIN)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (01/10/2015 02:53:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/10/2015 02:53:15 PM) (Source: DCOM) (EventID: 10010) (User: CAROLIN)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (01/10/2015 02:52:45 PM) (Source: DCOM) (EventID: 10010) (User: CAROLIN)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (01/10/2015 02:52:15 PM) (Source: DCOM) (EventID: 10010) (User: CAROLIN)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (01/10/2015 02:51:45 PM) (Source: DCOM) (EventID: 10010) (User: CAROLIN)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (01/10/2015 01:42:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/10/2015 01:42:46 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/10/2015 01:40:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.
Microsoft Office Sessions:
=========================
Error: (01/14/2015 08:24:29 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
Error: (01/14/2015 08:24:29 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4
Error: (01/14/2015 08:24:29 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
Error: (01/14/2015 08:12:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
Error: (01/14/2015 08:12:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4
Error: (01/14/2015 08:12:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
Error: (01/13/2015 10:21:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wlmail.exe16.4.3528.331533a3fceMSMAIL.DLL16.4.3528.331533a408ac0000005000c4921
Error: (01/12/2015 07:07:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12969
Error: (01/12/2015 07:07:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12969
Error: (01/12/2015 07:07:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2014-12-25 13:46:42.710
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Nitro\Reader 3\NitroPDFThumbnailHelper.exe that did not meet the Microsoft signing level requirements.
Date: 2014-04-27 21:44:39.343
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:44:39.148
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:34:27.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:34:27.236
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:31:22.813
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:31:22.719
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:28:48.475
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:28:48.197
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:06:58.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 58%
Total physical RAM: 8072.27 MB
Available physical RAM: 3368.72 MB
Total Pagefile: 9352.27 MB
Available Pagefile: 4770.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:447.61 GB) (Free:308.92 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4583D9D7)
Partition: GPT Partition Type.
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02 Ran by Carolin (administrator) on CAROLIN on 14-01-2015 09:17:36 Running from C:\Users\Carolin\Desktop Loaded Profile: Carolin (Available profiles: UpdatusUser & Carolin & Stefan) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FLA40CC.tmp (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\ByteCodeGenerator.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010800 2013-01-17] (Synaptics Incorporated) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1754424 2014-11-14] (Bitdefender) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [581624 2013-02-05] (NTI Corporation) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-24] ( (Atheros Communications)) HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [SkyDrive] => C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation) HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-14] (Bitdefender) HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-14] (Bitdefender) HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-14] (Bitdefender) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-14] (Bitdefender) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-14] (Bitdefender) Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002 -> {095A28A6-95D6-4177-98C1-59F03D82324D} URL = BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\4saq1g2n.default FF Homepage: Google.de FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-26] FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-02-26] FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-02-27] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-24] (Qualcomm Atheros Commnucations) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-11-14] (Bitdefender) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-17] (WildTangent) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software) R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-02-05] (NTI Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-11-14] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1536624 2014-11-14] (Bitdefender) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-11-14] (BitDefender) R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-11-14] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-11-14] (BitDefender) S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender) R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2014-05-27] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC) S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL) S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed] S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed] S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed] R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-01-17] (Synaptics Incorporated) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-11-14] (BitDefender S.R.L.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-14 09:16 - 2015-01-14 09:17 - 00039807 _____ () C:\Users\Carolin\Desktop\Addition.txt 2015-01-14 09:13 - 2015-01-14 09:17 - 00020991 _____ () C:\Users\Carolin\Desktop\FRST.txt 2015-01-14 09:13 - 2015-01-14 09:17 - 00000000 ____D () C:\FRST 2015-01-14 09:13 - 2015-01-14 09:13 - 02124288 _____ (Farbar) C:\Users\Carolin\Desktop\FRST64.exe 2015-01-14 07:40 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-13 06:22 - 2015-01-13 06:22 - 00003576 _____ () C:\WINDOWS\System32\Tasks\Bitdefender Auto-Scan 2015-01-10 19:57 - 2015-01-10 19:57 - 00694508 _____ () C:\Users\Carolin\Downloads\FRITZ.Box Fon WLAN 7360 111.06.03-27419LABOR_BETA_10.01.15_1957.export 2015-01-10 19:31 - 2015-01-10 19:31 - 00457652 _____ () C:\Users\Carolin\Desktop\1420902426_1_02.xml 2015-01-10 15:06 - 2015-01-10 15:33 - 00000056 _____ () C:\WINDOWS\system32\bdsandbox.txt 2015-01-10 14:57 - 2015-01-10 14:57 - 05490752 _____ (Secunia) C:\Users\Carolin\Downloads\PSISetup10004.exe 2015-01-10 14:52 - 2015-01-10 14:52 - 00700980 _____ () C:\Users\Carolin\Downloads\adblock_edge-2.0.7-sm+an+tb+fx-windows.zip 2015-01-10 14:46 - 2015-01-10 14:46 - 00000964 _____ () C:\DelFix.txt 2015-01-10 09:06 - 2015-01-10 13:39 - 00002654 _____ () C:\WINDOWS\PFRO.log 2015-01-08 21:15 - 2015-01-10 14:46 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-08 20:41 - 2015-01-14 07:51 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-08 20:41 - 2015-01-10 14:57 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-08 20:41 - 2015-01-10 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-08 20:41 - 2015-01-10 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-08 20:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-08 20:41 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-08 20:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-08 09:02 - 2015-01-08 09:37 - 00000000 ____D () C:\ProgramData\Dumps 2015-01-07 18:58 - 2015-01-07 18:58 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{383E0617-C8B6-4649-8199-915EBE4FC5ED} 2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieUserList 2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieSiteList 2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieBrowserModeList 2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Macromedia 2015-01-07 18:57 - 2015-01-07 18:58 - 00000000 ____D () C:\Users\Stefan\OneDrive 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Synaptics 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Sony Corporation 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Bitdefender 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Atheros 2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Apple Computer 2015-01-07 18:54 - 2015-01-07 18:54 - 00001418 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-07 18:54 - 2015-01-07 18:54 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Adobe 2015-01-07 18:54 - 2015-01-07 18:54 - 00000000 ____D () C:\Users\Stefan\AppData\Local\VirtualStore 2015-01-07 18:53 - 2015-01-07 18:56 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Packages 2015-01-07 18:51 - 2015-01-07 18:51 - 00000020 ___SH () C:\Users\Stefan\ntuser.ini 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Vorlagen 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Startmenü 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Netzwerkumgebung 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Lokale Einstellungen 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Eigene Dateien 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Druckumgebung 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Documents\Eigene Musik 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Documents\Eigene Bilder 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Local\Verlauf 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Local\Anwendungsdaten 2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Anwendungsdaten 2015-01-07 18:50 - 2015-01-07 18:57 - 00000000 ____D () C:\Users\Stefan 2015-01-07 18:50 - 2014-11-14 17:57 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-07 18:50 - 2014-09-21 13:36 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-07 18:50 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-01-07 18:50 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-01-07 18:50 - 2014-01-04 22:51 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Pokki 2015-01-07 18:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-07 18:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-06 15:57 - 2015-01-06 15:57 - 00000000 ____D () C:\ProgramData\Emsisoft 2015-01-06 14:15 - 2015-01-08 21:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-01-06 14:15 - 2015-01-08 11:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-01-06 14:15 - 2015-01-06 14:15 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking 2015-01-05 23:46 - 2015-01-05 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-01-05 23:31 - 2015-01-05 23:31 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de(1).exe 2015-01-05 23:01 - 2015-01-05 23:01 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Mozilla 2015-01-05 22:27 - 2015-01-05 22:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager [1].exe 2015-01-05 22:26 - 2015-01-05 22:26 - 00823792 _____ ( ) C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager.exe 2015-01-05 21:30 - 2015-01-05 21:30 - 05317104 _____ (Piriform Ltd) C:\Users\Carolin\Downloads\ccsetup501.exe 2015-01-05 21:27 - 2015-01-05 21:27 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de.exe 2015-01-05 20:51 - 2015-01-05 20:51 - 00247236 _____ () C:\Users\Carolin\Downloads\onedrivets (1).diagcab 2015-01-05 20:10 - 2015-01-05 20:51 - 00003382 _____ () C:\WINDOWS\System32\Tasks\START SKYDRIVE 2015-01-05 20:09 - 2015-01-05 20:09 - 00247236 _____ () C:\Users\Carolin\Downloads\onedrivets.diagcab 2015-01-03 12:42 - 2015-01-03 12:42 - 00000000 ____D () C:\Users\Public\Documents\Gnom 2015-01-03 09:22 - 2015-01-04 22:44 - 00000000 ____D () C:\Users\Carolin\Achim 2014-12-27 20:14 - 2014-12-27 20:14 - 00000000 ____D () C:\Analytics 2014-12-27 20:12 - 2014-12-27 20:12 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Western Digital 2014-12-27 20:09 - 2015-01-10 13:41 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat 2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Western_Digital_Technolog 2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\Program Files\Common Files\Western Digital 2014-12-27 20:09 - 2014-12-27 20:09 - 00000000 ____D () C:\Program Files\Western Digital 2014-12-27 20:04 - 2014-12-27 20:04 - 41112192 _____ () C:\Users\Carolin\Downloads\SmartWare_Windows_Upgrader (1).zip 2014-12-27 20:04 - 2014-12-27 20:04 - 04461527 _____ () C:\Users\Carolin\Downloads\WD_Quick_View_Setup_for_Windows.zip 2014-12-27 13:56 - 2014-12-27 13:58 - 41112192 _____ () C:\Users\Carolin\Downloads\SmartWare_Windows_Upgrader.zip 2014-12-27 13:05 - 2014-12-27 13:05 - 65350992 _____ () C:\Users\Carolin\Downloads\WDMyCloud_win.exe 2014-12-27 13:03 - 2015-01-05 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2014-12-27 13:03 - 2015-01-05 21:11 - 00000000 ____D () C:\Program Files (x86)\Western Digital 2014-12-27 13:03 - 2014-12-27 13:03 - 65350992 _____ () C:\Users\Carolin\WDMyCloud_win.exe 2014-12-27 13:00 - 2014-12-27 20:09 - 00000000 ____D () C:\ProgramData\Western Digital 2014-12-27 13:00 - 2014-12-27 13:03 - 00001173 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk 2014-12-27 13:00 - 2014-12-27 13:02 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\com.wd.WDMyCloud 2014-12-27 13:00 - 2014-12-27 13:00 - 00000204 _____ () C:\Users\Carolin\Desktop\Lerncenter WD My Cloud.url 2014-12-27 13:00 - 2014-12-27 13:00 - 00000158 _____ () C:\Users\Carolin\Desktop\WD My Cloud – Öffentliche Freigabe.url 2014-12-27 13:00 - 2014-12-27 13:00 - 00000154 _____ () C:\Users\Carolin\Desktop\WD My Cloud-Dashboard.url 2014-12-27 13:00 - 2014-12-27 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste 2014-12-27 13:00 - 2014-12-27 13:00 - 00000000 ____D () C:\Program Files\Bonjour Print Services 2014-12-27 12:49 - 2015-01-05 21:11 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Western Digital 2014-12-27 12:48 - 2014-12-27 12:48 - 71601392 _____ () C:\Users\Carolin\Downloads\mc_windows_setup.exe 2014-12-26 21:04 - 2014-12-26 21:04 - 00001431 _____ () C:\Users\Carolin\Desktop\CopyTrans Control Center.lnk 2014-12-26 21:04 - 2014-12-26 21:04 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center 2014-12-26 21:03 - 2014-12-26 21:04 - 05102256 _____ (WindSolutions) C:\Users\Carolin\Downloads\Install_CopyTransControlCenter.exe 2014-12-26 21:00 - 2014-12-26 21:09 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\WindSolutions 2014-12-26 20:59 - 2014-12-26 21:08 - 00000000 ____D () C:\ProgramData\WindSolutions 2014-12-26 20:58 - 2014-12-26 20:58 - 09280316 _____ () C:\Users\Carolin\Downloads\CopyTransManagerDEv1.013.zip 2014-12-17 16:18 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-17 16:18 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-14 09:15 - 2014-01-04 14:27 - 00000000 ____D () C:\Users\Carolin\Documents\WISO Mein Geld 2015-01-14 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-14 08:27 - 2014-01-04 22:43 - 01711360 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-14 08:13 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-14 08:01 - 2014-04-08 16:33 - 00005138 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for CAROLIN-Carolin Carolin 2015-01-14 07:40 - 2014-01-04 23:30 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D47BDD1F-9221-4378-922D-20DF3289565D} 2015-01-14 07:40 - 2014-01-04 12:01 - 00000000 ___DO () C:\Users\Carolin\SkyDrive 2015-01-13 22:16 - 2014-01-21 20:39 - 01697280 ___SH () C:\Users\Carolin\Desktop\Thumbs.db 2015-01-11 19:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-10 20:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-10 20:21 - 2014-01-04 11:55 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4293654675-2556177190-2138456915-1002 2015-01-10 19:52 - 2014-01-13 20:40 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Google 2015-01-10 19:52 - 2014-01-13 20:40 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-10 14:53 - 2014-04-27 21:00 - 00000000 ____D () C:\Users\Carolin\AppData\Temp 2015-01-10 13:40 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-10 13:39 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-10 13:04 - 2014-04-27 20:43 - 00401920 ___SH () C:\Users\Carolin\Thumbs.db 2015-01-10 13:03 - 2014-01-04 22:47 - 00000000 ____D () C:\Users\Carolin 2015-01-09 20:19 - 2014-01-26 17:43 - 02090496 ___SH () C:\Users\Carolin\Downloads\Thumbs.db 2015-01-08 09:21 - 2014-02-26 09:52 - 00000000 ____D () C:\ProgramData\BDLogging 2015-01-07 18:55 - 2014-01-04 11:48 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2015-01-06 17:42 - 2014-06-16 17:26 - 00000000 ____D () C:\schrankplaner 2015-01-06 17:42 - 2013-08-22 15:44 - 00446440 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-06 14:12 - 2014-01-04 11:46 - 00000000 ____D () C:\Users\Carolin\AppData\Local\VirtualStore 2015-01-06 13:56 - 2014-01-04 23:12 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Deployment 2015-01-06 12:11 - 2014-01-05 19:38 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Nitro PDF 2015-01-06 01:08 - 2014-11-14 18:04 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-06 01:08 - 2014-11-14 18:04 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-05 23:01 - 2014-01-07 18:01 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Mozilla 2015-01-05 21:16 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-01-05 21:11 - 2014-02-02 17:23 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\vlc 2015-01-05 20:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration 2015-01-03 16:10 - 2014-01-05 17:52 - 00000000 ___RD () C:\Users\Carolin\Dropbox 2015-01-03 16:10 - 2014-01-05 17:49 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Dropbox 2015-01-02 17:07 - 2014-08-13 19:08 - 00012795 _____ () C:\Users\Carolin\Documents\Übersicht Planung MM.xlsx 2015-01-02 13:01 - 2014-01-04 15:14 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Apple Computer 2014-12-26 22:02 - 2014-01-04 11:46 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Packages 2014-12-23 12:16 - 2014-01-04 11:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-22 07:19 - 2013-11-14 08:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-22 07:19 - 2013-11-14 08:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2014-12-22 07:19 - 2013-11-14 08:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2014-12-19 17:59 - 2014-01-05 17:51 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-16 19:43 - 2014-01-04 17:09 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-16 19:40 - 2014-01-04 17:09 - 112710672 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe Files to move or delete: ==================== C:\Users\Carolin\WDMyCloud_win.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-08 08:19 ==================== End Of Log ============================ --- --- --- |
|
14.01.2015, 13:20
| #32 |
| /// the machine /// TB-Ausbilder    | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Mach mal bitte einen Clean Boot.
__________________
__________________ |
|
14.01.2015, 19:24
| #33 |
| | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden erledigt - geht leider immer noch nicht.
__________________ |
|
14.01.2015, 19:29
| #34 |
| /// the machine /// TB-Ausbilder | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Du hast alles deakiviert ausser Microsoft Dienste und es geht immer noch nicht? CMD öffnen, folgendes eintippen: ping outlook.com Dann: ping 132.245.13.210 gehen beide Pings durch?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.01.2015, 21:02
| #35 |
| | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Jetzt funktioniert es.... Vielen, vielen Dank für deine Hilfe!!!!!  Carolin |
|
15.01.2015, 07:06
| #36 |
| /// the machine /// TB-Ausbilder | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Was genau haste gemacht? 
__________________ --> Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden |
|
15.01.2015, 20:50
| #37 |
| | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden mich leider zu früh gefreut... gestern hat es mit geöffnetem Browser funktioniert. Danach leider nicht mehr.. bin ratlos |
|
16.01.2015, 07:37
| #38 |
| /// the machine /// TB-Ausbilder | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Dann gib mir mal bitte Info was mit obigen Pings war, gingen die?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.01.2015, 08:45
| #39 |
| | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Moin, soweit ich das beurteilen kann gingen beide durch. Nach Eingabe erschien ein schwarzes kleines Fenster... LG |
|
16.01.2015, 09:42
| #40 |
| /// the machine /// TB-Ausbilder | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Poste mal bitte ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.01.2015, 17:06
| #41 |
| | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefundenFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Carolin (administrator) on CAROLIN on 16-01-2015 17:04:16
Running from C:\Users\Carolin\Desktop
Loaded Profiles: Carolin (Available profiles: UpdatusUser & Carolin & Stefan)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Buhl Data Service GmbH) C:\Program Files (x86)\Buhl\WISO Mein Geld 2014\MG.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010800 2013-01-17] (Synaptics Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1754424 2014-11-14] (Bitdefender)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [581624 2013-02-05] (NTI Corporation)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-24] ( (Atheros Communications))
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-14] (Bitdefender)
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-14] (Bitdefender)
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-14] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-14] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-14] (Bitdefender)
Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002 -> {095A28A6-95D6-4177-98C1-59F03D82324D} URL =
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Carolin\AppData\Roaming\Mozilla\Firefox\Profiles\4saq1g2n.default
FF Homepage: Google.de
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-26]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-02-26]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-02-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-24] (Qualcomm Atheros Commnucations)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-11-14] (Bitdefender)
S4 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S4 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated)
S4 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-17] (WildTangent)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
S4 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
S4 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-02-05] (NTI Corporation)
S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-11-14] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1536624 2014-11-14] (Bitdefender)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-11-14] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-11-14] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-11-14] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2014-05-27] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-01-17] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-11-14] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-16 17:03 - 2015-01-16 17:03 - 00000000 ____D () C:\Users\Carolin\Desktop\FRST-OlderVersion
2015-01-14 21:21 - 2015-01-14 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-14 16:33 - 2015-01-14 20:35 - 00000382 _____ () C:\WINDOWS\setupact.log
2015-01-14 16:33 - 2015-01-14 16:33 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-14 12:49 - 2015-01-14 12:48 - 00381270 _____ () C:\Users\Carolin\Desktop\1421222456_1_03.xml
2015-01-14 09:16 - 2015-01-14 09:18 - 00039807 _____ () C:\Users\Carolin\Desktop\Addition.txt
2015-01-14 09:13 - 2015-01-16 17:04 - 00016772 _____ () C:\Users\Carolin\Desktop\FRST.txt
2015-01-14 09:13 - 2015-01-16 17:04 - 00000000 ____D () C:\FRST
2015-01-14 09:13 - 2015-01-16 17:03 - 02125312 _____ (Farbar) C:\Users\Carolin\Desktop\FRST64.exe
2015-01-14 07:40 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 07:40 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 07:40 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 07:40 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 07:40 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 07:40 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 07:40 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 07:40 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-14 07:39 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 07:39 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 07:39 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 07:39 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 07:39 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 07:39 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 07:39 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 07:39 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 07:39 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 07:39 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 07:39 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 07:39 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 07:39 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 07:39 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 07:39 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 07:39 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 07:39 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 07:39 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 07:39 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 07:39 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 07:39 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 07:39 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 07:39 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 06:22 - 2015-01-13 06:22 - 00003576 _____ () C:\WINDOWS\System32\Tasks\Bitdefender Auto-Scan
2015-01-10 19:57 - 2015-01-10 19:57 - 00694508 _____ () C:\Users\Carolin\Downloads\FRITZ.Box Fon WLAN 7360 111.06.03-27419LABOR_BETA_10.01.15_1957.export
2015-01-10 19:31 - 2015-01-10 19:31 - 00457652 _____ () C:\Users\Carolin\Desktop\1420902426_1_02.xml
2015-01-10 15:06 - 2015-01-10 15:33 - 00000056 _____ () C:\WINDOWS\system32\bdsandbox.txt
2015-01-10 14:57 - 2015-01-10 14:57 - 05490752 _____ (Secunia) C:\Users\Carolin\Downloads\PSISetup10004.exe
2015-01-10 14:52 - 2015-01-10 14:52 - 00700980 _____ () C:\Users\Carolin\Downloads\adblock_edge-2.0.7-sm+an+tb+fx-windows.zip
2015-01-10 14:46 - 2015-01-10 14:46 - 00000964 _____ () C:\DelFix.txt
2015-01-10 09:06 - 2015-01-14 16:32 - 00007156 _____ () C:\WINDOWS\PFRO.log
2015-01-08 21:15 - 2015-01-10 14:46 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-08 20:41 - 2015-01-14 18:41 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 20:41 - 2015-01-10 14:57 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-08 20:41 - 2015-01-10 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-08 20:41 - 2015-01-10 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-08 20:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-08 20:41 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-08 20:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-08 09:02 - 2015-01-08 09:37 - 00000000 ____D () C:\ProgramData\Dumps
2015-01-07 18:58 - 2015-01-07 18:58 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{383E0617-C8B6-4649-8199-915EBE4FC5ED}
2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieUserList
2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieSiteList
2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieBrowserModeList
2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Macromedia
2015-01-07 18:57 - 2015-01-07 18:58 - 00000000 ____D () C:\Users\Stefan\OneDrive
2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Synaptics
2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Sony Corporation
2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Bitdefender
2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Atheros
2015-01-07 18:55 - 2015-01-07 18:55 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Apple Computer
2015-01-07 18:54 - 2015-01-07 18:54 - 00001418 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-07 18:54 - 2015-01-07 18:54 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Adobe
2015-01-07 18:54 - 2015-01-07 18:54 - 00000000 ____D () C:\Users\Stefan\AppData\Local\VirtualStore
2015-01-07 18:53 - 2015-01-07 18:56 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Packages
2015-01-07 18:51 - 2015-01-07 18:51 - 00000020 ___SH () C:\Users\Stefan\ntuser.ini
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Vorlagen
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Startmenü
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Netzwerkumgebung
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Lokale Einstellungen
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Eigene Dateien
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Druckumgebung
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Documents\Eigene Musik
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Documents\Eigene Bilder
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Local\Verlauf
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\AppData\Local\Anwendungsdaten
2015-01-07 18:51 - 2015-01-07 18:51 - 00000000 _SHDL () C:\Users\Stefan\Anwendungsdaten
2015-01-07 18:50 - 2015-01-07 18:57 - 00000000 ____D () C:\Users\Stefan
2015-01-07 18:50 - 2014-11-14 17:57 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-07 18:50 - 2014-09-21 13:36 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-07 18:50 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-07 18:50 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-07 18:50 - 2014-01-04 22:51 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Pokki
2015-01-07 18:50 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-07 18:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-06 15:57 - 2015-01-06 15:57 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-06 14:15 - 2015-01-08 21:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-06 14:15 - 2015-01-08 11:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-06 14:15 - 2015-01-06 14:15 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2015-01-05 23:31 - 2015-01-05 23:31 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de(1).exe
2015-01-05 23:01 - 2015-01-05 23:01 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Mozilla
2015-01-05 22:27 - 2015-01-05 22:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager [1].exe
2015-01-05 22:26 - 2015-01-05 22:26 - 00823792 _____ ( ) C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager.exe
2015-01-05 21:30 - 2015-01-05 21:30 - 05317104 _____ (Piriform Ltd) C:\Users\Carolin\Downloads\ccsetup501.exe
2015-01-05 21:27 - 2015-01-05 21:27 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de.exe
2015-01-05 20:51 - 2015-01-05 20:51 - 00247236 _____ () C:\Users\Carolin\Downloads\onedrivets (1).diagcab
2015-01-05 20:10 - 2015-01-05 20:51 - 00003382 _____ () C:\WINDOWS\System32\Tasks\START SKYDRIVE
2015-01-05 20:09 - 2015-01-05 20:09 - 00247236 _____ () C:\Users\Carolin\Downloads\onedrivets.diagcab
2015-01-03 12:42 - 2015-01-03 12:42 - 00000000 ____D () C:\Users\Public\Documents\Gnom
2015-01-03 09:22 - 2015-01-04 22:44 - 00000000 ____D () C:\Users\Carolin\Achim
2014-12-27 20:14 - 2014-12-27 20:14 - 00000000 ____D () C:\Analytics
2014-12-27 20:12 - 2014-12-27 20:12 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Western Digital
2014-12-27 20:09 - 2015-01-14 17:40 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat
2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Western_Digital_Technolog
2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-27 20:09 - 2015-01-05 21:11 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-12-27 20:09 - 2014-12-27 20:09 - 00000000 ____D () C:\Program Files\Western Digital
2014-12-27 20:04 - 2014-12-27 20:04 - 41112192 _____ () C:\Users\Carolin\Downloads\SmartWare_Windows_Upgrader (1).zip
2014-12-27 20:04 - 2014-12-27 20:04 - 04461527 _____ () C:\Users\Carolin\Downloads\WD_Quick_View_Setup_for_Windows.zip
2014-12-27 13:56 - 2014-12-27 13:58 - 41112192 _____ () C:\Users\Carolin\Downloads\SmartWare_Windows_Upgrader.zip
2014-12-27 13:05 - 2014-12-27 13:05 - 65350992 _____ () C:\Users\Carolin\Downloads\WDMyCloud_win.exe
2014-12-27 13:03 - 2015-01-05 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-12-27 13:03 - 2015-01-05 21:11 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-12-27 13:03 - 2014-12-27 13:03 - 65350992 _____ () C:\Users\Carolin\WDMyCloud_win.exe
2014-12-27 13:00 - 2014-12-27 20:09 - 00000000 ____D () C:\ProgramData\Western Digital
2014-12-27 13:00 - 2014-12-27 13:03 - 00001173 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2014-12-27 13:00 - 2014-12-27 13:02 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\com.wd.WDMyCloud
2014-12-27 13:00 - 2014-12-27 13:00 - 00000204 _____ () C:\Users\Carolin\Desktop\Lerncenter WD My Cloud.url
2014-12-27 13:00 - 2014-12-27 13:00 - 00000158 _____ () C:\Users\Carolin\Desktop\WD My Cloud – Öffentliche Freigabe.url
2014-12-27 13:00 - 2014-12-27 13:00 - 00000154 _____ () C:\Users\Carolin\Desktop\WD My Cloud-Dashboard.url
2014-12-27 13:00 - 2014-12-27 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste
2014-12-27 13:00 - 2014-12-27 13:00 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2014-12-27 12:49 - 2015-01-05 21:11 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Western Digital
2014-12-27 12:48 - 2014-12-27 12:48 - 71601392 _____ () C:\Users\Carolin\Downloads\mc_windows_setup.exe
2014-12-26 21:04 - 2014-12-26 21:04 - 00001431 _____ () C:\Users\Carolin\Desktop\CopyTrans Control Center.lnk
2014-12-26 21:04 - 2014-12-26 21:04 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2014-12-26 21:03 - 2014-12-26 21:04 - 05102256 _____ (WindSolutions) C:\Users\Carolin\Downloads\Install_CopyTransControlCenter.exe
2014-12-26 21:00 - 2014-12-26 21:09 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\WindSolutions
2014-12-26 20:59 - 2014-12-26 21:08 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-12-26 20:58 - 2014-12-26 20:58 - 09280316 _____ () C:\Users\Carolin\Downloads\CopyTransManagerDEv1.013.zip
2014-12-17 16:18 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-17 16:18 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-16 17:03 - 2014-01-04 22:43 - 01477161 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-16 16:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-16 16:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-16 15:11 - 2014-01-04 23:30 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D47BDD1F-9221-4378-922D-20DF3289565D}
2015-01-16 11:06 - 2014-01-04 14:27 - 00000000 ____D () C:\Users\Carolin\Documents\WISO Mein Geld
2015-01-16 09:51 - 2014-04-08 16:33 - 00005140 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for CAROLIN-Carolin Carolin
2015-01-16 08:54 - 2014-01-04 11:55 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4293654675-2556177190-2138456915-1002
2015-01-16 08:40 - 2014-01-04 12:01 - 00000000 ___DO () C:\Users\Carolin\SkyDrive
2015-01-15 20:48 - 2014-04-27 20:43 - 00401920 ___SH () C:\Users\Carolin\Thumbs.db
2015-01-15 20:48 - 2014-01-21 20:39 - 01703936 ___SH () C:\Users\Carolin\Desktop\Thumbs.db
2015-01-15 20:34 - 2014-01-04 23:12 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Deployment
2015-01-15 20:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-14 20:35 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-14 19:11 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-14 08:13 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-10 20:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-10 19:52 - 2014-01-13 20:40 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Google
2015-01-10 19:52 - 2014-01-13 20:40 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-10 14:53 - 2014-04-27 21:00 - 00000000 ____D () C:\Users\Carolin\AppData\Temp
2015-01-10 13:03 - 2014-01-04 22:47 - 00000000 ____D () C:\Users\Carolin
2015-01-09 20:19 - 2014-01-26 17:43 - 02090496 ___SH () C:\Users\Carolin\Downloads\Thumbs.db
2015-01-08 09:21 - 2014-02-26 09:52 - 00000000 ____D () C:\ProgramData\BDLogging
2015-01-07 18:55 - 2014-01-04 11:48 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-01-06 17:42 - 2014-06-16 17:26 - 00000000 ____D () C:\schrankplaner
2015-01-06 17:42 - 2013-08-22 15:44 - 00446440 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-06 14:12 - 2014-01-04 11:46 - 00000000 ____D () C:\Users\Carolin\AppData\Local\VirtualStore
2015-01-06 12:11 - 2014-01-05 19:38 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Nitro PDF
2015-01-06 01:08 - 2014-11-14 18:04 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2014-11-14 18:04 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 23:01 - 2014-01-07 18:01 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Mozilla
2015-01-05 21:11 - 2014-02-02 17:23 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\vlc
2015-01-05 20:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2015-01-03 16:10 - 2014-01-05 17:52 - 00000000 ___RD () C:\Users\Carolin\Dropbox
2015-01-03 16:10 - 2014-01-05 17:49 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Dropbox
2015-01-02 17:07 - 2014-08-13 19:08 - 00012795 _____ () C:\Users\Carolin\Documents\Übersicht Planung MM.xlsx
2015-01-02 13:01 - 2014-01-04 15:14 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Apple Computer
2014-12-26 22:02 - 2014-01-04 11:46 - 00000000 ____D () C:\Users\Carolin\AppData\Local\Packages
2014-12-23 12:16 - 2014-01-04 11:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 07:19 - 2013-11-14 08:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-22 07:19 - 2013-11-14 08:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-22 07:19 - 2013-11-14 08:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-19 17:59 - 2014-01-05 17:51 - 00000000 ____D () C:\Users\Carolin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
Files to move or delete:
====================
C:\Users\Carolin\WDMyCloud_win.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-08 08:19
==================== End Of Log ============================
|
|
16.01.2015, 19:33
| #42 |
| /// the machine /// TB-Ausbilder | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Nochmal FRST bitte, aber nen Haken setzen bei Addition, poste bitte nur die neue Addition.txt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.01.2015, 07:32
| #43 |
| | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefundenCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 03
Ran by Carolin at 2015-01-19 07:31:18
Running from C:\Users\Carolin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Disabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Disabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Disabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.25.0.1074 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kochbuch 2.4.1 (HKLM\...\Kochbuch_is1) (Version: 2.4.1 - Flo & Seb Engineering)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
MAGIX Video easy TERRATEC Edition (HKLM-x32\...\MAGIX_{2FA06473-23F0-4372-8DD5-1EAE42503D93}) (Version: 3.0.1.50 - MAGIX AG)
MAGIX Video easy TERRATEC Edition (Version: 3.0.1.50 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MergeModule_x64 (Version: 9.0.01 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.0.01 - Sony Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.32c - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.32c - NTI Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
Photo Collage 3.0 (HKLM-x32\...\{8D42CBBC-2089-44AB-8021-369DDB962816}) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Collage Maker Pro 4.1.2 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.0.02.10030 - Sony Corporation)
PMB_ModeEditor_ACMC (x32 Version: 9.0.02 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.0.02 - Sony Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.39 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.28140 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 8.1.0.17 - WildTangent, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.5 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TERRATEC GRABBY (64 Bit) (HKLM-x32\...\{17CC47BB-ADA7-4EB3-B3D0-FFE461E0CEBE}) (Version: 5.201.1823.0 - TERRATEC)
TERRATEC GRABBY (HKLM-x32\...\{BD1F3804-4AB5-42A7-AF41-EACDB3498E21}) (Version: 5.201.1823.0 - )
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD My Cloud (HKLM\...\{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}) (Version: 1.0.6.13 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{C58994CF-D15D-41E3-A03B-587B39EAA903}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{142D42E3-07A9-4AAC-BD3B-636392891706}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - TERRATEC (USB28xxBGA) Media (05/16/2013 5.2011.823.0) (HKLM\...\2752F9F448205AF04D07DBF6BD4573D7F4AC1CC6) (Version: 05/16/2013 5.2011.823.0 - TERRATEC )
WISO Mein Geld 2014 Professional (HKLM-x32\...\WISO Mein Geld 2014 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Carolin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Carolin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Carolin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll No File
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4293654675-2556177190-2138456915-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carolin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
10-01-2015 14:46:21 Ende der Bereinigung
14-01-2015 08:09:51 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {32DD49E9-F389-4E91-8ABF-8546D1C8A93C} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {637518AA-6EDB-4BA9-AFDD-2304CFB4C32A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-16] (Microsoft Corporation)
Task: {6900A5A9-761A-4F91-882A-00F5770A7633} - System32\Tasks\Bitdefender Auto-Scan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2014-11-14] (Bitdefender)
Task: {6B7DDCCB-393E-42C7-A338-0912726B1BEA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CAROLIN-Carolin Carolin => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {89098DFA-1AF8-4278-ABD8-9DE3D201B9DB} - System32\Tasks\START SKYDRIVE => C:\WINDOWS\System32\SkyDrive.exe [2014-08-16] (Microsoft Corporation)
Task: {8F2B5D50-FC49-4F37-99F2-E4CA803398A2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {90FA9D9F-99B5-4AAB-B09B-B44065352E8E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {93DA4D11-A582-426E-84A2-F5F452DEFA63} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {A94EBFDB-8ADB-497F-A272-26C68D1DFCF0} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {E0016269-49ED-4B59-9C2E-237CEE23361A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {E74F1321-91CB-4D6B-AAF4-8050A540DD42} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F4AD76AD-5039-4D0A-A97D-963EC5FD610F} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-17] (Acer Incorporate)
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2014-11-14 09:02 - 2014-11-14 09:02 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-11-14 09:02 - 2014-11-14 09:02 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-02-26 09:52 - 2011-11-14 19:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-11-14 09:02 - 2014-11-14 09:02 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-07-24 08:57 - 2014-07-24 08:57 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttpbr.mdl
2014-07-24 08:57 - 2014-07-24 08:57 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttpdsp.mdl
2014-07-24 08:57 - 2014-07-24 08:57 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttpph.mdl
2014-07-24 08:57 - 2014-07-24 08:57 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_011\ashttprbl.mdl
2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-04 08:33 - 2014-08-04 08:33 - 00034304 _____ () C:\WINDOWS\System32\ssj1mlm.dll
2014-03-28 06:17 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-01-24 23:09 - 2013-01-24 23:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-24 23:05 - 2013-01-24 23:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-24 23:12 - 2013-01-24 23:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Carolin\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Carolin\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ACMC_4001DL (1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ACMC_4001DL (2).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ACMC_4001DL.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ccsetup413_slim.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ccsetup501.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\chromeinstall-7u51.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\chromeinstall-7u65.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\COMPUTER_BILD-Download-Manager_fuer_adwcleaner.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ElsterFormular-15.0.20140212p.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\epson378345eu.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\Fotowall_0.9_WinXP_Vista_7.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\iCloudSetup (1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\iCloudSetup (2).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\iCloudSetup.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\Install_CopyTransControlCenter.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\mbam-setup-2.0.1.1004.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\mbam-setup-2.0.4.1028_CB-DL-Manager.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\mc_windows_setup.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de(1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ParetoLogic PC Health Advisor_de.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\picasa39-setup_3.9.137.118.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\PictureCollageMakerPro_CB-DL-Manager.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\PMHOME_4001DL.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\PSISetup10004.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\schrankplaner_setup.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\scribus-1.4.3-windows.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\ShapeCollage-3.1-Setup (1).exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\Update_HDRAS100VV200.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\WDMyCloud_win.exe:BDU
AlternateDataStreams: C:\Users\Carolin\Downloads\XMediaRecode3193_setup.exe:BDU
AlternateDataStreams: C:\Users\Stefan\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CCDMonitorService => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: DeviceFastLaneService => 3
MSCONFIG\Services: ePowerSvc => 3
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LMSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NitroReaderDriverReadSpool3 => 2
MSCONFIG\Services: NTI BackupNowEZSvr => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: SOHDms => 2
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
HKLM\...\StartupApproved\Run: => "Bdagent"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "BackupNowEZtray"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "SkyDrive"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "Bitdefender-Geldbörse"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Agent"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Anwendungs-Agent"
HKU\S-1-5-21-4293654675-2556177190-2138456915-1002\...\StartupApproved\Run: => "iCloudServices"
========================= Accounts: ==========================
Administrator (S-1-5-21-4293654675-2556177190-2138456915-500 - Administrator - Disabled)
Carolin (S-1-5-21-4293654675-2556177190-2138456915-1002 - Administrator - Enabled) => C:\Users\Carolin
Gast (S-1-5-21-4293654675-2556177190-2138456915-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4293654675-2556177190-2138456915-1007 - Limited - Enabled)
Stefan (S-1-5-21-4293654675-2556177190-2138456915-1008 - Limited - Enabled) => C:\Users\Stefan
UpdatusUser (S-1-5-21-4293654675-2556177190-2138456915-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/19/2015 07:25:05 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.
Error: (01/18/2015 10:39:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PMBBrowser.exe, Version: 9.0.2.10030, Zeitstempel: 0x542e4c22
Name des fehlerhaften Moduls: sohdb.dll, Version: 3.2.0.1300, Zeitstempel: 0x51077758
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000039d0
ID des fehlerhaften Prozesses: 0x40c
Startzeit der fehlerhaften Anwendung: 0xPMBBrowser.exe0
Pfad der fehlerhaften Anwendung: PMBBrowser.exe1
Pfad des fehlerhaften Moduls: PMBBrowser.exe2
Berichtskennung: PMBBrowser.exe3
Vollständiger Name des fehlerhaften Pakets: PMBBrowser.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PMBBrowser.exe5
Error: (01/18/2015 10:37:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (01/16/2015 10:31:54 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/16/2015 10:31:54 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/16/2015 10:31:54 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/16/2015 10:29:06 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/16/2015 10:29:06 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/16/2015 10:29:06 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/16/2015 09:24:16 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
System errors:
=============
Error: (01/19/2015 07:23:07 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit dem folgenden dienstspezifischen Fehler beendet:
%%2147500034
Error: (01/19/2015 07:22:35 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.
Error: (01/19/2015 07:21:29 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "\\?\Volume{f4f5d7be-0927-4065-83f5-97efd7c784ea}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (01/16/2015 10:30:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - Januar 2015 (KB890830)
Error: (01/15/2015 08:24:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Bitdefender Virus Shield" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/14/2015 08:34:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.
Error: (01/14/2015 08:33:51 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "\\?\Volume{f4f5d7be-0927-4065-83f5-97efd7c784ea}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (01/14/2015 08:33:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (01/14/2015 08:32:55 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (01/14/2015 08:32:55 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Microsoft Office Sessions:
=========================
Error: (01/19/2015 07:25:05 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description:
Error: (01/18/2015 10:39:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PMBBrowser.exe9.0.2.10030542e4c22sohdb.dll3.2.0.130051077758c0000005000039d040c01d0336739a38d41C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exeC:\Program Files (x86)\Sony\PlayMemories Home\sohdb.dll7fbfcbcf-9f5a-11e4-bead-54bef7820b46
Error: (01/18/2015 10:37:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (01/16/2015 10:31:54 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
Error: (01/16/2015 10:31:54 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4
Error: (01/16/2015 10:31:54 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
Error: (01/16/2015 10:29:06 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
Error: (01/16/2015 10:29:06 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4
Error: (01/16/2015 10:29:06 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
Error: (01/16/2015 09:24:16 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
CodeIntegrity Errors:
===================================
Date: 2014-12-25 13:46:42.710
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Nitro\Reader 3\NitroPDFThumbnailHelper.exe that did not meet the Microsoft signing level requirements.
Date: 2014-04-27 21:44:39.343
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:44:39.148
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:34:27.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:34:27.236
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:31:22.813
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:31:22.719
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:28:48.475
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:28:48.197
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:06:58.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 24%
Total physical RAM: 8072.27 MB
Available physical RAM: 6117.91 MB
Total Pagefile: 9352.27 MB
Available Pagefile: 7387.36 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:447.61 GB) (Free:304.6 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4583D9D7)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
19.01.2015, 15:34
| #44 |
| /// the machine /// TB-Ausbilder | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool Setze einen Haken bei folgenden Einträgen
Ich hab jetzt noch eine Idee, wenn die nit zieht fliegt als nächstes Bitdefender von der Platte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.01.2015, 07:53
| #45 |
| | Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefundenCode:
ATTFilter Farbar Service Scanner Version: 17-01-2015
Ran by Carolin (administrator) on 20-01-2015 at 07:45:17
Running from "C:\Users\Carolin\AppData\Local\Microsoft\Windows\INetCache\IE\QQJIKGCF"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
Code:
ATTFilter MiniToolBox by Farbar Version: 30-11-2014
Ran by Carolin (administrator) on 20-01-2015 at 07:49:07
Running from "C:\Users\Carolin\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows-IP-Konfiguration
Der DNS-Aufl�sungscache wurde geleert.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Broadcom NetLink (TM)-Gigabit-Ethernet = Ethernet (Disconnected)
Qualcomm Atheros AR5BWB222-Funknetzwerkadapter = WiFi (Connected)
# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
set interface interface="LAN-Verbindung* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-Verbindung* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
popd
# Ende der IPv4-Konfiguration
Windows-IP-Konfiguration
Hostname . . . . . . . . . . . . : Carolin
Prim�res DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : fritz.box
Drahtlos-LAN-Adapter LAN-Verbindung* 3:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Virtueller Microsoft-Adapter f�r direktes WiFi
Physische Adresse . . . . . . . . : 12-56-F2-1D-89-49
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Ethernet-Adapter Ethernet:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Broadcom NetLink (TM)-Gigabit-Ethernet
Physische Adresse . . . . . . . . : 54-BE-F7-82-0B-46
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Drahtlos-LAN-Adapter WiFi:
Verbindungsspezifisches DNS-Suffix: fritz.box
Beschreibung. . . . . . . . . . . : Qualcomm Atheros AR5BWB222-Funknetzwerkadapter
Physische Adresse . . . . . . . . : 80-56-F2-1D-89-49
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::3117:fda4:909f:b62b%2(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.178.36(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Montag, 19. Januar 2015 07:23:03
Lease l�uft ab. . . . . . . . . . : Freitag, 30. Januar 2015 07:40:27
Standardgateway . . . . . . . . . : 192.168.178.1
DHCP-Server . . . . . . . . . . . : 192.168.178.1
DHCPv6-IAID . . . . . . . . . . . : 377509618
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-19-F8-DB-55-54-BE-F7-82-0B-46
DNS-Server . . . . . . . . . . . : fd00::9ec7:a6ff:fed2:67cb
192.168.178.1
NetBIOS �ber TCP/IP . . . . . . . : Aktiviert
Tunneladapter isatap.fritz.box:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix: fritz.box
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter
Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
Tunneladapter LAN-Verbindung* 6:
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv6-Adresse. . . . . . . . . . . : 2001:0:9d38:6abd:8b7:2e43:3f57:4ddb(Bevorzugt)
Verbindungslokale IPv6-Adresse . : fe80::8b7:2e43:3f57:4ddb%6(Bevorzugt)
Standardgateway . . . . . . . . . : ::
DHCPv6-IAID . . . . . . . . . . . : 134217728
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-19-F8-DB-55-54-BE-F7-82-0B-46
NetBIOS �ber TCP/IP . . . . . . . : Deaktiviert
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: fd00::9ec7:a6ff:fed2:67cb
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping wird ausgef�hrt f�r google.com [82.135.118.16] mit 32 Bytes Daten:
Zeit�berschreitung der Anforderung.
Antwort von 82.135.118.16: Bytes=32 Zeit=28ms TTL=62
Ping-Statistik f�r 82.135.118.16:
Pakete: Gesendet = 2, Empfangen = 1, Verloren = 1
(50% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 28ms, Maximum = 28ms, Mittelwert = 28ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: fd00::9ec7:a6ff:fed2:67cb
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping wird ausgef�hrt f�r yahoo.com [98.138.253.109] mit 32 Bytes Daten:
Antwort von 98.138.253.109: Bytes=32 Zeit=164ms TTL=53
Antwort von 98.138.253.109: Bytes=32 Zeit=159ms TTL=53
Ping-Statistik f�r 98.138.253.109:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 159ms, Maximum = 164ms, Mittelwert = 161ms
Ping wird ausgef�hrt f�r 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Ping-Statistik f�r 127.0.0.1:
Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
===========================================================================
Schnittstellenliste
7...12 56 f2 1d 89 49 ......Virtueller Microsoft-Adapter f�r direktes WiFi
4...54 be f7 82 0b 46 ......Broadcom NetLink (TM)-Gigabit-Ethernet
2...80 56 f2 1d 89 49 ......Qualcomm Atheros AR5BWB222-Funknetzwerkadapter
1...........................Software Loopback Interface 1
5...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter
6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 0.0.0.0 192.168.178.1 192.168.178.36 25
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
192.168.178.0 255.255.255.0 Auf Verbindung 192.168.178.36 281
192.168.178.36 255.255.255.255 Auf Verbindung 192.168.178.36 281
192.168.178.255 255.255.255.255 Auf Verbindung 192.168.178.36 281
224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 306
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.178.36 281
255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.178.36 281
===========================================================================
St�ndige Routen:
Keine
IPv6-Routentabelle
===========================================================================
Aktive Routen:
If Metrik Netzwerkziel Gateway
1 306 ::1/128 Auf Verbindung
2 281 fe80::/64 Auf Verbindung
2 281 fe80::3117:fda4:909f:b62b/128
Auf Verbindung
1 306 ff00::/8 Auf Verbindung
2 281 ff00::/8 Auf Verbindung
===========================================================================
St�ndige Routen:
Keine
========================= Winsock entries =====================================
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (01/19/2015 08:51:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/19/2015 08:51:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/19/2015 08:51:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/19/2015 07:25:05 AM) (Source: SecurityCenter) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.
Error: (01/18/2015 10:39:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: PMBBrowser.exe, Version: 9.0.2.10030, Zeitstempel: 0x542e4c22
Name des fehlerhaften Moduls: sohdb.dll, Version: 3.2.0.1300, Zeitstempel: 0x51077758
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000039d0
ID des fehlerhaften Prozesses: 0x40c
Startzeit der fehlerhaften Anwendung: 0xPMBBrowser.exe0
Pfad der fehlerhaften Anwendung: PMBBrowser.exe1
Pfad des fehlerhaften Moduls: PMBBrowser.exe2
Berichtskennung: PMBBrowser.exe3
Vollständiger Name des fehlerhaften Pakets: PMBBrowser.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PMBBrowser.exe5
Error: (01/18/2015 10:37:07 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (01/16/2015 10:31:54 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/16/2015 10:31:54 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/16/2015 10:31:54 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/16/2015 10:29:06 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
System errors:
=============
Error: (01/20/2015 07:40:10 AM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.36
registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (01/19/2015 07:23:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit dem folgenden dienstspezifischen Fehler beendet:
%%2147500034
Error: (01/19/2015 07:22:35 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.
Error: (01/19/2015 07:21:29 AM) (Source: Ntfs) (User: )
Description: Auf dem Volume "\\?\Volume{f4f5d7be-0927-4065-83f5-97efd7c784ea}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (01/16/2015 10:30:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - Januar 2015 (KB890830)
Error: (01/15/2015 08:24:46 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Bitdefender Virus Shield" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/14/2015 08:34:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.
Error: (01/14/2015 08:33:51 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "\\?\Volume{f4f5d7be-0927-4065-83f5-97efd7c784ea}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (01/14/2015 08:33:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (01/14/2015 08:32:55 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Microsoft Office Sessions:
=========================
Error: (01/19/2015 08:51:27 AM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
Error: (01/19/2015 08:51:27 AM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4
Error: (01/19/2015 08:51:27 AM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
Error: (01/19/2015 07:25:05 AM) (Source: SecurityCenter)(User: )
Description:
Error: (01/18/2015 10:39:37 PM) (Source: Application Error)(User: )
Description: PMBBrowser.exe9.0.2.10030542e4c22sohdb.dll3.2.0.130051077758c0000005000039d040c01d0336739a38d41C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exeC:\Program Files (x86)\Sony\PlayMemories Home\sohdb.dll7fbfcbcf-9f5a-11e4-bead-54bef7820b46
Error: (01/18/2015 10:37:07 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (01/16/2015 10:31:54 AM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
Error: (01/16/2015 10:31:54 AM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4
Error: (01/16/2015 10:31:54 AM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
Error: (01/16/2015 10:29:06 AM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
CodeIntegrity Errors:
===================================
Date: 2014-12-25 13:46:42.710
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Nitro\Reader 3\NitroPDFThumbnailHelper.exe that did not meet the Microsoft signing level requirements.
Date: 2014-04-27 21:44:39.343
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:44:39.148
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:34:27.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:34:27.236
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:31:22.813
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:31:22.719
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:28:48.475
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:28:48.197
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-04-27 21:06:58.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
=========================== Installed Programs ============================
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Games (HKCU\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.25.0.1074 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CopyTrans Control Center deinstallieren (HKCU\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kochbuch 2.4.1 (HKLM\...\Kochbuch_is1) (Version: 2.4.1 - Flo & Seb Engineering)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
MAGIX Video easy TERRATEC Edition (HKLM-x32\...\MAGIX_{2FA06473-23F0-4372-8DD5-1EAE42503D93}) (Version: 3.0.1.50 - MAGIX AG)
MAGIX Video easy TERRATEC Edition (Version: 3.0.1.50 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MergeModule_x64 (Version: 9.0.01 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.0.01 - Sony Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.32c - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.32c - NTI Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
Photo Collage 3.0 (HKLM-x32\...\{8D42CBBC-2089-44AB-8021-369DDB962816}) (Version: - )
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Collage Maker Pro 4.1.2 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.0.02.10030 - Sony Corporation)
PMB_ModeEditor_ACMC (x32 Version: 9.0.02 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.0.02 - Sony Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.39 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.28140 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 8.1.0.17 - WildTangent, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.5 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TERRATEC GRABBY (64 Bit) (HKLM-x32\...\{17CC47BB-ADA7-4EB3-B3D0-FFE461E0CEBE}) (Version: 5.201.1823.0 - TERRATEC)
TERRATEC GRABBY (HKLM-x32\...\{BD1F3804-4AB5-42A7-AF41-EACDB3498E21}) (Version: 5.201.1823.0 - )
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD My Cloud (HKLM\...\{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}) (Version: 1.0.6.13 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{C58994CF-D15D-41E3-A03B-587B39EAA903}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{142D42E3-07A9-4AAC-BD3B-636392891706}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows-Treiberpaket - TERRATEC (USB28xxBGA) Media (05/16/2013 5.2011.823.0) (HKLM\...\2752F9F448205AF04D07DBF6BD4573D7F4AC1CC6) (Version: 05/16/2013 5.2011.823.0 - TERRATEC )
WISO Mein Geld 2014 Professional (HKLM-x32\...\WISO Mein Geld 2014 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden
========================= Memory info: ===================================
Percentage of memory in use: 27%
Total physical RAM: 8072.27 MB
Available physical RAM: 5844.52 MB
Total Pagefile: 9352.27 MB
Available Pagefile: 7060 MB
Total Virtual: 4095.88 MB
Available Virtual: 3956.88 MB
========================= Partitions: =====================================
1 Drive c: (Acer) (Fixed) (Total:447.61 GB) (Free:304.41 GB) NTFS
========================= Users: ========================================
Benutzerkonten fr \\CAROLIN
Administrator Carolin Gast
Stefan UpdatusUser
Der Befehl wurde erfolgreich ausgefhrt.
========================= Minidump Files ==================================
No minidump file found
**** End of log ****
|
|
| Themen zu Trojan.Generic.12362692 und 12354483 wurden von Bitdefender gefunden |
| account, antiviren, aufrufe, bitdefender, blockiert, dateien, defender, entdeck, entdeckt, gefunde, hilfe, https, immernoch, infizierte, infizierten, konnte, seite, seiten, software, speziell, tagen, troja, trojan.generic., trojaner.gerneric, weiteren, windows |
Linear-Darstellung
