Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner an Bord

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.12.2014, 03:14   #1
herzmensch
 
Trojaner an Bord - Standard

Trojaner an Bord



Liebe Mitglieder

Ich hatte vor kurzem vom meiner Firewall (Comodo) eine Warnung bezüglich eines Trojaners. Mit diesem Trojaner (Bild2) kamen verschiedene Meldungen, ich solle dies und das erlauben (Siehe Bild). Als ich die Datei überprüfen wollte, existierte sie nicht.

Ich habe dann meine Firewall in Hips auf *Sicherer Modus* gestellt und habe die Firewall auf Proaktiv Security eingestellt. Dann kam nur noch ein schwarzer Bildschirm und nur den Task Manager konnte ich bedienen. Ich habe den Pc zurückgesetzt, mit mühe den Antivir neu installiert und habe jetzt alles wieder umgestellt (Firewall), jedoch ist der Pc immer noch langsam.

Ich habe mich an Eure Anweisungen gehalten. Der Defogger hat keine Probleme angegeben. Der Malewarebites hat nur ein Problem von Softonic angegeben. Nichts weiter. Die Posts von First seht ihr.




FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Alexander (administrator) on HEARD on 16-12-2014 02:49:59
Running from C:\Users\Alexander\Downloads
Loaded Profiles: UpdatusUser & Alexander (Available profiles: UpdatusUser & Alexander)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions Inc.) C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [gbrspcontrol] => C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [1851088 2012-11-26] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-12-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GBMLite8AgentLaCie] => C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe [189056 2008-09-18] (Genie-soft)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-12-14] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-12-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\Run: [GBMLite8AgentLaCie] => C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe [189056 2008-09-18] (Genie-soft)
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\Run: [LaCie Backup] => C:\Program Files (x86)\LaCie\Backup Software\\LaCieBackup.exe [2600960 2007-12-03] (LaCie SA)
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\RunOnce: [Uninstall C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\RunOnce: [Uninstall C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cardisabled ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2127761620-263245445-1561870019-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
SearchScopes: HKLM-x32 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> DefaultScope {9E31384B-B8C1-47E9-90D3-F47C2C92E743} URL = 
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {07E9E396-7F33-44E7-B066-CBF21B021CF4} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=75b0956a-7e55-491a-b118-4cab8277ef97&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {27E1DED4-EDB0-4E4B-A13B-DDA98E3E4F13} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=75b0956a-7e55-491a-b118-4cab8277ef97&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {2EECB4C1-B310-4039-9372-94D19751826A} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=75b0956a-7e55-491a-b118-4cab8277ef97&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {9D669AE8-B88C-4384-ABF2-1109999D6FD6} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=75b0956a-7e55-491a-b118-4cab8277ef97&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {9E31384B-B8C1-47E9-90D3-F47C2C92E743} URL = 
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {A1CC19AC-9555-47FB-825C-DDC4F5F09D55} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=75b0956a-7e55-491a-b118-4cab8277ef97&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {A56517D7-41EA-4EA0-9F4C-715CB3AF232C} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=75b0956a-7e55-491a-b118-4cab8277ef97&pid=ccleanerde&mode=bounce&k=0
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3E66DC7E-1DDF-4498-AC18-B67AAEC37C10}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{54D06BD9-5899-4B7A-9B9B-7B096776C8DA}: [NameServer] 156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084
FF Homepage: https://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{182819A4-76E1-4904-B524-57BD97D331FE}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{1ECF327F-9323-4F78-915A-B773D82836B4}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{2F1EFC18-1E34-4556-BFBF-55F9C96AA2B3}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{46684930-0392-4B6A-9D23-9C58CD4D3695}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{DBA6F414-2532-49D1-96E0-38227CAB4E68}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{E570FFCE-FBB6-4C39-B969-0B13BC7ADC96}.xml
FF Extension: German Dictionary - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-10]
FF Extension: Facebook Blocker - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\Extensions\info@skymeissner.com.xpi [2014-01-13]
FF Extension: Adblock Plus - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-13]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-14] (Avira Operations GmbH & Co. KG)
S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-12-14] (Avira Operations GmbH & Co. KG)
S2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-21] (Broadcom Corp.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe [70352 2012-12-19] (Comodo Security Solutions Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [1851088 2012-11-26] (Comodo Security Solutions, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-06] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 AddonsHelper; C:\Users\Alexander\AppData\Local\Temp\OCS\Downloads\d340164aef134ca45f5d3a3a8b8d1b79\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-12-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-12-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-12-14] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [40224 2012-09-21] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2014-12-09] (COMODO)
R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [35080 2014-12-09] (COMODO)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2014-12-09] (COMODO)
S0 jllwdb; No ImagePath
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-06] (Dritek System Inc.)
S0 tvelms; No ImagePath
S0 vhjrap; No ImagePath
S0 wjtvys; No ImagePath
S0 zedltn; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 02:49 - 2014-12-16 02:50 - 00021573 _____ () C:\Users\Alexander\Downloads\FRST.txt
2014-12-16 02:49 - 2014-12-16 02:50 - 00000000 ____D () C:\FRST
2014-12-16 02:49 - 2014-12-16 02:49 - 02119168 _____ (Farbar) C:\Users\Alexander\Downloads\FRST64.exe
2014-12-16 02:48 - 2014-12-16 02:48 - 00000480 _____ () C:\Users\Alexander\Downloads\defogger_disable.log
2014-12-16 02:48 - 2014-12-16 02:48 - 00000000 _____ () C:\Users\Alexander\defogger_reenable
2014-12-16 02:47 - 2014-12-16 02:47 - 00050477 _____ () C:\Users\Alexander\Downloads\Defogger.exe
2014-12-16 02:47 - 2014-12-16 02:47 - 00050477 _____ () C:\Users\Alexander\Downloads\Defogger(1).exe
2014-12-16 02:30 - 2014-12-14 01:14 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-16 02:30 - 2014-12-14 01:14 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-16 01:53 - 2014-12-16 01:53 - 00112956 _____ () C:\Users\Alexander\AppData\Local\recently-used.xbel
2014-12-14 05:07 - 2014-12-14 05:07 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Avira
2014-12-14 04:59 - 2014-12-14 05:00 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-14 04:59 - 2014-12-14 05:00 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-14 04:59 - 2014-12-14 05:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-14 04:52 - 2014-12-14 05:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-14 04:52 - 2014-12-14 04:59 - 00000000 ____D () C:\ProgramData\Avira
2014-12-14 04:52 - 2014-12-14 04:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-14 04:52 - 2014-12-14 04:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-14 03:42 - 2014-12-16 02:33 - 00003308 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-12-14 03:42 - 2014-12-14 03:42 - 00000000 ___HD () C:\VTRoot
2014-12-14 03:33 - 2014-12-16 02:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-14 03:32 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-14 03:32 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-14 03:32 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-14 03:30 - 2014-12-14 03:30 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Alexander\Downloads\avira_de_av_5711525820__ws.exe
2014-12-14 02:49 - 2014-12-14 02:49 - 00000295 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (5).lnk
2014-12-14 02:49 - 2014-12-14 02:49 - 00000295 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (4).lnk
2014-12-14 02:47 - 2014-12-14 02:47 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Alexander\Downloads\avira_de_av___ws.exe
2014-12-14 01:47 - 2014-12-14 03:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-14 01:47 - 2014-12-14 01:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-14 01:20 - 2014-12-14 01:20 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-12-14 01:20 - 2014-12-14 01:20 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-14 01:20 - 2014-12-14 01:20 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-14 01:20 - 2014-12-14 01:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-12-14 01:20 - 2014-12-14 01:20 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-14 01:18 - 2014-12-14 01:18 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-12-14 01:18 - 2014-12-14 01:18 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-12-14 01:18 - 2014-12-14 01:18 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-14 01:18 - 2014-12-14 01:18 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-14 01:16 - 2014-12-14 01:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-14 01:16 - 2014-12-14 01:16 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-14 01:16 - 2014-12-14 01:16 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-14 01:16 - 2014-11-21 08:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-14 01:16 - 2014-11-21 07:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-14 01:15 - 2014-12-14 01:15 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 01125376 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-14 01:15 - 2014-12-14 01:15 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-14 01:15 - 2014-12-14 01:15 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-14 01:14 - 2014-12-14 01:14 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-14 01:14 - 2014-12-14 01:14 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-14 01:14 - 2014-12-14 01:14 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-14 01:14 - 2014-12-14 01:14 - 00510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-14 01:13 - 2014-12-14 01:13 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-13 16:12 - 2014-12-13 16:12 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-13 16:12 - 2014-12-13 16:12 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-13 16:12 - 2014-12-13 16:12 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-13 15:43 - 2014-12-16 01:42 - 01894095 ____N () C:\Windows\WindowsUpdate.log
2014-12-12 15:32 - 2014-12-14 02:19 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Cliqz
2014-12-01 17:01 - 2014-12-14 03:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-25 23:53 - 2014-12-14 02:08 - 122762488 _____ (Microsoft Corporation) C:\Users\Alexander\Downloads\msert(1).exe
2014-11-18 01:39 - 2014-11-18 02:28 - 00000000 ____D () C:\Users\Alexander\Documents\Kettler

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 02:48 - 2013-02-13 00:31 - 00000000 ____D () C:\Users\Alexander
2014-12-16 02:35 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 02:27 - 2014-08-13 14:07 - 00319296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-16 02:24 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-16 02:21 - 2013-02-13 07:18 - 00000000 ____D () C:\Users\Alexander\AppData\Local\CrashDumps
2014-12-16 02:19 - 2013-02-16 19:01 - 00000000 ____D () C:\Users\Alexander\.gimp-2.8
2014-12-16 02:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-12-16 01:31 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-16 01:24 - 2013-02-19 19:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-14 04:41 - 2013-08-18 13:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-14 04:35 - 2014-03-06 15:01 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-14 04:35 - 2013-02-15 18:41 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-14 03:59 - 2013-04-12 10:44 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-12-14 03:42 - 2012-11-06 09:39 - 01473568 _____ () C:\Windows\system32\perfh007.dat
2014-12-14 03:42 - 2012-11-06 09:39 - 00386860 _____ () C:\Windows\system32\perfc007.dat
2014-12-14 02:52 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-14 02:28 - 2014-07-10 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-14 02:28 - 2012-07-26 06:37 - 00000000 ____D () C:\Windows\servicing
2014-12-14 02:27 - 2012-07-26 09:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-14 02:27 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-12-14 02:27 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-14 02:27 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-14 02:27 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-12-14 02:27 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\setup
2014-12-14 02:26 - 2014-03-09 10:33 - 00000000 ____D () C:\Users\Public\CyberLink
2014-12-14 02:26 - 2013-12-25 12:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-14 02:26 - 2013-06-25 14:41 - 00000000 ____D () C:\Users\Alexander\AppData\Local\clear.fi
2014-12-14 02:26 - 2013-06-11 22:21 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\RegCool
2014-12-14 02:26 - 2013-02-16 19:02 - 00000000 ____D () C:\ProgramData\MGTEK
2014-12-14 02:26 - 2012-11-06 09:37 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-12-14 02:26 - 2012-09-03 12:19 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-14 02:23 - 2014-07-10 15:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-14 02:23 - 2013-02-18 13:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-14 02:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\registration
2014-12-13 15:43 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-12-12 20:23 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-09 01:20 - 2013-01-24 21:43 - 00437792 _____ (COMODO) C:\Windows\system32\guard64.dll
2014-12-09 01:20 - 2013-01-24 21:43 - 00352272 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2014-12-09 01:20 - 2013-01-24 21:43 - 00040736 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2014-12-09 01:20 - 2013-01-24 21:42 - 00354520 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2014-12-09 01:20 - 2013-01-24 21:42 - 00286424 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2014-12-09 01:20 - 2013-01-24 21:42 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2014-12-09 01:20 - 2013-01-24 21:42 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2014-12-09 01:20 - 2013-01-16 18:51 - 00807568 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2014-12-09 01:20 - 2013-01-16 18:51 - 00126208 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2014-12-09 01:20 - 2013-01-16 18:51 - 00035080 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2014-12-09 01:20 - 2013-01-16 18:51 - 00020184 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2014-12-06 16:22 - 2014-10-16 21:34 - 00000000 ____D () C:\Users\Alexander\Documents\Uhrensammlung
2014-12-03 10:54 - 2013-02-18 17:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-28 12:45 - 2013-02-13 00:59 - 00000000 ____D () C:\Users\Alexander\Documents\Schätzäli
2014-11-26 01:45 - 2013-02-13 00:38 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2127761620-263245445-1561870019-1002
2014-11-25 23:09 - 2014-08-28 21:49 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Adobe
2014-11-25 23:09 - 2013-11-08 22:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-25 23:08 - 2013-07-01 17:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-25 23:08 - 2013-02-19 19:44 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 23:06 - 2014-08-19 14:33 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-25 23:06 - 2014-08-19 14:33 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-25 23:06 - 2014-08-19 14:33 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-25 23:06 - 2014-08-19 14:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-25 23:06 - 2013-11-08 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-24 15:40 - 2012-07-26 08:28 - 01772590 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-18 11:04 - 2013-02-12 10:34 - 00000000 ____D () C:\Users\Alexander\Desktop\Glaube

Some content of TEMP:
====================
C:\Users\Alexander\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-12 17:53

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Alexander at 2014-12-16 02:54:32
Running from C:\Users\Alexander\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.2308 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.03.2004.0 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.03.2004.0 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP495 series Benutzerregistrierung (HKLM-x32\...\Canon MP495 series Benutzerregistrierung) (Version:  - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.3 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
COMODO Internet Security (HKLM\...\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}) (Version: 6.0.2566.2708 - COMODO Security Solutions Inc.)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.)
GeekBuddy (HKLM-x32\...\{43C0CACD-F9A8-4F17-A84C-0A203B2BAE6D}) (Version: 4.3.43 - Comodo Security Solutions Inc)
Genie Backup Assistant (HKLM-x32\...\{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1) (Version: 8.0.364.534 - LaCie)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
HDR Projects platin Demo (64-Bit) (HKLM\...\HDR Projects platin Demo_is1) (Version: 1.21 - Franzis Verlag GmbH)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LaCie Backup Software v1.7.2893 (HKLM-x32\...\{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}) (Version: 1.7.2893 - LaCie SA)
LaCie Desktop Manager 2.1.3 (HKLM-x32\...\{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1) (Version: 2.1.3 - LaCie)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

04-12-2014 00:39:17 Geplanter Prüfpunkt
12-12-2014 13:54:43 Geplanter Prüfpunkt
14-12-2014 00:02:10 Installed QuickTime 7
14-12-2014 00:58:47 Wiederherstellungsvorgang

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2013-12-25 14:02 - 00450639 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {056DC531-D794-4391-8A6B-C16C472DDC28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {234A859C-628E-4A7E-8DE0-F23C1E39B138} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {3B04812C-632E-440A-9B5B-B3AEF5B353AF} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {4C3D05D0-A663-40D6-AE59-81AC0F0C8B67} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {50C7FABB-61BA-4DF8-9B14-D767BFE59CFC} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {5538C073-B43E-4D37-80E1-F594E51B8DBD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {82A33F17-1025-4A07-894B-EE94FA7B0192} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {B7FF15ED-EA7E-4BD3-861B-A8B8547E91C3} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {B8C26AEE-5B29-42FC-B8C3-016E26202466} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-14] (Microsoft Corporation)
Task: {C29914B2-FB69-4A6D-ADCA-C1C36A633DD5} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {C341B950-78E9-4675-92A8-24B8C322BA0D} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {E1B232EC-44E8-4A4C-974B-D2ECB59CF591} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {E3A2E92C-8A5E-469E-83FB-DFCC1F111F33} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {FAEE2106-6E18-441D-B4F9-B75652015D4B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 ____N () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-11-06 09:03 - 2013-08-29 23:43 - 00097568 ____N () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-20 19:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-02-12 18:06 - 2013-01-22 21:41 - 00093768 ____N () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-01-28 13:45 - 2013-01-28 13:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 13:42 - 2013-01-28 13:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 13:47 - 2013-01-28 13:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-09-03 12:50 - 2012-08-08 16:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-22 23:04 - 2012-08-22 23:04 - 00044176 ____N () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-02 15:38 - 2012-11-02 15:38 - 00465384 ____N () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-02 15:37 - 2012-11-02 15:37 - 00125504 ____N () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-02 15:38 - 2012-11-02 15:38 - 00155712 ____N () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-02 15:37 - 2012-11-02 15:37 - 00118336 ____N () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-02 15:37 - 2012-11-02 15:37 - 01081408 ____N () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-02 15:37 - 2012-11-02 15:37 - 00052288 ____N () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-02 15:37 - 2012-11-02 15:37 - 00727616 ____N () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2014-11-15 22:36 - 2014-11-15 22:36 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-02-12 18:06 - 2013-01-22 21:41 - 00075848 ____N () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2012-11-06 09:11 - 2012-06-25 18:41 - 01198912 ____N () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-14 03:41 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcr120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tssdisai.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcr120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avgntflt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avipbb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avkmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Users\Alexander\Downloads\Defogger(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Alexander\Downloads\Defogger(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Alexander\Downloads\Defogger.exe:$CmdTcID
AlternateDataStreams: C:\Users\Alexander\Downloads\Defogger.exe:$CmdZnID
AlternateDataStreams: C:\Users\Alexander\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Alexander\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Alexander\Downloads\msert(1).exe:$CmdTcID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: TapiSrv => 3
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "gbrspcontrol"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "GBMLite8AgentLaCie"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "Uninstall C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "Uninstall C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "GBMLite8AgentLaCie"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "LaCie Desktop Manager 2 Startup"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "LaCie Backup"

========================= Accounts: ==========================

Administrator (S-1-5-21-2127761620-263245445-1561870019-500 - Administrator - Disabled)
Alexander (S-1-5-21-2127761620-263245445-1561870019-1002 - Administrator - Enabled) => C:\Users\Alexander
Gast (S-1-5-21-2127761620-263245445-1561870019-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2127761620-263245445-1561870019-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microphone (Realtek High Definition Audio)
Description: Audioendpunkt
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HD WebCam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/16/2014 02:37:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Name des fehlerhaften Moduls: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005fc4
ID des fehlerhaften Prozesses: 0x30c
Startzeit der fehlerhaften Anwendung: 0xBrcmCardReader.exe0
Pfad der fehlerhaften Anwendung: BrcmCardReader.exe1
Pfad des fehlerhaften Moduls: BrcmCardReader.exe2
Berichtskennung: BrcmCardReader.exe3
Vollständiger Name des fehlerhaften Pakets: BrcmCardReader.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BrcmCardReader.exe5

Error: (12/16/2014 02:35:40 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (12/16/2014 02:33:21 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x00000005

Error: (12/16/2014 02:30:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Name des fehlerhaften Moduls: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005fc4
ID des fehlerhaften Prozesses: 0x7b8
Startzeit der fehlerhaften Anwendung: 0xBrcmCardReader.exe0
Pfad der fehlerhaften Anwendung: BrcmCardReader.exe1
Pfad des fehlerhaften Moduls: BrcmCardReader.exe2
Berichtskennung: BrcmCardReader.exe3
Vollständiger Name des fehlerhaften Pakets: BrcmCardReader.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BrcmCardReader.exe5

Error: (12/16/2014 02:28:17 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (12/16/2014 02:20:53 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\Windows\system32\mscoree.dll8

Error: (12/16/2014 01:10:51 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (12/16/2014 00:29:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Name des fehlerhaften Moduls: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005fc4
ID des fehlerhaften Prozesses: 0x344
Startzeit der fehlerhaften Anwendung: 0xBrcmCardReader.exe0
Pfad der fehlerhaften Anwendung: BrcmCardReader.exe1
Pfad des fehlerhaften Moduls: BrcmCardReader.exe2
Berichtskennung: BrcmCardReader.exe3
Vollständiger Name des fehlerhaften Pakets: BrcmCardReader.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BrcmCardReader.exe5

Error: (12/16/2014 00:29:11 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (12/14/2014 04:55:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Name des fehlerhaften Moduls: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005fc4
ID des fehlerhaften Prozesses: 0x7b4
Startzeit der fehlerhaften Anwendung: 0xBrcmCardReader.exe0
Pfad der fehlerhaften Anwendung: BrcmCardReader.exe1
Pfad des fehlerhaften Moduls: BrcmCardReader.exe2
Berichtskennung: BrcmCardReader.exe3
Vollständiger Name des fehlerhaften Pakets: BrcmCardReader.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BrcmCardReader.exe5


System errors:
=============
Error: (12/16/2014 02:37:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Broadcom Card Reader Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/16/2014 02:35:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AddonsHelper" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/16/2014 02:35:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎12.‎2014 um 02:32:00 unerwartet heruntergefahren.

Error: (12/16/2014 02:33:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/16/2014 02:32:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/16/2014 02:30:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Broadcom Card Reader Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/16/2014 02:28:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AddonsHelper" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/16/2014 02:27:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎12.‎2014 um 02:08:45 unerwartet heruntergefahren.

Error: (12/16/2014 02:16:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/16/2014 02:13:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (12/16/2014 02:37:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BrcmCardReader.exe1.0.1.05032b842BrcmCardReader.exe1.0.1.05032b842c00000050000000000005fc430c01d018d0968807a2C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exeC:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe21e94513-84c4-11e4-8352-689423ba5927

Error: (12/16/2014 02:35:40 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (12/16/2014 02:33:21 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x00000005

Error: (12/16/2014 02:30:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BrcmCardReader.exe1.0.1.05032b842BrcmCardReader.exe1.0.1.05032b842c00000050000000000005fc47b801d018cf8ee729a0C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exeC:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe23321817-84c3-11e4-8351-689423ba5927

Error: (12/16/2014 02:28:17 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (12/16/2014 02:20:53 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\Windows\system32\mscoree.dll8

Error: (12/16/2014 01:10:51 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (12/16/2014 00:29:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BrcmCardReader.exe1.0.1.05032b842BrcmCardReader.exe1.0.1.05032b842c00000050000000000005fc434401d018bee892906aC:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exeC:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe3b494b22-84b2-11e4-834f-b888e3a7d574

Error: (12/16/2014 00:29:11 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (12/14/2014 04:55:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BrcmCardReader.exe1.0.1.05032b842BrcmCardReader.exe1.0.1.05032b842c00000050000000000005fc47b401d01751c06402bdC:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exeC:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe1bf6346f-8345-11e4-834e-689423ba5927


CodeIntegrity Errors:
===================================
  Date: 2014-12-16 02:40:02.940
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-16 02:12:58.129
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-16 02:00:04.608
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-16 01:52:52.621
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-16 00:34:23.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 06:19:44.073
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 04:57:17.310
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 04:47:15.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 04:41:29.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 03:59:22.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 28%
Total physical RAM: 8007.27 MB
Available physical RAM: 5700.36 MB
Total Pagefile: 9223.27 MB
Available Pagefile: 6623.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:447.19 GB) (Free:324.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 995A3963)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Miniaturansicht angehängter Grafiken
Trojaner an Bord-problem2.jpg  
Angehängte Grafiken
Dateityp: jpg Problem.jpg (66,7 KB, 187x aufgerufen)

Geändert von herzmensch (16.12.2014 um 03:21 Uhr)

Alt 16.12.2014, 07:24   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner an Bord - Standard

Trojaner an Bord



hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 17.12.2014, 01:10   #3
herzmensch
 
Trojaner an Bord - Standard

Trojaner an Bord



Hallo Schrauben

Vielen herzlichen Dank für deine Antwort.

Ich habe alle Programme laufen lassen. Bei dem letzten, ist der Pc, als es lief, viel schneller gelaufen, wie früher. Allerdings kam von Comodo wieder die Alarmanzeige des Trojaners. Leider hat das letzte Programm, in der Suche selbst, dreimal eine Datei im Temp Ordner nicht gefunden und hat dann einfach beendet ohne eine txt Datei zu hinterlassen. Die anderen Log's:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 14.12.2014
Suchlauf-Zeit: 04:02:37
Logdatei: Malware.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.14.01
Rootkit Datenbank: v2014.12.08.03
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Alexander

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 368773
Verstrichene Zeit: 33 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-2127761620-263245445-1561870019-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [5b6c6af6790393a3d8ba183822e1718f], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         


Code:
ATTFilter
# AdwCleaner v4.105 - Bericht erstellt am 16/12/2014 um 13:25:48
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-13.4 [Live]
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Alexander - HEARD
# Gestartet von : C:\Users\Alexander\Downloads\AdwCleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****

[x] Nicht Gelöscht : AddonsHelper

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\DNSErrorHelper
[x] Nicht Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9B6B03F1-16CF-4491-BBBB-E872802DD717}
[x] Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07E9E396-7F33-44E7-B066-CBF21B021CF4}
[x] Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{27E1DED4-EDB0-4E4B-A13B-DDA98E3E4F13}
[x] Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2EECB4C1-B310-4039-9372-94D19751826A}
[x] Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9D669AE8-B88C-4384-ABF2-1109999D6FD6}
[x] Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A1CC19AC-9555-47FB-825C-DDC4F5F09D55}
[x] Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A56517D7-41EA-4EA0-9F4C-715CB3AF232C}
[x] Nicht Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{07E9E396-7F33-44E7-B066-CBF21B021CF4}
[x] Nicht Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{27E1DED4-EDB0-4E4B-A13B-DDA98E3E4F13}
[x] Nicht Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2EECB4C1-B310-4039-9372-94D19751826A}
[x] Nicht Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9D669AE8-B88C-4384-ABF2-1109999D6FD6}
[x] Nicht Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A1CC19AC-9555-47FB-825C-DDC4F5F09D55}
[x] Nicht Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A56517D7-41EA-4EA0-9F4C-715CB3AF232C}
[x] Nicht Gelöscht : HKCU\Software\Ciuvo
[x] Nicht Gelöscht : HKCU\Software\OCS
[x] Nicht Gelöscht : [x64] HKCU\Software\Ciuvo
[x] Nicht Gelöscht : [x64] HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Mozilla Firefox v34.0.5 (x86 de)


-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [2659 octets] - [16/12/2014 13:23:07]
AdwCleaner[S0].txt - [2555 octets] - [16/12/2014 13:25:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2615 octets] ##########
         
__________________

Alt 17.12.2014, 20:26   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner an Bord - Standard

Trojaner an Bord




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.12.2014, 11:26   #5
herzmensch
 
Trojaner an Bord - Standard

Trojaner an Bord



Hallo Schrauber

Herzlichen Dank für deine Hilfe.

Hier sind die Log's:


Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop      
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Adobe Flash Player 	15.0.0.239 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Comodo Firewall cmdagent.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6314ea317b2fec46bd21246b3350b8b0
# engine=21620
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-18 10:30:58
# local_time=2014-12-18 11:30:58 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 7098 2124458 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 84 22045 64563680 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 15202549 26348338 0 0
# scanned=273663
# found=0
# cleaned=0
# scan_time=6901
         
Ich glaube nicht, dass ich noch Probleme habe, was sagst du anhand der Log's? Welche Tipps würdest du mir geben?

Mit herzlichen Grüssen herzmensch

Hallo

Also nach den Scans kamen verschiedene Probleme. Ich müsste Windows neu aktivieren und dies geht nicht mehr. Ich musste Office neu aktivieren. Warum das?

Mit besten Grüssen

herzmensch


Alt 19.12.2014, 22:45   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner an Bord - Standard

Trojaner an Bord



Das hat nix mit den Scans zu tun sondern mt der Malware. Das frische FRST log fehlt noch.
__________________
--> Trojaner an Bord

Alt 20.12.2014, 02:12   #7
herzmensch
 
Trojaner an Bord - Standard

Trojaner an Bord



Hallo Schrauber

Ausserdem ist der Computer beim Start immer noch sehr langsam.

Hier die Log's:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Alexander (administrator) on HEARD on 20-12-2014 02:09:20
Running from C:\Users\Alexander\Downloads
Loaded Profiles: UpdatusUser & Alexander (Available profiles: UpdatusUser & Alexander)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions Inc.) C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\KillSwitch.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Microsoft Corp.) C:\Windows\System32\Defrag.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [gbrspcontrol] => C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [1851088 2012-11-26] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GBMLite8AgentLaCie] => C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe [189056 2008-09-18] (Genie-soft)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-12-14] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-12-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\Run: [GBMLite8AgentLaCie] => C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe [189056 2008-09-18] (Genie-soft)
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\Run: [LaCie Backup] => C:\Program Files (x86)\LaCie\Backup Software\\LaCieBackup.exe [2600960 2007-12-03] (LaCie SA)
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\RunOnce: [Uninstall C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\RunOnce: [Uninstall C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cardisabled ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2127761620-263245445-1561870019-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM-x32 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2127761620-263245445-1561870019-1002 -> {9E31384B-B8C1-47E9-90D3-F47C2C92E743} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3E66DC7E-1DDF-4498-AC18-B67AAEC37C10}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{54D06BD9-5899-4B7A-9B9B-7B096776C8DA}: [NameServer] 156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084
FF Homepage: https://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{182819A4-76E1-4904-B524-57BD97D331FE}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{1ECF327F-9323-4F78-915A-B773D82836B4}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{2F1EFC18-1E34-4556-BFBF-55F9C96AA2B3}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{46684930-0392-4B6A-9D23-9C58CD4D3695}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{DBA6F414-2532-49D1-96E0-38227CAB4E68}.xml
FF SearchPlugin: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\searchplugins\{E570FFCE-FBB6-4C39-B969-0B13BC7ADC96}.xml
FF Extension: German Dictionary - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-10]
FF Extension: Facebook Blocker - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\Extensions\info@skymeissner.com.xpi [2014-01-13]
FF Extension: Adblock Plus - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\wc7cs1hd.default-1389625126084\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-13]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-14] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-12-14] (Avira Operations GmbH & Co. KG)
S2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-21] (Broadcom Corp.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe [70352 2012-12-19] (Comodo Security Solutions Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [1851088 2012-11-26] (Comodo Security Solutions, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-06] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-12-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-12-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-12-14] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [40224 2012-09-21] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2014-12-09] (COMODO)
R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [35080 2014-12-09] (COMODO)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2014-12-09] (COMODO)
S0 jllwdb; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-06] (Dritek System Inc.)
S0 tvelms; No ImagePath
S0 vhjrap; No ImagePath
S0 wjtvys; No ImagePath
S0 zedltn; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 02:09 - 2014-12-20 02:09 - 00020624 _____ () C:\Users\Alexander\Downloads\FRST.txt
2014-12-20 02:08 - 2014-12-20 02:08 - 02121216 _____ (Farbar) C:\Users\Alexander\Downloads\FRST64.exe
2014-12-19 11:07 - 2014-12-19 11:07 - 00319296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-19 00:25 - 2014-12-19 00:25 - 00852505 _____ () C:\Users\Alexander\Downloads\SecurityCheck.exe
2014-12-18 21:33 - 2014-12-18 21:33 - 02347384 _____ (ESET) C:\Users\Alexander\Downloads\esetsmartinstaller_deu.exe
2014-12-17 01:03 - 2014-12-17 01:03 - 00116216 _____ () C:\Users\Alexander\AppData\Local\recently-used.xbel
2014-12-17 00:50 - 2014-12-17 00:50 - 01707646 _____ (Thisisu) C:\Users\Alexander\Downloads\JRT.exe
2014-12-17 00:50 - 2014-12-17 00:50 - 00000000 ____D () C:\Windows\ERUNT
2014-12-16 13:26 - 2014-12-20 01:46 - 00107142 _____ () C:\Windows\PFRO.log
2014-12-16 13:19 - 2014-12-16 13:25 - 00000000 ____D () C:\AdwCleaner
2014-12-16 13:01 - 2014-12-16 13:00 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-12-16 02:49 - 2014-12-20 02:09 - 00000000 ____D () C:\FRST
2014-12-16 02:48 - 2014-12-16 02:48 - 00000000 _____ () C:\Users\Alexander\defogger_reenable
2014-12-16 02:30 - 2014-12-14 01:14 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-16 02:30 - 2014-12-14 01:14 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-14 05:07 - 2014-12-14 05:07 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Avira
2014-12-14 04:59 - 2014-12-14 05:00 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-14 04:59 - 2014-12-14 05:00 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-14 04:59 - 2014-12-14 05:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-14 04:52 - 2014-12-14 05:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-14 04:52 - 2014-12-14 04:59 - 00000000 ____D () C:\ProgramData\Avira
2014-12-14 04:52 - 2014-12-14 04:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-14 04:52 - 2014-12-14 04:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-14 03:33 - 2014-12-20 01:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-14 03:32 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-14 03:32 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-14 03:32 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-14 03:30 - 2014-12-14 03:30 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Alexander\Downloads\avira_de_av_5711525820__ws.exe
2014-12-14 02:49 - 2014-12-14 02:49 - 00000295 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (5).lnk
2014-12-14 02:49 - 2014-12-14 02:49 - 00000295 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (4).lnk
2014-12-14 02:47 - 2014-12-14 02:47 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Alexander\Downloads\avira_de_av___ws.exe
2014-12-14 01:47 - 2014-12-14 03:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-14 01:47 - 2014-12-14 01:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-14 01:20 - 2014-12-14 01:20 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-12-14 01:20 - 2014-12-14 01:20 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-14 01:20 - 2014-12-14 01:20 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-14 01:20 - 2014-12-14 01:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-12-14 01:20 - 2014-12-14 01:20 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-14 01:19 - 2014-12-14 01:19 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-14 01:18 - 2014-12-14 01:18 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-12-14 01:18 - 2014-12-14 01:18 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-12-14 01:18 - 2014-12-14 01:18 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-14 01:18 - 2014-12-14 01:18 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-14 01:16 - 2014-12-14 01:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-14 01:16 - 2014-12-14 01:16 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-14 01:16 - 2014-12-14 01:16 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-14 01:16 - 2014-12-14 01:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-14 01:16 - 2014-11-21 08:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-14 01:16 - 2014-11-21 07:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-14 01:15 - 2014-12-14 01:15 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 01125376 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-14 01:15 - 2014-12-14 01:15 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-14 01:15 - 2014-12-14 01:15 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-14 01:15 - 2014-12-14 01:15 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-14 01:14 - 2014-12-14 01:14 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-14 01:14 - 2014-12-14 01:14 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-14 01:14 - 2014-12-14 01:14 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-14 01:14 - 2014-12-14 01:14 - 00510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-14 01:13 - 2014-12-14 01:13 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-13 16:12 - 2014-12-13 16:12 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-13 16:12 - 2014-12-13 16:12 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-13 16:12 - 2014-12-13 16:12 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-13 16:12 - 2014-12-13 16:12 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-13 15:43 - 2014-12-18 23:53 - 01972757 _____ () C:\Windows\WindowsUpdate.log
2014-12-12 15:32 - 2014-12-14 02:19 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Cliqz
2014-12-01 17:01 - 2014-12-14 03:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-25 23:53 - 2014-12-14 02:08 - 122762488 _____ (Microsoft Corporation) C:\Users\Alexander\Downloads\msert(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-20 02:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-12-20 01:47 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-19 11:24 - 2013-02-19 19:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-19 11:06 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-12-19 11:06 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-19 11:06 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-19 11:06 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-12-19 11:06 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-19 11:06 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-19 00:45 - 2013-05-29 12:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-19 00:42 - 2012-11-06 09:39 - 01000944 _____ () C:\Windows\system32\perfh007.dat
2014-12-19 00:42 - 2012-11-06 09:39 - 00236448 _____ () C:\Windows\system32\perfc007.dat
2014-12-19 00:42 - 2012-07-26 08:28 - 02090630 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-18 23:33 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-12-18 22:33 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-17 01:03 - 2013-02-16 19:01 - 00000000 ____D () C:\Users\Alexander\.gimp-2.8
2014-12-17 00:57 - 2014-10-30 04:00 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-12-17 00:57 - 2014-10-30 04:00 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-12-17 00:57 - 2014-10-30 02:49 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-12-17 00:57 - 2014-10-30 02:49 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2014-12-16 02:48 - 2013-02-13 00:31 - 00000000 ____D () C:\Users\Alexander
2014-12-16 02:24 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-16 02:21 - 2013-02-13 07:18 - 00000000 ____D () C:\Users\Alexander\AppData\Local\CrashDumps
2014-12-14 04:41 - 2013-08-18 13:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-14 04:35 - 2014-03-06 15:01 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-14 04:35 - 2013-02-15 18:41 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-14 03:59 - 2013-04-12 10:44 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-12-14 02:52 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-14 02:28 - 2014-07-10 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-14 02:28 - 2012-07-26 06:37 - 00000000 ____D () C:\Windows\servicing
2014-12-14 02:27 - 2012-07-26 09:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-14 02:27 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\setup
2014-12-14 02:26 - 2014-03-09 10:33 - 00000000 ____D () C:\Users\Public\CyberLink
2014-12-14 02:26 - 2013-12-25 12:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-14 02:26 - 2013-06-25 14:41 - 00000000 ____D () C:\Users\Alexander\AppData\Local\clear.fi
2014-12-14 02:26 - 2013-06-11 22:21 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\RegCool
2014-12-14 02:26 - 2013-02-16 19:02 - 00000000 ____D () C:\ProgramData\MGTEK
2014-12-14 02:26 - 2012-11-06 09:37 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-12-14 02:26 - 2012-09-03 12:19 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-14 02:23 - 2014-07-10 15:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-14 02:23 - 2013-02-18 13:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-14 02:09 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\registration
2014-12-13 15:43 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-12-12 20:23 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-09 01:20 - 2013-01-24 21:43 - 00437792 _____ (COMODO) C:\Windows\system32\guard64.dll
2014-12-09 01:20 - 2013-01-24 21:43 - 00352272 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2014-12-09 01:20 - 2013-01-24 21:43 - 00040736 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2014-12-09 01:20 - 2013-01-24 21:42 - 00354520 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2014-12-09 01:20 - 2013-01-24 21:42 - 00286424 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2014-12-09 01:20 - 2013-01-24 21:42 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2014-12-09 01:20 - 2013-01-24 21:42 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2014-12-09 01:20 - 2013-01-16 18:51 - 00807568 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2014-12-09 01:20 - 2013-01-16 18:51 - 00126208 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2014-12-09 01:20 - 2013-01-16 18:51 - 00035080 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2014-12-09 01:20 - 2013-01-16 18:51 - 00020184 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2014-12-06 16:22 - 2014-10-16 21:34 - 00000000 ____D () C:\Users\Alexander\Documents\Uhrensammlung
2014-12-03 10:54 - 2013-02-18 17:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-28 12:45 - 2013-02-13 00:59 - 00000000 ____D () C:\Users\Alexander\Documents\Schätzäli
2014-11-26 01:45 - 2013-02-13 00:38 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2127761620-263245445-1561870019-1002
2014-11-25 23:09 - 2014-08-28 21:49 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Adobe
2014-11-25 23:09 - 2013-11-08 22:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-25 23:08 - 2013-07-01 17:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-25 23:08 - 2013-02-19 19:44 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 23:06 - 2014-08-19 14:33 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-25 23:06 - 2014-08-19 14:33 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-25 23:06 - 2014-08-19 14:33 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-25 23:06 - 2014-08-19 14:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-25 23:06 - 2013-11-08 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

Some content of TEMP:
====================
C:\Users\Alexander\AppData\Local\Temp\avgnt.exe
C:\Users\Alexander\AppData\Local\Temp\Quarantine.exe
C:\Users\Alexander\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-20 02:04

==================== End Of Log ============================
         
--- --- ---




Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Alexander at 2014-12-20 02:10:20
Running from C:\Users\Alexander\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.2308 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.03.2004.0 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.03.2004.0 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP495 series Benutzerregistrierung (HKLM-x32\...\Canon MP495 series Benutzerregistrierung) (Version:  - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.3 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
COMODO Internet Security (HKLM\...\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}) (Version: 6.0.2566.2708 - COMODO Security Solutions Inc.)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.)
GeekBuddy (HKLM-x32\...\{43C0CACD-F9A8-4F17-A84C-0A203B2BAE6D}) (Version: 4.3.43 - Comodo Security Solutions Inc)
Genie Backup Assistant (HKLM-x32\...\{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1) (Version: 8.0.364.534 - LaCie)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
HDR Projects platin Demo (64-Bit) (HKLM\...\HDR Projects platin Demo_is1) (Version: 1.21 - Franzis Verlag GmbH)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LaCie Backup Software v1.7.2893 (HKLM-x32\...\{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}) (Version: 1.7.2893 - LaCie SA)
LaCie Desktop Manager 2.1.3 (HKLM-x32\...\{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1) (Version: 2.1.3 - LaCie)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2127761620-263245445-1561870019-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

14-12-2014 01:02:10 Installed QuickTime 7
14-12-2014 01:58:47 Wiederherstellungsvorgang
18-12-2014 22:07:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2013-12-25 14:02 - 00450639 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {056DC531-D794-4391-8A6B-C16C472DDC28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {234A859C-628E-4A7E-8DE0-F23C1E39B138} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {3B04812C-632E-440A-9B5B-B3AEF5B353AF} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {4C3D05D0-A663-40D6-AE59-81AC0F0C8B67} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {4EAAD0BE-A9FD-4C86-8039-D3D783CFF813} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-14] (Microsoft Corporation)
Task: {50C7FABB-61BA-4DF8-9B14-D767BFE59CFC} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {5538C073-B43E-4D37-80E1-F594E51B8DBD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {82A33F17-1025-4A07-894B-EE94FA7B0192} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {B7FF15ED-EA7E-4BD3-861B-A8B8547E91C3} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {C29914B2-FB69-4A6D-ADCA-C1C36A633DD5} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {C341B950-78E9-4675-92A8-24B8C322BA0D} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {E1B232EC-44E8-4A4C-974B-D2ECB59CF591} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {E3A2E92C-8A5E-469E-83FB-DFCC1F111F33} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {FAEE2106-6E18-441D-B4F9-B75652015D4B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 ____N () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-11-06 09:03 - 2013-08-29 23:43 - 00097568 ____N () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-20 19:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-02-12 18:06 - 2013-01-22 21:41 - 00093768 ____N () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2012-09-03 12:50 - 2012-08-08 16:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-22 23:04 - 2012-08-22 23:04 - 00044176 ____N () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2013-11-08 22:33 - 2013-10-19 01:07 - 00271280 ____N () C:\Program Files\COMODO\COMODO Internet Security\themes\CCE.THEME
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-06 09:11 - 2012-06-25 18:41 - 01198912 ____N () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-14 03:41 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp100.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcr100.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcr120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tssdisai.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp100.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcr100.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcr120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avgntflt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avipbb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avkmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Users\Alexander\Downloads\esetsmartinstaller_deu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Alexander\Downloads\esetsmartinstaller_deu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Alexander\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Alexander\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Alexander\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Alexander\Downloads\msert(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Alexander\Downloads\SecurityCheck.exe:$CmdTcID
AlternateDataStreams: C:\Users\Alexander\Downloads\SecurityCheck.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: TapiSrv => 3
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "gbrspcontrol"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "GBMLite8AgentLaCie"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "Uninstall C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "Uninstall C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "GBMLite8AgentLaCie"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "LaCie Desktop Manager 2 Startup"
HKU\S-1-5-21-2127761620-263245445-1561870019-1002\...\StartupApproved\Run: => "LaCie Backup"

========================= Accounts: ==========================

Administrator (S-1-5-21-2127761620-263245445-1561870019-500 - Administrator - Disabled)
Alexander (S-1-5-21-2127761620-263245445-1561870019-1002 - Administrator - Enabled) => C:\Users\Alexander
Gast (S-1-5-21-2127761620-263245445-1561870019-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2127761620-263245445-1561870019-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microphone (Realtek High Definition Audio)
Description: Audioendpunkt
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HD WebCam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/20/2014 02:03:27 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\Windows\System32\perfproc.dll0

Error: (12/20/2014 02:03:15 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (12/20/2014 01:51:41 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0x80070005
6.2.9200.16693

Error: (12/20/2014 01:51:40 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0x80070005
6.2.9200.16693

Error: (12/20/2014 01:51:38 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0x80070005
6.2.9200.16693

Error: (12/20/2014 01:51:36 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0x80070005
6.2.9200.16693

Error: (12/20/2014 01:51:21 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0x80070005
6.2.9200.16693

Error: (12/20/2014 01:51:19 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts.  0x80070005
6.2.9200.16693

Error: (12/20/2014 01:47:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Name des fehlerhaften Moduls: BrcmCardReader.exe, Version: 1.0.1.0, Zeitstempel: 0x5032b842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005fc4
ID des fehlerhaften Prozesses: 0x5c4
Startzeit der fehlerhaften Anwendung: 0xBrcmCardReader.exe0
Pfad der fehlerhaften Anwendung: BrcmCardReader.exe1
Pfad des fehlerhaften Moduls: BrcmCardReader.exe2
Berichtskennung: BrcmCardReader.exe3
Vollständiger Name des fehlerhaften Pakets: BrcmCardReader.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BrcmCardReader.exe5

Error: (12/20/2014 01:47:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IScheduleSvc.exe, Version: 4.0.0.71, Zeitstempel: 0x50937dbe
Name des fehlerhaften Moduls: ISchedule.DLL, Version: 4.0.0.71, Zeitstempel: 0x50937d98
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000372f
ID des fehlerhaften Prozesses: 0xa20
Startzeit der fehlerhaften Anwendung: 0xIScheduleSvc.exe0
Pfad der fehlerhaften Anwendung: IScheduleSvc.exe1
Pfad des fehlerhaften Moduls: IScheduleSvc.exe2
Berichtskennung: IScheduleSvc.exe3
Vollständiger Name des fehlerhaften Pakets: IScheduleSvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IScheduleSvc.exe5


System errors:
=============
Error: (12/20/2014 01:51:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: 
%%5

Error: (12/20/2014 01:51:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: 
%%5

Error: (12/20/2014 01:51:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: 
%%5

Error: (12/20/2014 01:51:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: 
%%5

Error: (12/20/2014 01:51:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: 
%%5

Error: (12/20/2014 01:51:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: 
%%5

Error: (12/20/2014 01:49:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NTI IScheduleSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/20/2014 01:49:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Broadcom Card Reader Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/19/2014 11:16:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: 
%%5

Error: (12/19/2014 11:16:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet: 
%%5


Microsoft Office Sessions:
=========================
Error: (12/20/2014 02:03:27 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\Windows\System32\perfproc.dll0

Error: (12/20/2014 02:03:15 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (12/20/2014 01:51:41 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693

Error: (12/20/2014 01:51:40 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693

Error: (12/20/2014 01:51:38 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693

Error: (12/20/2014 01:51:36 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693

Error: (12/20/2014 01:51:21 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693

Error: (12/20/2014 01:51:19 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693

Error: (12/20/2014 01:47:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BrcmCardReader.exe1.0.1.05032b842BrcmCardReader.exe1.0.1.05032b842c00000050000000000005fc45c401d01bee7d0783c5C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exeC:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exec8d2aa5d-87e1-11e4-835d-b888e3a7d574

Error: (12/20/2014 01:47:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IScheduleSvc.exe4.0.0.7150937dbeISchedule.DLL4.0.0.7150937d98c00000050000372fa2001d01bee7ebe39cdC:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exeC:\Program Files (x86)\NTI\Acer Backup Manager\ISchedule.DLLc7d5ec57-87e1-11e4-835d-b888e3a7d574


CodeIntegrity Errors:
===================================
  Date: 2014-12-20 01:58:26.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-19 11:25:26.933
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-19 11:16:35.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-19 02:48:34.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-19 02:04:45.387
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-19 00:21:52.203
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-18 21:28:46.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-18 09:49:07.911
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-17 21:33:48.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-17 09:38:11.532
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 32%
Total physical RAM: 8007.27 MB
Available physical RAM: 5378.14 MB
Total Pagefile: 9223.27 MB
Available Pagefile: 5953.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:447.19 GB) (Free:325.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 995A3963)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 20.12.2014, 21:13   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner an Bord - Standard

Trojaner an Bord



Gewusst wie: Durchführen eines sauberen Neustarts in Windows

Bitte einen Clean Boot machen. Wenn das Problem dann weg ist, einzeln wieder Dienste aktivieren, dazwischen immer einen Reboot machen. Solange bis Du weißt welcher Dienst die Probleme macht.

Diesen dann hier benennen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.03.2015, 21:24   #9
herzmensch
 
Trojaner an Bord - Standard

Trojaner an Bord



Hallo

Denn Clean Boot habe ich gemacht und die Programme wieder aktiviert. Kam nicht's heraus. Der Pc jedoch verselbständigt sich immer mehr. Z. T. habe ich beim Email schreiben keinen Zugriff mehr auf die Zahlen auf meiner Tastatur, z. T. makiert der Pc, wie gerade jetzt, einfach sachen und fügt Dinge ein. An was liegt das? Mailwarebytes hat nicht's gefunden. Log von Avira zeigt mir folgendes an:

Beginne mit der Suche in 'C:\' <Acer>
C:\$Windows.~BT\Sources\SetupHost.exe
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\ProgramData\Comodo\Cis\Quarantine\Temp\cmdinstall.exe_15-01-05_01.05.51.log.7z
[WARNUNG] Zu wenig Speicher! Die Datei wurde nicht durchsucht!
C:\ProgramData\Comodo\Cis\Quarantine\Temp\cmdinstall.exe_15-02-07_00.09.19.log.7z
[WARNUNG] Zu wenig Speicher! Die Datei wurde nicht durchsucht!
C:\Windows\System32\Magnify.exe
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\wbem\unsecapp.exe
[WARNUNG] Die Datei konnte nicht geöffnet werden!

Ich habe jetzt die Datei unsecapp.exe mit dem unlocker gelöscht, da ich keinen Zugriff bekommen konnte egal was ich gemacht habe. Ausserdem habe ich noch einen Ordner mit einer Datei gelöscht, zu der ich keinerlei Zugriff bekam dies ist: $Windows.~BT. Darin ist ein weiterer Unterordner Sources und darin die Datei: SetupHost die keinerlei Beschreibungen hat.

Ich bitte um Hilfe.

Alt 20.03.2015, 06:45   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner an Bord - Standard

Trojaner an Bord



Das sind alles keine Funde. Entweder ist WIndows verbogen oder mit der Hardware/Treibern ist was.

  • Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
  • Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
  • Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
  • Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
  • Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
  • Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Trojaner an Bord
alternate, antivir, antivirus, association, avgntflt.sys, avira, bildschirm, desktop, failed, farbar, firefox, flash player, helper, home, homepage, installation, local\temp, mozilla, onedrive, realtek, registry, scan, schwarzer bildschirm, security, software, start menu, svchost.exe, system, trojaner, usb, warnung, windows



Ähnliche Themen: Trojaner an Bord


  1. Trojaner an Bord....
    Plagegeister aller Art und deren Bekämpfung - 01.02.2014 (19)
  2. Trojaner an Bord: searchnu 406
    Log-Analyse und Auswertung - 19.04.2013 (12)
  3. GVU Trojaner an bord :-(
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (23)
  4. Ein Trojaner an Bord?
    Plagegeister aller Art und deren Bekämpfung - 28.03.2011 (28)
  5. Trojaner an bord
    Log-Analyse und Auswertung - 28.02.2010 (1)
  6. Trojaner an Bord
    Log-Analyse und Auswertung - 13.03.2009 (4)
  7. Trojaner on bord
    Plagegeister aller Art und deren Bekämpfung - 29.01.2009 (0)
  8. Trojaner an Bord
    Plagegeister aller Art und deren Bekämpfung - 08.01.2009 (1)
  9. 5 Trojaner an Bord
    Mülltonne - 19.10.2008 (0)
  10. Trojaner an Bord ?
    Mülltonne - 24.08.2008 (0)
  11. Trojaner an Bord, was nun?
    Plagegeister aller Art und deren Bekämpfung - 16.06.2008 (4)
  12. Trojaner an Bord?
    Plagegeister aller Art und deren Bekämpfung - 31.10.2006 (4)
  13. Trojaner an Bord
    Plagegeister aller Art und deren Bekämpfung - 05.02.2006 (1)
  14. Trojaner an Bord
    Log-Analyse und Auswertung - 17.01.2005 (3)
  15. Trojaner an Bord...
    Plagegeister aller Art und deren Bekämpfung - 17.01.2005 (3)
  16. Trojaner an Bord???
    Log-Analyse und Auswertung - 10.08.2004 (1)
  17. Trojaner an Bord?
    Plagegeister aller Art und deren Bekämpfung - 24.02.2003 (8)

Zum Thema Trojaner an Bord - Liebe Mitglieder Ich hatte vor kurzem vom meiner Firewall (Comodo) eine Warnung bezüglich eines Trojaners. Mit diesem Trojaner (Bild2) kamen verschiedene Meldungen, ich solle dies und das erlauben (Siehe Bild). - Trojaner an Bord...
Archiv
Du betrachtest: Trojaner an Bord auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.