Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität


Log-Analyse und Auswertung: Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 30.03.2015, 11:52   #1
ManniLundgre
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Icon21

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität


Guten Tag liebe Helfer,

ich habe seit einigen Wochen verdächtige Aktivitäten folgender Dateien bemerkt:
  • cmd.exe
  • conhost.exe
  • msiexec.exe

Gelegentlich scheinen zufällige Anwendungen laut meinem proaktiven Schutz von Comodo die Rechte für die Internet-Zone in der Registry modifizieren zu wollen.
Dies geschieht stets ohne ersichtlichen Grund und war in der Vergangenheit, bevor mir diese verdächtigen Aktivitäten auffielen, nicht der Fall.

Nun zum Kern des Ganzen:

Die verdächtige Aktivität fiel mir vor einigen Wochen auf, als ich gerade ein PDF im Acrobat Reader las und das Festplatten-LED permanent an war. Zuerst habe ich mir nichts dabei gedacht - ich nahm an, es handle sich evtl. um einen Windows-Prozess, der im Hintergrund Dateien indizierte oder die Festplatte defragmentierte oder so etwas. Als es aber so heftig wurde, dass der PDF Reader kaum noch regierte, sah ich mir den Task Manager genauer an.

4 oder 5 mal war die cmd.exe gestartet, mehr oder weniger passend dazu die conhost.exe (ja, es gab eine zahlenmäßige Abweichung), einige der cmd.exe-Instanzen hatten 25% CPU-Last, genauso eine der conhost.exe-Instanzen. Auch die msiexec.exe war 4-5 Mal gestartet und eine hatte annährend die restlichen 25% CPU-Leistung für sich beansprucht.

Beenden der Prozesse hatte nur zur Folge, dass diese sich immer neu starteten. Meist sofort, manchmal nach 5 - 30 Minuten.

Ich machte einen Vollscan mit dem Antivirus-Part von Comodo Internet Security. Fehlanzeige, es war angeblich alles in Ordnung.
Also wiederholte ich den Scan im abgesicherten Modus. Wieder Fehlanzeige.

Seitdem habe ich versucht das System mit Multi AV zu scannen, doch Sophos startet nicht, nachdem man im Menü auswählen kann ob die ganze HDD oder nur bestimmte Verzeichnisse gescannt werden sollen. Auch Trend-Micro und McAffee lassen sich nicht starten, ja nicht einmal downloaden, da z.B. die pattern.txt nicht gelesen werden kann, direkt nachdem diese von Multi AV angeblich heruntergeladen wurde. Klingt für mich nach Blockade-Taktik eines Rootkits oder ähnlichem.

Folgende merkwürdige Eigenarten sind mir aber deutlich aufgefallen:
  • wenn ich die cmd.exe ausführe, funktioniert alles wie erwartet, allerdings *muss* ich die Instanz mit 'exit' beenden, denn klicke ich rechts oben auf das 'X', geschieht merkwürdiger weise einfach nichts
  • die Anzahl der conhost.exe-Instanzen entspricht meist nicht der Anzahl der cmd.exe-Instanzen (ich weiß nicht, ob das etwas zu bedeuten hat)
  • schalte ich mit einem in den Laptop physisch integrierten Schalter die WLAN-Verbindung (einzige aktive Netzwerkverbindung) aus, beenden sich sofort alle verdächtigen cmd.exe, conhost.exe, msiexec.exe usw, die CPU-Last ist wieder normal und das HDD-LED ist aus
  • schalte ich diesen physischen Schalter wieder an, geht der Spuk sofort wieder von vorne los, allerdings erst, sobald der Laptop sich mit meinem WLAN verbunden hat (äußerst verdächtig!!!)

Bitte helft mir, lieber Helfer!! Ich weiß nicht mehr, was ich noch machen soll. Mir ist klar, dass wahrscheinlich eine Neuinstallation das klügste wäre, aber das kommt in diesem Fall leider nicht in Frage. Das hat persönliche Gründe. Mir ist klar, dass ich evtl. nachdem dieses Problem hier gelöst worden ist, nicht 100%ig sicher sein kann, dass nicht doch etwas kompromitiert worden ist, aber das ist für mich akzeptabel.

Ich hoffe wirklich sehr, dass ihr mir helfen könnt!

Euer verzweifelter Manni

P.S.: Hier die Logs:

Das GMER-Log muss ich leider anhängen, da es zu lang für dieses Forum ist.

defogger_disable.log

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:03 on 30/03/2015 (manni)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled

-=E.O.F=-
FRST.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by manni (administrator) on CL2157 on 30-03-2015 11:05:43
Running from C:\Users\manni\Downloads
Loaded Profiles: UpdatusUser & manni (Available profiles: UpdatusUser & manni)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(IBM Corporation) C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqsvc.exe
() C:\xampp\mysql\bin\mysqld.exe
(IBM Corporation) C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqmsrvn.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Users\manni\Desktop\Dokumente\Urlaub\saved\temp\USB Drive Letter Manager 4.7.1.0 (64bit)\USBDLM.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Users\manni\Desktop\Dokumente\Urlaub\saved\temp\USB Drive Letter Manager 4.7.1.0 (64bit)\USBDLM_usr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Ruud van Velsen (Microsoft)) C:\AV-CLS\KIX32.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [85832 2011-07-14] (Authentec Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297624 2015-01-30] (COMODO)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {00cb7421-eb16-11e3-8a9c-028037ec0200} - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {3c7e0e39-e1ae-11e3-941f-028037ec0200} - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {3c7e0e4d-e1ae-11e3-941f-028037ec0200} - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {3c7e1151-e1ae-11e3-941f-028037ec0200} - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {5ed62f38-6ef0-11e3-8d40-d709f32aee8c} - E:\LG_PC_Programs.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [239720 2011-08-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [200808 2011-08-13] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-748579090-2159190992-1044474020-1528\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-11-04] (Nuance Communications, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-11] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110506105045.dll [2011-05-06] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-11] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-11-04] (Nuance Communications, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-01-03] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110506105045.dll [2011-05-06] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-01-03] (Oracle Corporation)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 172.19.254.8 172.19.255.8
Tcpip\..\Interfaces\{0C1B94D6-6B87-48A5-9833-0E5CF6E99710}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{D07768AD-8B5F-484B-B192-4289333177A7}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{D8BF7FDA-F50E-4ED2-9181-7D31C682D1AB}: [NameServer] 193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default
FF Homepage: https://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll [2014-03-21] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2014-03-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-11-04] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll [2014-03-21] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [2012-01-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-08-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-08-12] (NVIDIA Corporation)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-11-04] (Nuance Communications, Inc.)
FF Extension: ColorfulTabs - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2015-02-18]
FF Extension: Complete YouTube Saver - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2015-02-18]
FF Extension: DownloadHelper - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-02-18]
FF Extension: YouTube Videos automatisch starten in High Definition (HD) - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\andromeda.nebel@ytautohdde.de.xpi [2015-02-18]
FF Extension: AutoPager - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\autopager@mozilla.org.xpi [2015-02-18]
FF Extension: BatchDownload - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\batchdownload@panshisoft.cn.xpi [2015-02-18]
FF Extension: Copy Urls Expert - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2015-02-18]
FF Extension: FaviconizeTab - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\faviconizetab@espion.just-size.jp.xpi [2015-02-18]
FF Extension: open tab count widget - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\jid0-x24fAzIkLoGDS5vfyNzJuT1Tits@jetpack.xpi [2015-02-18]
FF Extension: Linky - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\linky@gemal.dk.xpi [2015-02-18]
FF Extension: URL Flipper - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\urlflipper@mozilla.ktechcomputing.com.xpi [2015-02-18]
FF Extension: RSS Ticker - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}.xpi [2015-02-18]
FF Extension: RefControl - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2015-02-18]
FF Extension: Page Title Eraser - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{791DB184-BFBA-11DA-9C61-0638DF403F48}.xpi [2015-02-18]
FF Extension: RightToClick - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2015-02-18]
FF Extension: Tab Mix Plus - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-02-18]
FF Extension: DownThemAll! - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-02-18]
FF Extension: Adblock Edge - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-02-18]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60} [2015-02-17]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Profile: C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-23]
CHR Extension: (Nyan Cat Progress Bar for YouTube) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdjaekjkckpdknkfncfnaibkabdcgmkg [2013-04-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-23]
CHR Extension: (Google Search) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-23]
CHR Extension: (FoxyProxy Standard) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2013-04-21]
CHR Extension: (AdBlock) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-12]
CHR Extension: (GWT Developer Plugin) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjpnpmbddbjkfaccnmhnkdgjideieim [2014-07-08]
CHR Extension: (Google Wallet) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Gmail) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-01-30] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-01-30] (COMODO)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151616 2014-11-04] (Nuance Communications, Inc.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-10-08] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-10-08] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [190256 2011-05-06] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-01-12] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [156248 2011-05-06] (McAfee, Inc.)
R2 MQSeriesServices; C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqsvc.exe [80960 2010-08-31] (IBM Corporation)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8158720 2011-09-09] () [File not signed]
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [836904 2007-08-08] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
S2 SkypeUpdate; C:\Users\manni\Desktop\Dokumente\Urlaub\saved\temp\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-03-03] (Microsoft Corporation) [File not signed]
R2 USBDLM; C:\Users\manni\Desktop\Dokumente\Urlaub\saved\temp\USB Drive Letter Manager 4.7.1.0 (64bit)\USBDLM.exe [451560 2012-09-09] (Uwe Sieber - www.uwe-sieber.de) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [X]
S2 OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [X]
S2 SdkBusServerSamSdk; C:\BetaSystems\SamSdk\bin\Wrapper.exe -s C:\BetaSystems\SamSdk\\conf/BusServer.conf

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2015-01-30] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-01-30] (COMODO)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-06-13] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-06-13] (Ericsson AB)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-01-30] (COMODO)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [153952 2011-05-06] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [217696 2011-05-06] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [607152 2011-05-06] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [97960 2011-05-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281544 2011-05-06] (McAfee, Inc.)
S3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [19968 2013-03-04] (Razer USA Ltd)
S3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [24576 2013-03-04] (Razer USA Ltd)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2012-10-27] (Duplex Secure Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)
S3 NETw5s64; system32\DRIVERS\NETw5s64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 11:05 - 2015-03-30 11:06 - 00030965 _____ () C:\Users\manni\Downloads\FRST.txt
2015-03-30 11:05 - 2015-03-30 11:05 - 02095616 _____ (Farbar) C:\Users\manni\Downloads\FRST64.exe
2015-03-30 11:05 - 2015-03-30 11:05 - 00000000 ____D () C:\FRST
2015-03-30 11:03 - 2015-03-30 11:03 - 00000502 _____ () C:\Users\manni\Downloads\defogger_disable.log
2015-03-30 11:03 - 2015-03-30 11:03 - 00000020 _____ () C:\Users\manni\defogger_reenable
2015-03-30 11:02 - 2015-03-30 11:02 - 00050477 _____ () C:\Users\manni\Downloads\Defogger.exe
2015-03-30 09:06 - 2007-02-18 20:00 - 00001688 _____ () C:\Windows\SysWOW64\autoexec.bak
2015-03-30 09:05 - 2015-03-30 09:58 - 00000000 ____D () C:\AV-CLS
2015-03-26 11:00 - 2015-03-26 11:00 - 00000000 ____D () C:\Users\manni\AppData\Local\Colossal Order
2015-03-26 10:59 - 2015-03-26 10:59 - 00000000 ____D () C:\Users\manni\AppData\Roaming\Steam
2015-03-02 14:10 - 2015-03-02 14:10 - 00000808 _____ () C:\Users\manni\Desktop\OrbWeaver.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 11:06 - 2011-05-06 11:09 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-03-30 11:04 - 2012-01-02 16:08 - 00004308 _____ () C:\Windows\system32\Notepad2.ini
2015-03-30 11:03 - 2011-12-20 14:44 - 00000000 ____D () C:\Users\manni
2015-03-30 10:55 - 2011-05-06 11:09 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-03-30 10:39 - 2014-10-19 09:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-30 10:35 - 2011-12-20 01:00 - 01051008 _____ () C:\Windows\WindowsUpdate.log
2015-03-30 10:34 - 2009-07-14 06:51 - 00021277 _____ () C:\Windows\setupact.log
2015-03-30 09:57 - 2014-12-23 18:05 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-03-30 09:52 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-30 09:52 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-30 09:51 - 2010-11-21 08:21 - 00851666 _____ () C:\Windows\system32\perfh007.dat
2015-03-30 09:51 - 2010-11-21 08:21 - 00198464 _____ () C:\Windows\system32\perfc007.dat
2015-03-30 09:51 - 2009-07-14 07:13 - 01827172 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-30 09:42 - 2012-10-02 10:54 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-30 09:41 - 2011-12-20 12:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-30 09:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-30 09:03 - 2014-03-19 12:00 - 00000000 ____D () C:\Temp
2015-03-30 08:58 - 2013-07-16 13:35 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-03-30 08:53 - 2012-04-24 13:30 - 00002046 ____H () C:\Users\manni\Documents\Default.rdp
2015-03-27 20:56 - 2013-06-10 12:10 - 00000000 ____D () C:\Windows\Minidump
2015-03-27 20:56 - 2011-12-20 00:57 - 00343101 ____N () C:\Windows\Minidump\032715-38454-01.dmp
2015-03-26 10:57 - 2013-07-18 17:05 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-03-26 10:57 - 2013-07-18 17:05 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-23 11:28 - 2012-10-21 13:23 - 00000049 _____ () C:\Windows\NeroDigital.ini
2015-03-23 11:27 - 2013-05-01 14:40 - 00000000 ____D () C:\Users\manni\dwhelper
2015-03-04 21:25 - 2012-01-03 11:25 - 00000000 ____D () C:\Users\manni\AppData\Local\Eclipse
2015-03-04 21:24 - 2013-08-09 08:42 - 00000000 ____D () C:\Program Files\Eclipse 4.2 Juno SR2 (64bit)
2015-03-03 10:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 14:14 - 2013-07-16 13:36 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-03-02 14:13 - 2010-11-21 05:47 - 00306044 _____ () C:\Windows\PFRO.log
2015-03-02 14:13 - 2009-07-14 06:45 - 01302072 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-02 14:12 - 2013-07-16 13:52 - 00027766 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-03-02 14:06 - 2014-10-14 10:20 - 00000000 ____D () C:\Users\manni\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2015-01-21 22:49 - 2015-01-28 16:34 - 0002919 _____ () C:\Users\manni\AppData\Roaming\SAS7_000.DAT
2012-12-06 18:26 - 2015-01-02 17:09 - 0011776 _____ () C:\Users\manni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-22 14:42 - 2014-05-22 14:42 - 0000002 _____ () C:\Users\manni\AppData\Local\PC-Information.Flag
2012-02-07 16:58 - 2013-02-20 11:45 - 0007605 _____ () C:\Users\manni\AppData\Local\Resmon.ResmonCfg
2015-02-18 13:48 - 2015-02-18 13:48 - 0004864 _____ () C:\ProgramData\vczcspay.tpu

Files to move or delete:
====================
C:\Users\manni\hsqlprefs.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 10:39

==================== End Of Log ============================
Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by manni at 2015-03-30 11:06:59
Running from C:\Users\manni\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Disabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: COMODO Antivirus (Disabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Disabled - Out of date) {3D54B793-665E-3129-9103-206115370C8A}
AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Disabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Anti-Twin (Installation 22.09.2014) (HKLM-x32\...\Anti-Twin 2014-09-22 14.22.27) (Version:  - Joerg Rosenthal, Germany)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.60.01 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Axway API Gateway (HKLM-x32\...\Axway API Gateway 7.2.2) (Version: 7.2.2 - Axway)
Bitvise Tunnelier 4.35 (remove only) (HKLM-x32\...\Tunnelier) (Version:  - )
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.07059 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.07059 - Cisco Systems, Inc.) Hidden
Combined Community Codec Pack 2011-07-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)
COMODO Internet Security Premium (HKLM\...\{A0BABADE-E154-4F08-97A1-2903CD110E88}) (Version: 6.2.20728.2847 - COMODO Security Solutions Inc.)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.2 - Conexant)
DbVisualizer 8.0.10 (HKLM\...\8973-4025-0853-7287) (Version: 8.0.10 - DbVis Software AB)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
DJ Java Decompiler v.3.12.12.96 (HKLM-x32\...\{0DB51EBE-ECD4-4308-A55C-3DFDC4E83814}) (Version: 1.8 - Atanas Neshkov 2009)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.6.2 Exedra Chac - Alexandre Devilliers (aka Elbereth))
Dxtory version 2.0.126 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.126 - ExKode Co. Ltd.)
Enterprise Architect 9.3  - 30 Day Trial Edition (HKLM-x32\...\{4C78E7B2-AE8C-492E-8A97-BA6A641C616B}) (Version: 9.3.935.12 - Sparx Systems)
ffdshow x64 v1.3.4500 [2013-01-06] (HKLM\...\ffdshow64_is1) (Version: 1.3.4500.0 - )
FileZilla Client 3.2.7.1 (HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\FileZilla Client) (Version: 3.2.7.1 - )
flam (HKLM\...\{BFFE0B20-6BEC-4AFB-A145-EA164D07BB8C}) (Version: 5.1.3.8040 - limes datentechnik gmbh)
FormsForWeb® Filler 3.2.3 (HKLM-x32\...\{18815D2C-C62D-4066-94F3-55966581D2A5}) (Version: 3.2.3 - Lucom GmbH)
Frontplatten Designer (HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\Frontplatten Designer) (Version: 4.1.4 - Schaeffer AG)
FTL -  Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.2.0.12 - GOG.com)
Git version 1.9.0-preview20140217 (HKLM-x32\...\Git_is1) (Version: 1.9.0-preview20140217 - The Git Development Community)
Gold Wave Editor v10.0.1 (HKLM-x32\...\Gold Wave Editor_is1) (Version:  - )
GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
HDClone 4.2.12 Professional Edition (HKLM\...\Miray.HDClone.Professional.4.2.12.1031-{4FA40B6A-B5EA-49AA-8BC1-F86DC5E1DC8A}) (Version: 4.2 - Miray Software AG)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
IBM WebSphere MQ (HKLM-x32\...\{C8C5A8CC-14C2-4972-B7F6-2DB9044CD50D}) (Version: 7.0.1.3 - IBM)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Indeo® Software (HKLM-x32\...\Indeo® Software) (Version:  - )
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera Driver Installer Package Ver.1.1.0.42 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.42 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.74.0 (HKLM-x32\...\{C6D4B05A-EA7E-1027-80EF-C925E740E99C}) (Version: 1.0.74.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java SE Development Kit 7 Update 17 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
Java(TM) 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle)
Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Java(TM) 7 Update 1 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217001FF}) (Version: 7.0.10 - Oracle)
Java(TM) SE Development Kit 6 Update 24 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160240}) (Version: 1.6.0.240 - Oracle)
Java(TM) SE Development Kit 6 Update 30 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160300}) (Version: 1.6.0.300 - Oracle)
Java(TM) SE Development Kit 6 Update 30 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160300}) (Version: 1.6.0.300 - Oracle)
Java(TM) SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
Java(TM) SE Development Kit 7 Update 1 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
JProfiler 8.0.5 (HKLM\...\8785-2147-3791-3338) (Version: 8.0.5 - ej-technologies GmbH)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5802.24 - PC-Doctor, Inc.)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.16.20140414 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
LiteShow (HKLM-x32\...\LiteShow_is1) (Version:  - )
McAfee Agent (HKLM-x32\...\{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}) (Version: 4.5.0.1810 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.00000 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.5.1.5 - Ericsson AB)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.04.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mp3tag v2.49 (HKLM-x32\...\Mp3tag) (Version: v2.49 - Florian Heidenreich)
MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.)
NatLink version 4.1mike (including Vocola 2.8.1I+ and Unimacro) (HKLM-x32\...\NatLink_is1) (Version:  - )
Nero 8 (HKLM-x32\...\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}) (Version: 8.0.182 - Nero AG)
Nero 9 Lite (HKLM-x32\...\{0bb7eff0-cb5c-4492-9eab-9029285c1e9b}) (Version:  - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )
NVIDIA 3D Vision Treiber 275.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.93 - NVIDIA Corporation)
NVIDIA Grafiktreiber 275.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.93 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA nView 135.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.64 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.1.4 (HKLM-x32\...\OpenVPN) (Version: 2.1.4 - )
Oracle VM VirtualBox 4.1.8 (HKLM\...\{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}) (Version: 4.1.8 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PathFileTwirler (HKLM-x32\...\PathFileTwirler) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Pixel Heroes: Byte & Magic (HKLM-x32\...\UGl4ZWxIZXJvZXNCeXRlTWFnaWM=_is1) (Version: 1 - )
Python 2.7 pywin32-218 (HKLM-x32\...\pywin32-py2.7) (Version:  - )
Python 2.7 PyXML-0.8.4 (HKLM-x32\...\PyXML-py2.7) (Version:  - )
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
RazorSQL 5.6.4 (HKLM-x32\...\RazorSQL 5.6.4_is1) (Version:  - Richardson Software, LLC)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
R-Studio NTFS v2.0 (HKLM-x32\...\R-Studio NTFS_is1) (Version: 2.0 - R-tools Technology Inc.)
RTPatch Update (HKLM-x32\...\RTPatch_is1) (Version:  - PocketSoft)
SAM Development Kit - SamSdk (HKLM-x32\...\{6E10CFBE-2702-3057-1388-C126199EDD5B}) (Version: 1.1.0 - Beta Systems Software AG)
SAM Development Kit - SamSdk (HKLM-x32\...\{BD53FB07-A243-55ED-8778-1B813C445B5B}) (Version: 1.1.0 - Beta Systems Software AG)
SAM Development Kit - SamSdk (HKLM-x32\...\{E314F879-8475-F8B2-AE50-5CA8B2FF07CB}) (Version: 1.1.0 - Beta Systems Software AG)
SeventhGate (HKLM-x32\...\{BD61A677-6D91-492E-A624-7EFE1BCEB88D}) (Version: 0.1 - Piotr Gawron)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
Theme Resource Changer X64 v1.0 (HKLM\...\Theme Resource Changer X64 v1.0) (Version:  - Bad Ass Apps)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2900 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.64 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.64.00.00 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - )
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.43 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{C2938C94-239C-4156-B245-C5406A4F3E93}) (Version: 5.9.5.7038 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.73 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
TightVNC 2.0.2 (HKLM-x32\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)
TortoiseGit 1.8.7.0 (64 bit) (HKLM\...\{B7307613-51D1-40EA-80CD-4A5A71CC657B}) (Version: 1.8.7.0 - TortoiseGit)
Tyrian 2000 (HKLM-x32\...\GOGPACKTYRIAN2000_is1) (Version: 2.0.0.11 - GOG.com)
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WEKA Update Center (HKLM-x32\...\{A8217164-542A-4C4B-9031-2AB445CA314A}) (Version: 1.00.00.0003 - WEKA MEDIA GmbH & Co. KG)
Winamp  2009 (HKLM-x32\...\{BBDE8B7B-829A-405A-8357-6F9240050D44}) (Version:  - kandelar)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Style Builder (HKLM-x32\...\{AFDF950D-3814-4F98-B66F-8C286A69F405}) (Version: 1.5.03 - AveApps)
WinSCP 4.3.2 (HKLM-x32\...\winscp3_is1) (Version: 4.3.2 - Martin Prikryl)
wxPython 2.8.12.1 (ansi) for Python 2.7 (HKLM-x32\...\wxPython2.8-ansi-py27_is1) (Version: 2.8.12.1-ansi - Total Control Software)
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) (HKLM-x32\...\x264vfw64) (Version:  - )
Xaldon WebSpider2 (HKLM-x32\...\WebSpider2) (Version:  - )
XAMPP 1.7.7 (HKLM-x32\...\xampp) (Version:  - )
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-748579090-2159190992-1044474020-1528_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\rdpencom.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A0226A6-C458-4656-A8F0-6DAC506F37CD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {1E080631-3B54-4054-B284-6E641BDB6202} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO)
Task: {20607124-BA02-497B-ABF7-71B6C00DFBD7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {24B75C89-E747-4C75-94D9-AF30656954E4} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO)
Task: {25047045-0598-4F8F-9D26-A4BB565ED484} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2C723B3C-EE77-439D-8199-1F05FC2600CA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3A7C3A85-016C-4EED-9CFE-31DE9FDD1C85} - System32\Tasks\Microsoft_Hardware_Launch_LifeExp_exe => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
Task: {4128E48A-6CE1-4314-B856-E883D6223FF2} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {57BD5A85-BED3-4448-9850-90F8C1780366} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO)
Task: {6319A5D4-E118-4040-9062-042ED395F5A8} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-04-01] (PC-Doctor, Inc.)
Task: {68FE4945-FDE1-4439-8E28-609DC4FF5F08} - System32\Tasks\{C156F379-A259-48AC-B125-8718502E563D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1620
Task: {75E7E562-3EA0-467B-BB4A-395E41BF7EE2} - System32\Tasks\{AE89C570-7B65-4686-A6BA-5D85F773F1FD} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.21.0.104&LastError=12002
Task: {A90FBEFB-7F19-4534-8D98-45CEC38B29C9} - System32\Tasks\{145F5F82-B51F-44ED-AE43-5750930F596D} => pcalua.exe -a C:\Users\manni\Desktop\imsm_makedisk_6001022\64\AsusSetup.exe -d C:\Users\manni\Desktop\imsm_makedisk_6001022\64
Task: {AAB11F08-C974-479B-A82F-6997E70A4AC6} - System32\Tasks\{CDBC4372-D87A-49A3-8F24-50FFEAFFC9A9} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.16.0.105&LastError=12007
Task: {B78E3566-8D4E-401B-81AE-7181D972E80E} - System32\Tasks\{5BEC0656-2832-4BCB-8BE4-D540C6E74646} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.16.0.105&LastError=12007
Task: {BF750A8E-530E-4997-B483-78DD87687883} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-04-01] (PC-Doctor, Inc.)
Task: {C1D86E4A-6BD6-4369-934B-F6BDEBBA56F5} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-01-30] (COMODO)
Task: {C89FC067-F60F-4C46-A3BB-658BD84DA6D9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E3F18D60-67EA-4190-82FA-1ED5B0DEAE42} - System32\Tasks\{29E0F2A4-2A6C-4A35-BD85-5CF062D329AB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1620
Task: {F53C14B6-D464-4ED1-8303-8B558BC1BA98} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-04-01] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) ==============

2011-07-27 21:07 - 2011-07-27 21:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-12-20 15:02 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-10-08 07:18 - 2010-10-08 07:18 - 00056592 _____ () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
2010-09-02 09:24 - 2010-09-02 09:24 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00019456 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00026624 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00035328 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00119296 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2010-11-16 15:38 - 2010-11-16 15:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2010-10-08 07:18 - 2010-10-08 07:18 - 00957712 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2010-09-02 09:24 - 2010-09-02 09:24 - 00028160 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2010-09-02 09:25 - 2010-09-02 09:25 - 00040448 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00030720 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2010-10-08 07:18 - 2010-10-08 07:18 - 00697616 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2011-09-09 19:46 - 2011-09-09 19:46 - 08158720 _____ () c:\xampp\mysql\bin\mysqld.exe
2014-12-10 00:22 - 2014-12-10 00:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-04-15 18:39 - 2013-04-15 18:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-01-12 19:39 - 2014-01-12 19:39 - 00728424 _____ () C:\Program Files\TortoiseGit\bin\libgit2.dll
2014-01-12 19:39 - 2014-01-12 19:39 - 00087400 _____ () C:\Program Files\TortoiseGit\bin\zlib1.dll
2011-03-15 08:19 - 2011-03-15 08:19 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-08-23 19:24 - 2009-08-23 19:24 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2011-02-09 02:56 - 2011-02-09 02:56 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2011-12-20 14:38 - 2010-10-26 14:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2010-11-29 04:34 - 2010-11-29 04:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-05-06 11:11 - 2011-10-04 04:04 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2011-01-12 16:05 - 2011-01-12 16:05 - 00065536 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
2011-01-12 08:08 - 2011-01-12 08:08 - 00150032 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll
2010-08-31 13:09 - 2010-08-31 13:09 - 00956480 _____ () C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqmjps.dll
2011-12-19 18:51 - 2011-05-26 18:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2014-01-12 19:31 - 2014-01-12 19:31 - 00550248 _____ () C:\Program Files\TortoiseGit\bin\libgit232.dll
2014-01-12 19:31 - 2014-01-12 19:31 - 00077160 _____ () C:\Program Files\TortoiseGit\bin\zlib132.dll
2011-03-15 08:13 - 2011-03-15 08:13 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-17 20:56 - 2013-12-05 21:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-08-12 06:20 - 2011-08-12 06:20 - 00247400 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\System:$WIMMOUNTDATA
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
AlternateDataStreams: C:\Users\manni\Downloads\Defogger.exe:$CmdZnID
AlternateDataStreams: C:\Users\manni\Downloads\FRST64.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-748579090-2159190992-1044474020-1528\Control Panel\Desktop\\Wallpaper -> C:\Users\manni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.19.254.8 - 172.19.255.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
MSCONFIG\startupreg: HW_OPENEYE_OUC_Mobile Partner => "C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe"
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: McAfeeUpdaterUI => "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: PowerDVD12Agent => "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
MSCONFIG\startupreg: PowerDVD12DMREngine => "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: ShStatEXE => "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
MSCONFIG\startupreg: WekaUpdateCenter => C:\Program Files (x86)\Common Files\Weka\Update Manager\WekaUpdateManager.exe /autostart

==================== Accounts: =============================

Administrator (S-1-5-21-3210954253-528678137-795811057-500 - Administrator - Disabled)
Gast (S-1-5-21-3210954253-528678137-795811057-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3210954253-528678137-795811057-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2015 10:39:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7a4

Startzeit: 01d06ac4719c8e05

Endzeit: 13

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 2e486ae1-d6b8-11e4-bf06-9e997716a562

Error: (03/30/2015 09:42:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 09:41:54 AM) (Source: WebSphere MQ) (EventID: 7121) (User: )
Description: Der Testzeitraum für dieses Exemplar von WebSphere MQ ist jetzt abgelaufen.



Dieses Exemplar von WebSphere MQ wurde nur für einen begrenzten Zeitraum lizenziert. Dieser Zeitraum ist abgelaufen.



Installieren Sie eine Lizenz für den Einsatz dieses Exemplars von WebSphere MQ in einer produktiven Umgebung.

Error: (03/30/2015 09:40:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.


Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.
.

Error: (03/30/2015 09:40:11 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:40:11 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaUserGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:42 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:42 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaUserGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:02 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:02 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaUserGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)


System errors:
=============
Error: (03/30/2015 10:34:54 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 10:34:54 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 10:34:53 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 09:57:09 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: BCINTERN)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (03/30/2015 09:54:40 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 09:54:40 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 09:47:59 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 09:47:58 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 09:47:58 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 09:47:58 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.


Microsoft Office Sessions:
=========================
Error: (03/30/2015 10:39:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe26.0.0.50877a401d06ac4719c8e0513C:\Program Files (x86)\Mozilla Firefox\firefox.exe2e486ae1-d6b8-11e4-bf06-9e997716a562

Error: (03/30/2015 09:42:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 09:41:54 AM) (Source: WebSphere MQ) (EventID: 7121) (User: )
Description: 002000712100

Error: (03/30/2015 09:40:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (03/30/2015 09:40:11 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:40:11 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaUserGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:42 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:42 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaUserGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:02 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:02 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaUserGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
Percentage of memory in use: 56%
Total physical RAM: 8075.23 MB
Available physical RAM: 3541.69 MB
Total Pagefile: 16265.43 MB
Available Pagefile: 9811.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:117.19 GB) (Free:14.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive v: (SYSTEM) (Network) (Total:117.19 GB) (Free:14.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 21DD3534)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Themen zu Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität
bildschirm, bluescreen 002000712100, computer, conhost.exe, cpu-last, fehlercode 22, fehlercode 28, fehlercode windows, festplatte, flash player, homepage, lightning, msiexec.exe, programm, prozesse, registry, software, svchost.exe, this device is disabled. (code 22), trojan.agent.ed, trojan.clicker.fms, trojan.fakems.ed, trojan.fakems.svsgen2, virtualbox


« Windows 8.1: Adware eingefangen (Delta)? | LOG Datei von AdwCleaner interpretieren »


Ähnliche Themen: Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität


  1. Troj/AndroMem-B in C:\Windows\SysWOW64\msiexec.exe
    Plagegeister aller Art und deren Bekämpfung - 02.11.2015 (11)
  2. Nach USB-Stick: Avast meldet blockieren der Websites disorderstatus.ru und diferentia.ru; Prozess windows\SysWOW64\msiexec
    Log-Analyse und Auswertung - 14.09.2015 (13)
  3. Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere verdächtige Aktivitäten
    Log-Analyse und Auswertung - 19.07.2015 (19)
  4. Verdächtige aktivität nach aufruf einer Spam seite
    Plagegeister aller Art und deren Bekämpfung - 04.09.2014 (1)
  5. conhost.exe startet und beendet sich mehrfach alle paar Sekunden in der Prozessliste (win7-64bit)
    Plagegeister aller Art und deren Bekämpfung - 12.08.2014 (9)
  6. [3x Conhost?] Ständig laufen 3 Conhost.exe -Anwendungen
    Log-Analyse und Auswertung - 17.06.2014 (7)
  7. Pc installiert ungefragt zahlreiche äußerst fragwürdige Virenscanner
    Log-Analyse und Auswertung - 15.06.2014 (1)
  8. Lollipop und andere Viren entfernen- Windows8; 64bit
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (5)
  9. Windows 7: AV 3 verdächtige Funde
    Log-Analyse und Auswertung - 26.10.2013 (7)
  10. Windows 7 - Firefox 24.0 - Nach unbestimmter Zeit ohne Aktivität öffnen sich ungewollte Werbeseiten
    Log-Analyse und Auswertung - 09.10.2013 (3)
  11. Windows 7: u.A. Lange Bootzeit / Verdächtige Dateien im Ordner Windows/SysWOW64
    Log-Analyse und Auswertung - 23.09.2013 (21)
  12. c:\Windows\System32\conhost.exe erzeugt 99% GPU-Last
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (11)
  13. Hohe Arbeitsspeicherauslastung des Windows Installer (msiexec.exe) unter Win 8
    Log-Analyse und Auswertung - 18.11.2012 (1)
  14. conhost.exe in C:\Windows\Temp\ AUSLÖSER: KGB - Keylogger
    Log-Analyse und Auswertung - 22.08.2011 (10)
  15. conhost.exe in C:\Windows\Temp\ frisst Ressourcen (doppelt )
    Mülltonne - 21.08.2011 (0)
  16. btaskv.dll ... äußerst Merkwürdig
    Plagegeister aller Art und deren Bekämpfung - 28.03.2008 (13)
  17. Verdächtige EXE-Dateien in C:\Windows\Temp
    Log-Analyse und Auswertung - 17.07.2005 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Guten Tag liebe Helfer, ich habe seit einigen Wochen verdächtige Aktivitäten folgender Dateien bemerkt: cmd.exe conhost.exe msiexec.exe Gelegentlich scheinen zufällige Anwendungen laut meinem proaktiven Schutz von Comodo die Rechte für - Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität...
Archiv
Du betrachtest: Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19