Windows 8: verschiedene Viren noch vorhanden?
Hallo,
wir haben ein Windows 8 Laptop. Nachdem ich diverse Viren mittels verschiedener Programme gefunden habe, möchte ich nun feststellen, ob noch Reste auf dem Laptop vorhanden sind. Vielen Dank schon einmal im voraus.
Hier die Log-Dateien mittel FRST: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Tom H (administrator) on TOM on 07-02-2015 00:16:08
Running from C:\Users\Tom H\Desktop
Loaded Profiles: Tom H (Available profiles: Tom H)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3126110199-1934577033-2280721590-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3126110199-1934577033-2280721590-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3126110199-1934577033-2280721590-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3126110199-1934577033-2280721590-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3126110199-1934577033-2280721590-1001 -> {95C7D338-2AA8-4A36-BE73-7C5048142175} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Tom H\AppData\Roaming\Mozilla\Firefox\Profiles\3lkK1lUd.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Extension: Avira Browser Safety - C:\Users\Tom H\AppData\Roaming\Mozilla\Firefox\Profiles\3lkK1lUd.default\Extensions\abs@avira.com [2015-01-25]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [310912 2013-05-31] (Windows (R) Win 7 DDK provider)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2800896 2014-05-02] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-22] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2013-04-21] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 00:16 - 2015-02-07 00:16 - 00011461 _____ () C:\Users\Tom H\Desktop\FRST.txt
2015-02-07 00:16 - 2015-02-07 00:16 - 00000000 ____D () C:\FRST
2015-02-07 00:15 - 2015-02-07 00:14 - 02131968 _____ (Farbar) C:\Users\Tom H\Desktop\FRST64.exe
2015-02-07 00:14 - 2015-02-07 00:14 - 02131968 _____ (Farbar) C:\Users\Tom H\Downloads\FRST64.exe
2015-02-06 23:55 - 2015-02-06 23:55 - 00000000 ____D () C:\Users\Tom H\AppData\Roaming\java
2015-02-06 23:46 - 2015-02-06 23:46 - 00016246 _____ () C:\ComboFix.txt
2015-02-06 23:37 - 2015-02-06 23:37 - 00000548 _____ () C:\Windows\PFRO.log
2015-02-06 23:25 - 2015-02-06 23:46 - 00000000 ____D () C:\Qoobox
2015-02-06 23:25 - 2015-02-06 23:41 - 00000000 ____D () C:\Windows\erdnt
2015-02-06 23:25 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-06 23:25 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-06 23:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-06 23:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-06 23:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-06 23:25 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-02-06 23:25 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-06 23:25 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-06 23:25 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-06 23:24 - 2015-02-06 23:24 - 05611380 ____R (Swearware) C:\Users\Tom H\Desktop\ComboFix.exe
2015-02-06 23:24 - 2015-02-06 23:24 - 05611380 _____ (Swearware) C:\Users\Tom H\Downloads\ComboFix.exe
2015-02-06 21:18 - 2015-02-06 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-02-06 21:12 - 2015-02-06 21:12 - 00000672 _____ () C:\Users\Tom H\Desktop\JRT.txt
2015-02-06 21:07 - 2015-02-06 21:07 - 01388274 _____ (Thisisu) C:\Users\Tom H\Downloads\JRT.exe
2015-02-06 20:32 - 2015-02-06 20:34 - 00000000 ____D () C:\AdwCleaner
2015-02-06 20:31 - 2015-02-06 20:31 - 02112512 _____ () C:\Users\Tom H\Downloads\AdwCleaner_4.110.exe
2015-02-06 20:01 - 2015-02-06 20:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 20:01 - 2015-02-06 20:01 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 20:01 - 2015-02-06 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-06 20:01 - 2015-02-06 20:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 20:01 - 2015-02-06 20:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 20:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 20:01 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 20:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 20:00 - 2015-02-06 20:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tom H\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-03 20:14 - 2015-02-03 20:14 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-27 19:37 - 2015-01-27 19:37 - 00814735 _____ () C:\Users\Tom H\Downloads\OptiFine_1.7.9_HD_U_D2 (1).jar
2015-01-27 19:36 - 2015-01-27 19:36 - 00814735 _____ () C:\Users\Tom H\Downloads\OptiFine_1.7.9_HD_U_D2.jar
2015-01-25 00:32 - 2015-01-25 00:32 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-25 00:32 - 2015-01-25 00:32 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-25 00:32 - 2015-01-25 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-25 00:32 - 2015-01-25 00:32 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-25 00:31 - 2015-01-25 00:31 - 04188536 _____ (Piriform Ltd) C:\Users\Tom H\Downloads\ccsetup501_slim.exe
2015-01-25 00:30 - 2015-01-25 00:30 - 00000000 ____D () C:\Users\Tom H\AppData\Roaming\Mozilla
2015-01-25 00:30 - 2015-01-25 00:29 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-25 00:29 - 2015-02-03 20:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-25 00:28 - 2015-02-03 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-25 00:28 - 2015-01-25 00:28 - 00002074 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-25 00:28 - 2015-01-25 00:28 - 00000000 ____D () C:\Users\Tom H\AppData\Roaming\Avira
2015-01-25 00:27 - 2015-02-03 20:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-25 00:27 - 2015-01-25 00:29 - 00000000 ____D () C:\ProgramData\Avira
2015-01-25 00:27 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-25 00:27 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-25 00:27 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-25 00:23 - 2015-01-25 00:24 - 154051656 _____ () C:\Users\Tom H\Downloads\avira_free_antivirus468_de.exe
2015-01-24 10:19 - 2015-01-24 10:19 - 00882551 _____ () C:\Users\Tom H\Downloads\OptiFine_1.7.2_HD_U_D4.jar
2015-01-17 18:30 - 2015-01-17 18:30 - 00888180 _____ () C:\Users\Tom H\Downloads\OptiFine_1.8.1_HD_U_C3.jar
2015-01-17 18:26 - 2014-11-27 03:40 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-17 18:26 - 2014-11-27 02:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-17 18:26 - 2014-11-15 07:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-17 18:26 - 2014-11-15 06:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-17 18:26 - 2014-11-15 06:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-17 18:26 - 2014-11-15 06:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-17 18:26 - 2014-11-15 06:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-17 18:26 - 2014-11-15 06:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-17 18:26 - 2014-11-15 06:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-17 18:26 - 2014-11-15 06:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-17 18:26 - 2014-11-15 06:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-17 18:26 - 2014-11-15 04:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-17 18:26 - 2014-11-15 04:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-17 18:26 - 2014-11-15 04:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-17 18:26 - 2014-11-15 04:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-17 18:25 - 2014-12-19 07:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 18:25 - 2014-12-19 05:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 18:25 - 2014-12-11 08:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-17 18:25 - 2014-12-11 07:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-17 18:25 - 2014-12-06 08:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-17 18:25 - 2014-12-06 08:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-17 18:25 - 2014-12-06 08:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-17 18:25 - 2014-12-06 08:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-17 18:25 - 2014-12-06 08:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-17 18:25 - 2014-12-06 08:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-17 18:25 - 2014-12-06 08:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-17 18:25 - 2014-12-06 08:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-17 18:25 - 2014-12-06 07:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-17 18:25 - 2014-12-06 07:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-17 18:25 - 2014-12-06 07:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-17 18:25 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-17 18:25 - 2014-11-05 07:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-17 18:25 - 2014-11-05 07:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-17 18:25 - 2014-11-01 07:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-01-17 18:25 - 2014-10-29 15:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-17 18:25 - 2014-10-27 23:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-01-10 09:51 - 2015-01-10 09:52 - 02570679 _____ () C:\Users\Tom H\Downloads\TextureEnder.jar
2015-01-10 09:48 - 2015-01-10 09:48 - 25239492 _____ () C:\Users\Tom H\Downloads\Sphax PureBDcraft 128x MC18.zip
2015-01-09 19:06 - 2015-01-09 19:06 - 00000000 _____ () C:\Users\Tom H\Downloads\jZipSetup-r136-n-bi.exe.0du9u7b.partial
2015-01-09 18:43 - 2015-01-09 18:43 - 00443776 _____ () C:\Users\Tom H\Downloads\MapsGalaxy.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 00:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-02-06 23:57 - 2014-04-12 20:27 - 00000000 ____D () C:\Users\Tom H\AppData\Roaming\.minecraft
2015-02-06 23:53 - 2013-11-19 01:03 - 01658832 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 23:46 - 2014-05-27 13:43 - 00000000 ____D () C:\Users\Tom
2015-02-06 23:46 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default
2015-02-06 23:45 - 2014-05-30 20:31 - 00000000 ____D () C:\Users\Tom H\AppData\Local\CrashDumps
2015-02-06 23:43 - 2013-11-19 09:45 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2015-02-06 23:43 - 2013-11-19 09:45 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2015-02-06 23:43 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 23:39 - 2012-07-26 06:26 - 00000215 _____ () C:\Windows\system.ini
2015-02-06 23:37 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 23:22 - 2014-04-12 20:26 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-06 21:50 - 2014-04-12 20:18 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3126110199-1934577033-2280721590-1001
2015-02-06 21:38 - 2014-04-12 20:26 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-06 21:38 - 2014-04-12 20:26 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-06 21:38 - 2014-04-12 20:26 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-06 21:38 - 2014-04-12 20:26 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-06 21:38 - 2014-04-12 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-06 21:38 - 2014-04-12 20:26 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-06 21:18 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-06 21:18 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-06 21:17 - 2013-11-19 01:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-06 20:38 - 2013-06-04 05:28 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-06 20:27 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\Globalization
2015-02-06 20:21 - 2014-04-12 20:04 - 00000000 ____D () C:\Users\Tom H\AppData\Local\Pokki
2015-02-06 19:56 - 2014-12-28 13:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-06 19:48 - 2014-04-12 21:27 - 00002281 _____ () C:\Users\Tom H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-06 19:48 - 2012-07-26 06:26 - 00000199 _____ () C:\Windows\win.ini
2015-01-25 04:24 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-01-25 00:37 - 2013-06-04 05:59 - 00000000 ____D () C:\Windows\Panther
2015-01-25 00:25 - 2013-06-04 05:28 - 00000000 ____D () C:\Program Files\mcafee
2015-01-25 00:18 - 2014-11-13 18:46 - 00427328 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-24 21:20 - 2014-12-13 20:35 - 00714176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-12-13 20:35 - 00106432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 17:55 - 2014-12-28 14:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-22 20:49 - 2014-04-16 10:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-22 20:46 - 2014-04-16 10:59 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 09:58 - 2014-07-17 18:31 - 12730450 _____ () C:\Users\Tom H\Downloads\JohnSmithLegacy_3.zip
2015-01-09 18:16 - 2014-12-28 14:26 - 00000000 ____D () C:\Users\Tom H\Documents\Tom Berichte
2015-01-09 18:14 - 2014-12-28 14:17 - 00000000 ____D () C:\Users\Tom H\AppData\Local\Deployment
Some content of TEMP:
====================
C:\Users\Tom H\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 17:53
==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Tom H at 2015-02-07 00:16:52
Running from C:\Users\Tom H\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)
Acer Games (HKU\S-1-5-21-3126110199-1934577033-2280721590-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3004.0 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C1500}) (Version: 12.21.0.128 - APN, LLC) <==== ATTENTION
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.6 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.4 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.6.23.203_WHQL (HKLM\...\Elantech) (Version: 11.6.23.203 - ELAN Microelectronic Corp.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-3126110199-1934577033-2280721590-1001\...\Pokki_Start_Menu) (Version: 0.269.5.460 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.228 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.57 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6927 - Realtek Semiconductor Corp.)
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 8.1.0.17 - WildTangent, Inc.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
21-01-2015 19:25:39 Windows Update
25-01-2015 00:14:24 Removed Avira Savings Advisor
06-02-2015 19:46:03 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 06:26 - 2015-02-06 23:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {181EFC9B-D1ED-46C0-8781-296D81E1A256} - System32\Tasks\{F5129A49-9F6E-496C-9672-6CFA71C2B787} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\Die Sims 2\EAUninstall.exe"
Task: {26234AD7-A5EF-4B41-93D6-8504AA98E812} - System32\Tasks\{97303127-65E8-465D-9E65-051AE674325E} => pcalua.exe -a D:\AutoRun.exe
Task: {54773323-F53B-42D0-B59E-82157DD12A4B} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {6764D57A-DA0A-4CD3-A507-3EACFA557C97} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-17] (Acer Incorporate)
Task: {6F1700EF-355A-473E-BBA2-7DAAFDF6713C} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-05-02] (Acer Incorporated)
Task: {7102717A-B900-4271-8C2C-AF3A11DA13B1} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {732CC89D-40A1-467A-87F4-AD09800E9374} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-22] (Microsoft Corporation)
Task: {8E7256F6-B0AA-49E8-A3AA-31A3A888ECD1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {9985A4DD-15ED-4E94-8570-EF53CFE3D1E7} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation)
Task: {F1A11905-6598-43BD-A89C-E8CF4CF5F986} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
==================== Loaded Modules (whitelisted) ==============
2013-06-04 05:54 - 2013-01-16 21:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-11-19 01:34 - 2013-01-14 19:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3126110199-1934577033-2280721590-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3126110199-1934577033-2280721590-500 - Administrator - Disabled)
Gast (S-1-5-21-3126110199-1934577033-2280721590-501 - Limited - Disabled)
Tom H (S-1-5-21-3126110199-1934577033-2280721590-1001 - Administrator - Enabled) => C:\Users\Tom H
==================== Faulty Device Manager Devices =============
Name: Bluetooth USB Adapter
Description: Bluetooth USB Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2015 11:42:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dumphive.3XE, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: dumphive.3XE, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00005c0b
ID des fehlerhaften Prozesses: 0x13f4
Startzeit der fehlerhaften Anwendung: 0xdumphive.3XE0
Pfad der fehlerhaften Anwendung: dumphive.3XE1
Pfad des fehlerhaften Moduls: dumphive.3XE2
Berichtskennung: dumphive.3XE3
Vollständiger Name des fehlerhaften Pakets: dumphive.3XE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: dumphive.3XE5
Error: (02/06/2015 11:28:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dumphive.3XE, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: dumphive.3XE, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00005c0b
ID des fehlerhaften Prozesses: 0x176c
Startzeit der fehlerhaften Anwendung: 0xdumphive.3XE0
Pfad der fehlerhaften Anwendung: dumphive.3XE1
Pfad des fehlerhaften Moduls: dumphive.3XE2
Berichtskennung: dumphive.3XE3
Vollständiger Name des fehlerhaften Pakets: dumphive.3XE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: dumphive.3XE5
Error: (02/06/2015 11:05:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SystemSettings.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e98
Startzeit: 01d0424a7a705aa1
Endzeit: 4294967295
Anwendungspfad: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Berichts-ID: 34e387dc-ae4c-11e4-be8e-201a06af6f55
Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.windows.immersivecontrolpanel
Error: (02/06/2015 11:05:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Tom)
Description: Das Paket „windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (02/06/2015 10:06:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Error: (02/06/2015 09:20:20 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
System errors:
=============
Error: (02/06/2015 11:49:36 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (02/06/2015 11:36:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (02/06/2015 11:35:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys
Error: (02/06/2015 11:32:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (02/06/2015 09:18:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%16389
Error: (02/06/2015 09:18:15 PM) (Source: DCOM) (EventID: 10010) (User: Tom)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Microsoft Office Sessions:
=========================
Error: (12/28/2014 03:12:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1953 seconds with 960 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-02-06 23:35:27.707
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz
Percentage of memory in use: 33%
Total physical RAM: 3985.27 MB
Available physical RAM: 2631.47 MB
Total Pagefile: 5009.27 MB
Available Pagefile: 3397.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:446.75 GB) (Free:381.09 GB) NTFS
Drive d: (Sims2) (CDROM) (Total:2.73 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00E4EB27)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Emsisoft Emergency Kit herunter.
dann auf 
und dann auf 
. 