Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.03.2015, 11:52   #1
ManniLundgre
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Icon21

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



Guten Tag liebe Helfer,

ich habe seit einigen Wochen verdächtige Aktivitäten folgender Dateien bemerkt:
  • cmd.exe
  • conhost.exe
  • msiexec.exe

Gelegentlich scheinen zufällige Anwendungen laut meinem proaktiven Schutz von Comodo die Rechte für die Internet-Zone in der Registry modifizieren zu wollen.
Dies geschieht stets ohne ersichtlichen Grund und war in der Vergangenheit, bevor mir diese verdächtigen Aktivitäten auffielen, nicht der Fall.

Nun zum Kern des Ganzen:

Die verdächtige Aktivität fiel mir vor einigen Wochen auf, als ich gerade ein PDF im Acrobat Reader las und das Festplatten-LED permanent an war. Zuerst habe ich mir nichts dabei gedacht - ich nahm an, es handle sich evtl. um einen Windows-Prozess, der im Hintergrund Dateien indizierte oder die Festplatte defragmentierte oder so etwas. Als es aber so heftig wurde, dass der PDF Reader kaum noch regierte, sah ich mir den Task Manager genauer an.

4 oder 5 mal war die cmd.exe gestartet, mehr oder weniger passend dazu die conhost.exe (ja, es gab eine zahlenmäßige Abweichung), einige der cmd.exe-Instanzen hatten 25% CPU-Last, genauso eine der conhost.exe-Instanzen. Auch die msiexec.exe war 4-5 Mal gestartet und eine hatte annährend die restlichen 25% CPU-Leistung für sich beansprucht.

Beenden der Prozesse hatte nur zur Folge, dass diese sich immer neu starteten. Meist sofort, manchmal nach 5 - 30 Minuten.

Ich machte einen Vollscan mit dem Antivirus-Part von Comodo Internet Security. Fehlanzeige, es war angeblich alles in Ordnung.
Also wiederholte ich den Scan im abgesicherten Modus. Wieder Fehlanzeige.

Seitdem habe ich versucht das System mit Multi AV zu scannen, doch Sophos startet nicht, nachdem man im Menü auswählen kann ob die ganze HDD oder nur bestimmte Verzeichnisse gescannt werden sollen. Auch Trend-Micro und McAffee lassen sich nicht starten, ja nicht einmal downloaden, da z.B. die pattern.txt nicht gelesen werden kann, direkt nachdem diese von Multi AV angeblich heruntergeladen wurde. Klingt für mich nach Blockade-Taktik eines Rootkits oder ähnlichem.

Folgende merkwürdige Eigenarten sind mir aber deutlich aufgefallen:
  • wenn ich die cmd.exe ausführe, funktioniert alles wie erwartet, allerdings *muss* ich die Instanz mit 'exit' beenden, denn klicke ich rechts oben auf das 'X', geschieht merkwürdiger weise einfach nichts
  • die Anzahl der conhost.exe-Instanzen entspricht meist nicht der Anzahl der cmd.exe-Instanzen (ich weiß nicht, ob das etwas zu bedeuten hat)
  • schalte ich mit einem in den Laptop physisch integrierten Schalter die WLAN-Verbindung (einzige aktive Netzwerkverbindung) aus, beenden sich sofort alle verdächtigen cmd.exe, conhost.exe, msiexec.exe usw, die CPU-Last ist wieder normal und das HDD-LED ist aus
  • schalte ich diesen physischen Schalter wieder an, geht der Spuk sofort wieder von vorne los, allerdings erst, sobald der Laptop sich mit meinem WLAN verbunden hat (äußerst verdächtig!!!)

Bitte helft mir, lieber Helfer!! Ich weiß nicht mehr, was ich noch machen soll. Mir ist klar, dass wahrscheinlich eine Neuinstallation das klügste wäre, aber das kommt in diesem Fall leider nicht in Frage. Das hat persönliche Gründe. Mir ist klar, dass ich evtl. nachdem dieses Problem hier gelöst worden ist, nicht 100%ig sicher sein kann, dass nicht doch etwas kompromitiert worden ist, aber das ist für mich akzeptabel.

Ich hoffe wirklich sehr, dass ihr mir helfen könnt!

Euer verzweifelter Manni

P.S.: Hier die Logs:

Das GMER-Log muss ich leider anhängen, da es zu lang für dieses Forum ist.

defogger_disable.log

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:03 on 30/03/2015 (manni)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled

-=E.O.F=-
         
FRST.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by manni (administrator) on CL2157 on 30-03-2015 11:05:43
Running from C:\Users\manni\Downloads
Loaded Profiles: UpdatusUser & manni (Available profiles: UpdatusUser & manni)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(IBM Corporation) C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqsvc.exe
() C:\xampp\mysql\bin\mysqld.exe
(IBM Corporation) C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqmsrvn.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Users\manni\Desktop\Dokumente\Urlaub\saved\temp\USB Drive Letter Manager 4.7.1.0 (64bit)\USBDLM.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Users\manni\Desktop\Dokumente\Urlaub\saved\temp\USB Drive Letter Manager 4.7.1.0 (64bit)\USBDLM_usr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Ruud van Velsen (Microsoft)) C:\AV-CLS\KIX32.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [85832 2011-07-14] (Authentec Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297624 2015-01-30] (COMODO)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {00cb7421-eb16-11e3-8a9c-028037ec0200} - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {3c7e0e39-e1ae-11e3-941f-028037ec0200} - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {3c7e0e4d-e1ae-11e3-941f-028037ec0200} - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {3c7e1151-e1ae-11e3-941f-028037ec0200} - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {5ed62f38-6ef0-11e3-8d40-d709f32aee8c} - E:\LG_PC_Programs.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [239720 2011-08-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [200808 2011-08-13] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-748579090-2159190992-1044474020-1528\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-11-04] (Nuance Communications, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-11] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110506105045.dll [2011-05-06] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-11] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-11-04] (Nuance Communications, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-01-03] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110506105045.dll [2011-05-06] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-01-03] (Oracle Corporation)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 172.19.254.8 172.19.255.8
Tcpip\..\Interfaces\{0C1B94D6-6B87-48A5-9833-0E5CF6E99710}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{D07768AD-8B5F-484B-B192-4289333177A7}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{D8BF7FDA-F50E-4ED2-9181-7D31C682D1AB}: [NameServer] 193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default
FF Homepage: https://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll [2014-03-21] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2014-03-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-11-04] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll [2014-03-21] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [2012-01-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-08-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-08-12] (NVIDIA Corporation)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-11-04] (Nuance Communications, Inc.)
FF Extension: ColorfulTabs - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2015-02-18]
FF Extension: Complete YouTube Saver - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2015-02-18]
FF Extension: DownloadHelper - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-02-18]
FF Extension: YouTube Videos automatisch starten in High Definition (HD) - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\andromeda.nebel@ytautohdde.de.xpi [2015-02-18]
FF Extension: AutoPager - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\autopager@mozilla.org.xpi [2015-02-18]
FF Extension: BatchDownload - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\batchdownload@panshisoft.cn.xpi [2015-02-18]
FF Extension: Copy Urls Expert - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2015-02-18]
FF Extension: FaviconizeTab - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\faviconizetab@espion.just-size.jp.xpi [2015-02-18]
FF Extension: open tab count widget - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\jid0-x24fAzIkLoGDS5vfyNzJuT1Tits@jetpack.xpi [2015-02-18]
FF Extension: Linky - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\linky@gemal.dk.xpi [2015-02-18]
FF Extension: URL Flipper - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\urlflipper@mozilla.ktechcomputing.com.xpi [2015-02-18]
FF Extension: RSS Ticker - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}.xpi [2015-02-18]
FF Extension: RefControl - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2015-02-18]
FF Extension: Page Title Eraser - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{791DB184-BFBA-11DA-9C61-0638DF403F48}.xpi [2015-02-18]
FF Extension: RightToClick - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2015-02-18]
FF Extension: Tab Mix Plus - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-02-18]
FF Extension: DownThemAll! - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-02-18]
FF Extension: Adblock Edge - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-02-18]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60} [2015-02-17]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Profile: C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-23]
CHR Extension: (Nyan Cat Progress Bar for YouTube) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdjaekjkckpdknkfncfnaibkabdcgmkg [2013-04-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-23]
CHR Extension: (Google Search) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-23]
CHR Extension: (FoxyProxy Standard) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2013-04-21]
CHR Extension: (AdBlock) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-12]
CHR Extension: (GWT Developer Plugin) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjpnpmbddbjkfaccnmhnkdgjideieim [2014-07-08]
CHR Extension: (Google Wallet) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Gmail) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-01-30] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-01-30] (COMODO)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151616 2014-11-04] (Nuance Communications, Inc.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-10-08] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-10-08] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [190256 2011-05-06] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-01-12] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [156248 2011-05-06] (McAfee, Inc.)
R2 MQSeriesServices; C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqsvc.exe [80960 2010-08-31] (IBM Corporation)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8158720 2011-09-09] () [File not signed]
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [836904 2007-08-08] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
S2 SkypeUpdate; C:\Users\manni\Desktop\Dokumente\Urlaub\saved\temp\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-03-03] (Microsoft Corporation) [File not signed]
R2 USBDLM; C:\Users\manni\Desktop\Dokumente\Urlaub\saved\temp\USB Drive Letter Manager 4.7.1.0 (64bit)\USBDLM.exe [451560 2012-09-09] (Uwe Sieber - www.uwe-sieber.de) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [X]
S2 OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [X]
S2 SdkBusServerSamSdk; C:\BetaSystems\SamSdk\bin\Wrapper.exe -s C:\BetaSystems\SamSdk\\conf/BusServer.conf

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2015-01-30] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-01-30] (COMODO)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-06-13] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-06-13] (Ericsson AB)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-01-30] (COMODO)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [153952 2011-05-06] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [217696 2011-05-06] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [607152 2011-05-06] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [97960 2011-05-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281544 2011-05-06] (McAfee, Inc.)
S3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [19968 2013-03-04] (Razer USA Ltd)
S3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [24576 2013-03-04] (Razer USA Ltd)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2012-10-27] (Duplex Secure Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)
S3 NETw5s64; system32\DRIVERS\NETw5s64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 11:05 - 2015-03-30 11:06 - 00030965 _____ () C:\Users\manni\Downloads\FRST.txt
2015-03-30 11:05 - 2015-03-30 11:05 - 02095616 _____ (Farbar) C:\Users\manni\Downloads\FRST64.exe
2015-03-30 11:05 - 2015-03-30 11:05 - 00000000 ____D () C:\FRST
2015-03-30 11:03 - 2015-03-30 11:03 - 00000502 _____ () C:\Users\manni\Downloads\defogger_disable.log
2015-03-30 11:03 - 2015-03-30 11:03 - 00000020 _____ () C:\Users\manni\defogger_reenable
2015-03-30 11:02 - 2015-03-30 11:02 - 00050477 _____ () C:\Users\manni\Downloads\Defogger.exe
2015-03-30 09:06 - 2007-02-18 20:00 - 00001688 _____ () C:\Windows\SysWOW64\autoexec.bak
2015-03-30 09:05 - 2015-03-30 09:58 - 00000000 ____D () C:\AV-CLS
2015-03-26 11:00 - 2015-03-26 11:00 - 00000000 ____D () C:\Users\manni\AppData\Local\Colossal Order
2015-03-26 10:59 - 2015-03-26 10:59 - 00000000 ____D () C:\Users\manni\AppData\Roaming\Steam
2015-03-02 14:10 - 2015-03-02 14:10 - 00000808 _____ () C:\Users\manni\Desktop\OrbWeaver.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 11:06 - 2011-05-06 11:09 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-03-30 11:04 - 2012-01-02 16:08 - 00004308 _____ () C:\Windows\system32\Notepad2.ini
2015-03-30 11:03 - 2011-12-20 14:44 - 00000000 ____D () C:\Users\manni
2015-03-30 10:55 - 2011-05-06 11:09 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-03-30 10:39 - 2014-10-19 09:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-30 10:35 - 2011-12-20 01:00 - 01051008 _____ () C:\Windows\WindowsUpdate.log
2015-03-30 10:34 - 2009-07-14 06:51 - 00021277 _____ () C:\Windows\setupact.log
2015-03-30 09:57 - 2014-12-23 18:05 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-03-30 09:52 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-30 09:52 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-30 09:51 - 2010-11-21 08:21 - 00851666 _____ () C:\Windows\system32\perfh007.dat
2015-03-30 09:51 - 2010-11-21 08:21 - 00198464 _____ () C:\Windows\system32\perfc007.dat
2015-03-30 09:51 - 2009-07-14 07:13 - 01827172 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-30 09:42 - 2012-10-02 10:54 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-30 09:41 - 2011-12-20 12:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-30 09:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-30 09:03 - 2014-03-19 12:00 - 00000000 ____D () C:\Temp
2015-03-30 08:58 - 2013-07-16 13:35 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-03-30 08:53 - 2012-04-24 13:30 - 00002046 ____H () C:\Users\manni\Documents\Default.rdp
2015-03-27 20:56 - 2013-06-10 12:10 - 00000000 ____D () C:\Windows\Minidump
2015-03-27 20:56 - 2011-12-20 00:57 - 00343101 ____N () C:\Windows\Minidump\032715-38454-01.dmp
2015-03-26 10:57 - 2013-07-18 17:05 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-03-26 10:57 - 2013-07-18 17:05 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-23 11:28 - 2012-10-21 13:23 - 00000049 _____ () C:\Windows\NeroDigital.ini
2015-03-23 11:27 - 2013-05-01 14:40 - 00000000 ____D () C:\Users\manni\dwhelper
2015-03-04 21:25 - 2012-01-03 11:25 - 00000000 ____D () C:\Users\manni\AppData\Local\Eclipse
2015-03-04 21:24 - 2013-08-09 08:42 - 00000000 ____D () C:\Program Files\Eclipse 4.2 Juno SR2 (64bit)
2015-03-03 10:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 14:14 - 2013-07-16 13:36 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-03-02 14:13 - 2010-11-21 05:47 - 00306044 _____ () C:\Windows\PFRO.log
2015-03-02 14:13 - 2009-07-14 06:45 - 01302072 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-02 14:12 - 2013-07-16 13:52 - 00027766 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-03-02 14:06 - 2014-10-14 10:20 - 00000000 ____D () C:\Users\manni\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2015-01-21 22:49 - 2015-01-28 16:34 - 0002919 _____ () C:\Users\manni\AppData\Roaming\SAS7_000.DAT
2012-12-06 18:26 - 2015-01-02 17:09 - 0011776 _____ () C:\Users\manni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-22 14:42 - 2014-05-22 14:42 - 0000002 _____ () C:\Users\manni\AppData\Local\PC-Information.Flag
2012-02-07 16:58 - 2013-02-20 11:45 - 0007605 _____ () C:\Users\manni\AppData\Local\Resmon.ResmonCfg
2015-02-18 13:48 - 2015-02-18 13:48 - 0004864 _____ () C:\ProgramData\vczcspay.tpu

Files to move or delete:
====================
C:\Users\manni\hsqlprefs.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 10:39

==================== End Of Log ============================
         
Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by manni at 2015-03-30 11:06:59
Running from C:\Users\manni\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Disabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: COMODO Antivirus (Disabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Disabled - Out of date) {3D54B793-665E-3129-9103-206115370C8A}
AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Disabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Anti-Twin (Installation 22.09.2014) (HKLM-x32\...\Anti-Twin 2014-09-22 14.22.27) (Version:  - Joerg Rosenthal, Germany)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.60.01 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Axway API Gateway (HKLM-x32\...\Axway API Gateway 7.2.2) (Version: 7.2.2 - Axway)
Bitvise Tunnelier 4.35 (remove only) (HKLM-x32\...\Tunnelier) (Version:  - )
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.07059 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.07059 - Cisco Systems, Inc.) Hidden
Combined Community Codec Pack 2011-07-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)
COMODO Internet Security Premium (HKLM\...\{A0BABADE-E154-4F08-97A1-2903CD110E88}) (Version: 6.2.20728.2847 - COMODO Security Solutions Inc.)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.2 - Conexant)
DbVisualizer 8.0.10 (HKLM\...\8973-4025-0853-7287) (Version: 8.0.10 - DbVis Software AB)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
DJ Java Decompiler v.3.12.12.96 (HKLM-x32\...\{0DB51EBE-ECD4-4308-A55C-3DFDC4E83814}) (Version: 1.8 - Atanas Neshkov 2009)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.6.2 Exedra Chac - Alexandre Devilliers (aka Elbereth))
Dxtory version 2.0.126 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.126 - ExKode Co. Ltd.)
Enterprise Architect 9.3  - 30 Day Trial Edition (HKLM-x32\...\{4C78E7B2-AE8C-492E-8A97-BA6A641C616B}) (Version: 9.3.935.12 - Sparx Systems)
ffdshow x64 v1.3.4500 [2013-01-06] (HKLM\...\ffdshow64_is1) (Version: 1.3.4500.0 - )
FileZilla Client 3.2.7.1 (HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\FileZilla Client) (Version: 3.2.7.1 - )
flam (HKLM\...\{BFFE0B20-6BEC-4AFB-A145-EA164D07BB8C}) (Version: 5.1.3.8040 - limes datentechnik gmbh)
FormsForWeb® Filler 3.2.3 (HKLM-x32\...\{18815D2C-C62D-4066-94F3-55966581D2A5}) (Version: 3.2.3 - Lucom GmbH)
Frontplatten Designer (HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\Frontplatten Designer) (Version: 4.1.4 - Schaeffer AG)
FTL -  Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.2.0.12 - GOG.com)
Git version 1.9.0-preview20140217 (HKLM-x32\...\Git_is1) (Version: 1.9.0-preview20140217 - The Git Development Community)
Gold Wave Editor v10.0.1 (HKLM-x32\...\Gold Wave Editor_is1) (Version:  - )
GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
HDClone 4.2.12 Professional Edition (HKLM\...\Miray.HDClone.Professional.4.2.12.1031-{4FA40B6A-B5EA-49AA-8BC1-F86DC5E1DC8A}) (Version: 4.2 - Miray Software AG)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
IBM WebSphere MQ (HKLM-x32\...\{C8C5A8CC-14C2-4972-B7F6-2DB9044CD50D}) (Version: 7.0.1.3 - IBM)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Indeo® Software (HKLM-x32\...\Indeo® Software) (Version:  - )
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera Driver Installer Package Ver.1.1.0.42 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.42 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.74.0 (HKLM-x32\...\{C6D4B05A-EA7E-1027-80EF-C925E740E99C}) (Version: 1.0.74.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java SE Development Kit 7 Update 17 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
Java(TM) 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle)
Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Java(TM) 7 Update 1 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217001FF}) (Version: 7.0.10 - Oracle)
Java(TM) SE Development Kit 6 Update 24 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160240}) (Version: 1.6.0.240 - Oracle)
Java(TM) SE Development Kit 6 Update 30 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160300}) (Version: 1.6.0.300 - Oracle)
Java(TM) SE Development Kit 6 Update 30 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160300}) (Version: 1.6.0.300 - Oracle)
Java(TM) SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
Java(TM) SE Development Kit 7 Update 1 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
JProfiler 8.0.5 (HKLM\...\8785-2147-3791-3338) (Version: 8.0.5 - ej-technologies GmbH)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5802.24 - PC-Doctor, Inc.)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.16.20140414 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
LiteShow (HKLM-x32\...\LiteShow_is1) (Version:  - )
McAfee Agent (HKLM-x32\...\{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}) (Version: 4.5.0.1810 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.00000 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.5.1.5 - Ericsson AB)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.04.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mp3tag v2.49 (HKLM-x32\...\Mp3tag) (Version: v2.49 - Florian Heidenreich)
MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.)
NatLink version 4.1mike (including Vocola 2.8.1I+ and Unimacro) (HKLM-x32\...\NatLink_is1) (Version:  - )
Nero 8 (HKLM-x32\...\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}) (Version: 8.0.182 - Nero AG)
Nero 9 Lite (HKLM-x32\...\{0bb7eff0-cb5c-4492-9eab-9029285c1e9b}) (Version:  - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )
NVIDIA 3D Vision Treiber 275.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.93 - NVIDIA Corporation)
NVIDIA Grafiktreiber 275.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.93 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA nView 135.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.64 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.1.4 (HKLM-x32\...\OpenVPN) (Version: 2.1.4 - )
Oracle VM VirtualBox 4.1.8 (HKLM\...\{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}) (Version: 4.1.8 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PathFileTwirler (HKLM-x32\...\PathFileTwirler) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Pixel Heroes: Byte & Magic (HKLM-x32\...\UGl4ZWxIZXJvZXNCeXRlTWFnaWM=_is1) (Version: 1 - )
Python 2.7 pywin32-218 (HKLM-x32\...\pywin32-py2.7) (Version:  - )
Python 2.7 PyXML-0.8.4 (HKLM-x32\...\PyXML-py2.7) (Version:  - )
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
RazorSQL 5.6.4 (HKLM-x32\...\RazorSQL 5.6.4_is1) (Version:  - Richardson Software, LLC)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
R-Studio NTFS v2.0 (HKLM-x32\...\R-Studio NTFS_is1) (Version: 2.0 - R-tools Technology Inc.)
RTPatch Update (HKLM-x32\...\RTPatch_is1) (Version:  - PocketSoft)
SAM Development Kit - SamSdk (HKLM-x32\...\{6E10CFBE-2702-3057-1388-C126199EDD5B}) (Version: 1.1.0 - Beta Systems Software AG)
SAM Development Kit - SamSdk (HKLM-x32\...\{BD53FB07-A243-55ED-8778-1B813C445B5B}) (Version: 1.1.0 - Beta Systems Software AG)
SAM Development Kit - SamSdk (HKLM-x32\...\{E314F879-8475-F8B2-AE50-5CA8B2FF07CB}) (Version: 1.1.0 - Beta Systems Software AG)
SeventhGate (HKLM-x32\...\{BD61A677-6D91-492E-A624-7EFE1BCEB88D}) (Version: 0.1 - Piotr Gawron)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
Theme Resource Changer X64 v1.0 (HKLM\...\Theme Resource Changer X64 v1.0) (Version:  - Bad Ass Apps)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2900 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.64 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.64.00.00 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - )
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.43 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{C2938C94-239C-4156-B245-C5406A4F3E93}) (Version: 5.9.5.7038 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.73 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
TightVNC 2.0.2 (HKLM-x32\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)
TortoiseGit 1.8.7.0 (64 bit) (HKLM\...\{B7307613-51D1-40EA-80CD-4A5A71CC657B}) (Version: 1.8.7.0 - TortoiseGit)
Tyrian 2000 (HKLM-x32\...\GOGPACKTYRIAN2000_is1) (Version: 2.0.0.11 - GOG.com)
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WEKA Update Center (HKLM-x32\...\{A8217164-542A-4C4B-9031-2AB445CA314A}) (Version: 1.00.00.0003 - WEKA MEDIA GmbH & Co. KG)
Winamp  2009 (HKLM-x32\...\{BBDE8B7B-829A-405A-8357-6F9240050D44}) (Version:  - kandelar)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Style Builder (HKLM-x32\...\{AFDF950D-3814-4F98-B66F-8C286A69F405}) (Version: 1.5.03 - AveApps)
WinSCP 4.3.2 (HKLM-x32\...\winscp3_is1) (Version: 4.3.2 - Martin Prikryl)
wxPython 2.8.12.1 (ansi) for Python 2.7 (HKLM-x32\...\wxPython2.8-ansi-py27_is1) (Version: 2.8.12.1-ansi - Total Control Software)
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) (HKLM-x32\...\x264vfw64) (Version:  - )
Xaldon WebSpider2 (HKLM-x32\...\WebSpider2) (Version:  - )
XAMPP 1.7.7 (HKLM-x32\...\xampp) (Version:  - )
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-748579090-2159190992-1044474020-1528_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\rdpencom.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A0226A6-C458-4656-A8F0-6DAC506F37CD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {1E080631-3B54-4054-B284-6E641BDB6202} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO)
Task: {20607124-BA02-497B-ABF7-71B6C00DFBD7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {24B75C89-E747-4C75-94D9-AF30656954E4} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO)
Task: {25047045-0598-4F8F-9D26-A4BB565ED484} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2C723B3C-EE77-439D-8199-1F05FC2600CA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3A7C3A85-016C-4EED-9CFE-31DE9FDD1C85} - System32\Tasks\Microsoft_Hardware_Launch_LifeExp_exe => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
Task: {4128E48A-6CE1-4314-B856-E883D6223FF2} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {57BD5A85-BED3-4448-9850-90F8C1780366} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO)
Task: {6319A5D4-E118-4040-9062-042ED395F5A8} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-04-01] (PC-Doctor, Inc.)
Task: {68FE4945-FDE1-4439-8E28-609DC4FF5F08} - System32\Tasks\{C156F379-A259-48AC-B125-8718502E563D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1620
Task: {75E7E562-3EA0-467B-BB4A-395E41BF7EE2} - System32\Tasks\{AE89C570-7B65-4686-A6BA-5D85F773F1FD} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.21.0.104&LastError=12002
Task: {A90FBEFB-7F19-4534-8D98-45CEC38B29C9} - System32\Tasks\{145F5F82-B51F-44ED-AE43-5750930F596D} => pcalua.exe -a C:\Users\manni\Desktop\imsm_makedisk_6001022\64\AsusSetup.exe -d C:\Users\manni\Desktop\imsm_makedisk_6001022\64
Task: {AAB11F08-C974-479B-A82F-6997E70A4AC6} - System32\Tasks\{CDBC4372-D87A-49A3-8F24-50FFEAFFC9A9} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.16.0.105&LastError=12007
Task: {B78E3566-8D4E-401B-81AE-7181D972E80E} - System32\Tasks\{5BEC0656-2832-4BCB-8BE4-D540C6E74646} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.16.0.105&LastError=12007
Task: {BF750A8E-530E-4997-B483-78DD87687883} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-04-01] (PC-Doctor, Inc.)
Task: {C1D86E4A-6BD6-4369-934B-F6BDEBBA56F5} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-01-30] (COMODO)
Task: {C89FC067-F60F-4C46-A3BB-658BD84DA6D9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E3F18D60-67EA-4190-82FA-1ED5B0DEAE42} - System32\Tasks\{29E0F2A4-2A6C-4A35-BD85-5CF062D329AB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1620
Task: {F53C14B6-D464-4ED1-8303-8B558BC1BA98} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-04-01] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) ==============

2011-07-27 21:07 - 2011-07-27 21:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-12-20 15:02 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-10-08 07:18 - 2010-10-08 07:18 - 00056592 _____ () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
2010-09-02 09:24 - 2010-09-02 09:24 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00019456 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00026624 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00035328 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00119296 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2010-11-16 15:38 - 2010-11-16 15:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2010-10-08 07:18 - 2010-10-08 07:18 - 00957712 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2010-09-02 09:24 - 2010-09-02 09:24 - 00028160 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2010-09-02 09:25 - 2010-09-02 09:25 - 00040448 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00030720 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2010-10-08 07:18 - 2010-10-08 07:18 - 00697616 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2011-09-09 19:46 - 2011-09-09 19:46 - 08158720 _____ () c:\xampp\mysql\bin\mysqld.exe
2014-12-10 00:22 - 2014-12-10 00:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-04-15 18:39 - 2013-04-15 18:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-01-12 19:39 - 2014-01-12 19:39 - 00728424 _____ () C:\Program Files\TortoiseGit\bin\libgit2.dll
2014-01-12 19:39 - 2014-01-12 19:39 - 00087400 _____ () C:\Program Files\TortoiseGit\bin\zlib1.dll
2011-03-15 08:19 - 2011-03-15 08:19 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-08-23 19:24 - 2009-08-23 19:24 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2011-02-09 02:56 - 2011-02-09 02:56 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2011-12-20 14:38 - 2010-10-26 14:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2010-11-29 04:34 - 2010-11-29 04:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-05-06 11:11 - 2011-10-04 04:04 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2011-01-12 16:05 - 2011-01-12 16:05 - 00065536 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
2011-01-12 08:08 - 2011-01-12 08:08 - 00150032 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll
2010-08-31 13:09 - 2010-08-31 13:09 - 00956480 _____ () C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqmjps.dll
2011-12-19 18:51 - 2011-05-26 18:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2014-01-12 19:31 - 2014-01-12 19:31 - 00550248 _____ () C:\Program Files\TortoiseGit\bin\libgit232.dll
2014-01-12 19:31 - 2014-01-12 19:31 - 00077160 _____ () C:\Program Files\TortoiseGit\bin\zlib132.dll
2011-03-15 08:13 - 2011-03-15 08:13 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-17 20:56 - 2013-12-05 21:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-08-12 06:20 - 2011-08-12 06:20 - 00247400 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\System:$WIMMOUNTDATA
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
AlternateDataStreams: C:\Users\manni\Downloads\Defogger.exe:$CmdZnID
AlternateDataStreams: C:\Users\manni\Downloads\FRST64.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-748579090-2159190992-1044474020-1528\Control Panel\Desktop\\Wallpaper -> C:\Users\manni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.19.254.8 - 172.19.255.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
MSCONFIG\startupreg: HW_OPENEYE_OUC_Mobile Partner => "C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe"
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: McAfeeUpdaterUI => "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: PowerDVD12Agent => "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
MSCONFIG\startupreg: PowerDVD12DMREngine => "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: ShStatEXE => "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
MSCONFIG\startupreg: WekaUpdateCenter => C:\Program Files (x86)\Common Files\Weka\Update Manager\WekaUpdateManager.exe /autostart

==================== Accounts: =============================

Administrator (S-1-5-21-3210954253-528678137-795811057-500 - Administrator - Disabled)
Gast (S-1-5-21-3210954253-528678137-795811057-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3210954253-528678137-795811057-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2015 10:39:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7a4

Startzeit: 01d06ac4719c8e05

Endzeit: 13

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 2e486ae1-d6b8-11e4-bf06-9e997716a562

Error: (03/30/2015 09:42:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 09:41:54 AM) (Source: WebSphere MQ) (EventID: 7121) (User: )
Description: Der Testzeitraum für dieses Exemplar von WebSphere MQ ist jetzt abgelaufen.



Dieses Exemplar von WebSphere MQ wurde nur für einen begrenzten Zeitraum lizenziert. Dieser Zeitraum ist abgelaufen.



Installieren Sie eine Lizenz für den Einsatz dieses Exemplars von WebSphere MQ in einer produktiven Umgebung.

Error: (03/30/2015 09:40:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.


Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.
.

Error: (03/30/2015 09:40:11 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:40:11 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaUserGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:42 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:42 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaUserGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:02 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:02 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaUserGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)


System errors:
=============
Error: (03/30/2015 10:34:54 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 10:34:54 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 10:34:53 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 09:57:09 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: BCINTERN)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (03/30/2015 09:54:40 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 09:54:40 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 09:47:59 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 09:47:58 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 09:47:58 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (03/30/2015 09:47:58 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.


Microsoft Office Sessions:
=========================
Error: (03/30/2015 10:39:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe26.0.0.50877a401d06ac4719c8e0513C:\Program Files (x86)\Mozilla Firefox\firefox.exe2e486ae1-d6b8-11e4-bf06-9e997716a562

Error: (03/30/2015 09:42:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 09:41:54 AM) (Source: WebSphere MQ) (EventID: 7121) (User: )
Description: 002000712100

Error: (03/30/2015 09:40:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (03/30/2015 09:40:11 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:40:11 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaUserGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:42 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:42 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaUserGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:02 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)

Error: (03/30/2015 09:20:02 AM) (Source: KIXTART) (EventID: 2138) (User: )
Description: WkstaUserGetInfo failed Error : Der Arbeitsstationsdienst wurde nicht gestartet. (0x85a/2138)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
Percentage of memory in use: 56%
Total physical RAM: 8075.23 MB
Available physical RAM: 3541.69 MB
Total Pagefile: 16265.43 MB
Available Pagefile: 9811.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:117.19 GB) (Free:14.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive v: (SYSTEM) (Network) (Total:117.19 GB) (Free:14.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 21DD3534)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 30.03.2015, 12:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Standard

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



Hi und

ist das ein gewerblich genutztes System? Seh da einiges was dafür sprechen kann.
__________________

__________________

Alt 30.03.2015, 12:59   #3
ManniLundgre
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Standard

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



Hallo cosinus,

nein, es handlet sich um meinen privaten Laptop. Du meinst vermutlich solche Technologien wie WebSphere MQ usw. Oder du bist auf die alte Enterprise Architect Installation aufmerksam geworden. Oder GIT, was ich privat einsetze. Oder oder oder...
Ich bin lediglich Technik-Enthusiast und studiere gerne mal, was die "Großen" so draußen einsetzen. Die eben erwähnten Versionen waren übrigens beide Demo-Versionen, was meines Wissens nach auch aus den Logs hervorgehen müsste.

Also sei unbesorgt, ich bin weder selbstständiger Unternehmer, noch handelt es sich um irgendeine Art gewerblicher Nutzung. Vielmehr ist das mein "Probier-Laptop" für neue Technologien.

Der Manni
__________________

Alt 30.03.2015, 13:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Standard

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



Gut. Poste bitte auch das GMER-Log in CODE-Tags.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.03.2015, 13:52   #5
ManniLundgre
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Standard

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



Hallo cosinus,

wie ich oben schon geschrieben habe, ist das GMER-Log etwa 10x zu lang für die Forumseinstellungen. Deshalb hatte ich es gezippt am meinen ersten Post angehängt (.txt und .log dürfen auch nur ca. 100KB groß sein, .zip aber ca. 5 MB).

Ich erhalte folgende Fehlermeldung:

Code:
ATTFilter
Die folgenden Fehler traten bei der Verarbeitung auf:

    Der Text, den Sie eingegeben haben, besteht aus 959268 Zeichen und ist damit zu lang. Bitte die Logs auf mehrere Beiträge aufspalten mit maximaler Länge von 120000 Zeichen.
         
Oder meinstest du wirklich, dass ich 10 Beiträge direkt hintereinander verfassen sollte? (In allen Foren, die ich kenne, würde man dafür umgekehrt aufgehängt werden )

Der Manni


Alt 30.03.2015, 14:01   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Standard

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



Die Anhänge sind nur sehr deppert. Wenns wirklich soo lang ist, dann poste mal den kompletten Inhalt nach Pastebin.com - #1 paste tool since 2002! und verlink das hier dann im nächsten Beitrag.
__________________
--> Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität

Alt 30.03.2015, 14:38   #7
ManniLundgre
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Standard

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



Hallo cosinus,

man glaubt es nicht, aber sogar PasteBin war der Log-Text zu lang für einen Link.

Ich musste das GMER-Log in 2 "PasteBins" unterteilen:

GMER-Log 1 of 2: h**p://pastebin.com/VG6dNvmJ
GMER-Log 2 of 2: h**p://pastebin.com/Upgfd0eM


Der Manni

EDIT: aus irgendeinem Grund verschwinden die Links immer, egal wie ich es mache. Musste etwas improvisieren.

Geändert von ManniLundgre (30.03.2015 um 14:41 Uhr) Grund: Links sind weg gewesen

Alt 30.03.2015, 14:46   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Standard

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



Das ist gewollt. Wir wollen hier nämlich keine klickbaren Links, die potentiell gefährlich sind. Deswegen macht die Boardsoftware bei Postings von "normalen" Benutzern hier bei einem Link aus einem http ein hxxp
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.03.2015, 14:49   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Standard

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



Da wird man ja echt mit Zeilen erschlagen...bitte mit MBAR fortfahren. Das was GMER als "suspicous" sah müsste ab i.O. sein.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.03.2015, 09:06   #10
ManniLundgre
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Standard

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



Hallo cosinus,

also der MBAR-Scan läuft seit kurz nachdem du mich darum gebeten hast, aber ich schätze, dass ich es heute nicht mehr schaffen werde, die Ergebnisse zu posten.

Ich melde mich dann morgen früh wieder, hoffentlich mit den Logs.

Bis dahin alles Gute,

Manni

Guten Morgen cosinus!

Sorry, mein Zug ist leider aufgehalten worden.

Der 1. MBAR-Durchlauf hat ca. 5 Treffer erzielt.

Der 2. Durchlauf nach dem Reboot hat keine Treffer mehr festgestellt.

Nur zur Sicherheit habe ich einen weiteren Reboot duchgeführt und nochmals gescannt. Auch keine Treffer mehr. So weit, so gut.

Hier die Logs:

1. Durchlauf

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.30.06
  rootkit: v2015.03.26.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
manni :: CL2157 [administrator]

30.03.2015 16:20:27
mbar-log-2015-03-30 (16-20-27).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 455264
Time elapsed: 20 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\CLASSES\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A} (Trojan.FakeMS.SVSGen2) -> Delete on reboot. [208ef7542e5c5bdb6c085443c041b050]
HKU\S-1-5-21-748579090-2159190992-1044474020-1528_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A} (Trojan.FakeMS.SVSGen2) -> Delete on reboot. [208ef7542e5c5bdb6c085443c041b050]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} (Trojan.Clicker.FMS) -> Delete on reboot. [0ea04dfe77132d09115287254eb537c9]

Files Detected: 6
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\euaeqamy.tmp (Trojan.FakeMS.ED) -> Delete on reboot. [aa046fdc86043bfb81a41be47b86b44c]
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\rdpencom.dll (Trojan.FakeMS.SVSGen2) -> Delete on reboot. [208ef7542e5c5bdb6c085443c041b050]
C:\Windows\Installer\{47B09F88-EEF8-4BD8-AF93-FAF846A651E6}\api-ms-win-system-apphelp-l1-1-0.dll (Trojan.Agent.ED) -> Delete on reboot. [139b5bf044467fb7f58ae6258d758b75]
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a (Trojan.Clicker.FMS) -> Delete on reboot. [0ea04dfe77132d09115287254eb537c9]
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\mgqmc.tmp (Trojan.Clicker.FMS) -> Delete on reboot. [0ea04dfe77132d09115287254eb537c9]
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\muiyciscs.tmp (Trojan.Clicker.FMS) -> Delete on reboot. [0ea04dfe77132d09115287254eb537c9]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
2. Durchlauf

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.30.06
  rootkit: v2015.03.26.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
manni :: CL2157 [administrator]

30.03.2015 17:26:49
mbar-log-2015-03-30 (17-26-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 454899
Time elapsed: 55 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
3. Durchlauf

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.30.06
  rootkit: v2015.03.26.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
manni :: CL2157 [administrator]

30.03.2015 18:33:06
mbar-log-2015-03-30 (18-33-06).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 454906
Time elapsed: 3 hour(s), 2 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 31.03.2015, 09:24   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Standard

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.03.2015, 11:02   #12
ManniLundgre
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Standard

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



So, hier die Ergebnisse:

AdwCleaser[S0].txt

Code:
ATTFilter
# AdwCleaner v4.200 - Bericht erstellt 31/03/2015 um 11:02:35
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : manni - CL2157
# Gestarted von : C:\Users\manni\Downloads\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\manni\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\manni\AppData\Roaming\download Manager
Ordner Gelöscht : C:\Users\manni\Documents\Updater

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v26.0 (de)


-\\ Google Chrome v

[C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.bosch.de/de/de/_technik_1/search_10/search_results.php?lang=de&scenario=1&q={searchTerms}&x=-1251&y=-86

*************************

AdwCleaner[R0].txt - [2984 Bytes] - [31/03/2015 11:00:20]
AdwCleaner[S0].txt - [2872 Bytes] - [31/03/2015 11:02:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2931  Bytes] ##########
         
JRT.txt

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.8 (03.30.2015:1)
OS: Windows 7 Professional x64
Ran by manni on 31.03.2015 at 11:07:53,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\manni\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\manni\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\manni\AppData\Roaming\flexnet"
Successfully deleted: [Folder] "C:\Users\manni\AppData\Roaming\pcdr"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.03.2015 at 11:27:42,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by manni (administrator) on CL2157 on 31-03-2015 11:31:48
Running from C:\Users\manni\Downloads
Loaded Profiles: UpdatusUser & manni (Available profiles: UpdatusUser & manni)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(IBM Corporation) C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqsvc.exe
() C:\xampp\mysql\bin\mysqld.exe
(IBM Corporation) C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqmsrvn.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Users\manni\Desktop\Dokumente\Urlaub\saved\temp\USB Drive Letter Manager 4.7.1.0 (64bit)\USBDLM.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Users\manni\Desktop\Dokumente\Urlaub\saved\temp\USB Drive Letter Manager 4.7.1.0 (64bit)\USBDLM_usr.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
() C:\Windows\System32\Notepad2.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Windows\System32\Notepad2.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [85832 2011-07-14] (Authentec Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297624 2015-01-30] (COMODO)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {00cb7421-eb16-11e3-8a9c-028037ec0200} - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {3c7e0e39-e1ae-11e3-941f-028037ec0200} - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {3c7e0e4d-e1ae-11e3-941f-028037ec0200} - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {3c7e1151-e1ae-11e3-941f-028037ec0200} - E:\AutoRun.exe
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\MountPoints2: {5ed62f38-6ef0-11e3-8d40-d709f32aee8c} - E:\LG_PC_Programs.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-748579090-2159190992-1044474020-1528\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-748579090-2159190992-1044474020-1528\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-11-04] (Nuance Communications, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-11] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110506105045.dll [2011-05-06] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-11] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-11-04] (Nuance Communications, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-01-03] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110506105045.dll [2011-05-06] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-01-03] (Oracle Corporation)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 172.19.254.8 172.19.255.8
Tcpip\..\Interfaces\{0C1B94D6-6B87-48A5-9833-0E5CF6E99710}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{D07768AD-8B5F-484B-B192-4289333177A7}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{D8BF7FDA-F50E-4ED2-9181-7D31C682D1AB}: [NameServer] 193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default
FF Homepage: https://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll [2014-03-21] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2014-03-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-11-04] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll [2014-03-21] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [2012-01-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-08-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-08-12] (NVIDIA Corporation)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-11-04] (Nuance Communications, Inc.)
FF Extension: ColorfulTabs - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2015-02-18]
FF Extension: Complete YouTube Saver - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2015-02-18]
FF Extension: DownloadHelper - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-02-18]
FF Extension: YouTube Videos automatisch starten in High Definition (HD) - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\andromeda.nebel@ytautohdde.de.xpi [2015-02-18]
FF Extension: AutoPager - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\autopager@mozilla.org.xpi [2015-02-18]
FF Extension: BatchDownload - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\batchdownload@panshisoft.cn.xpi [2015-02-18]
FF Extension: Copy Urls Expert - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2015-02-18]
FF Extension: FaviconizeTab - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\faviconizetab@espion.just-size.jp.xpi [2015-02-18]
FF Extension: open tab count widget - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\jid0-x24fAzIkLoGDS5vfyNzJuT1Tits@jetpack.xpi [2015-02-18]
FF Extension: Linky - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\linky@gemal.dk.xpi [2015-02-18]
FF Extension: URL Flipper - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\urlflipper@mozilla.ktechcomputing.com.xpi [2015-02-18]
FF Extension: RSS Ticker - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}.xpi [2015-02-18]
FF Extension: RefControl - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2015-02-18]
FF Extension: Page Title Eraser - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{791DB184-BFBA-11DA-9C61-0638DF403F48}.xpi [2015-02-18]
FF Extension: RightToClick - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2015-02-18]
FF Extension: Tab Mix Plus - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-02-18]
FF Extension: DownThemAll! - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-02-18]
FF Extension: Adblock Edge - C:\Users\manni\AppData\Roaming\Mozilla\Firefox\Profiles\daar6f02.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-02-18]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60} [2015-02-17]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Profile: C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-23]
CHR Extension: (Nyan Cat Progress Bar for YouTube) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdjaekjkckpdknkfncfnaibkabdcgmkg [2013-04-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-23]
CHR Extension: (Google Search) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-23]
CHR Extension: (FoxyProxy Standard) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2013-04-21]
CHR Extension: (AdBlock) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-12]
CHR Extension: (GWT Developer Plugin) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjpnpmbddbjkfaccnmhnkdgjideieim [2014-07-08]
CHR Extension: (Google Wallet) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Gmail) - C:\Users\manni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-01-30] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-01-30] (COMODO)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151616 2014-11-04] (Nuance Communications, Inc.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-10-08] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-10-08] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-10-08] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [190256 2011-05-06] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-01-12] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [156248 2011-05-06] (McAfee, Inc.)
R2 MQSeriesServices; C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqsvc.exe [80960 2010-08-31] (IBM Corporation)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8158720 2011-09-09] () [File not signed]
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [836904 2007-08-08] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
S2 SkypeUpdate; C:\Users\manni\Desktop\Dokumente\Urlaub\saved\temp\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-03-03] (Microsoft Corporation) [File not signed]
R2 USBDLM; C:\Users\manni\Desktop\Dokumente\Urlaub\saved\temp\USB Drive Letter Manager 4.7.1.0 (64bit)\USBDLM.exe [451560 2012-09-09] (Uwe Sieber - www.uwe-sieber.de) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [X]
S2 OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [X]
S2 SdkBusServerSamSdk; C:\BetaSystems\SamSdk\bin\Wrapper.exe -s C:\BetaSystems\SamSdk\\conf/BusServer.conf

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2015-01-30] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-01-30] (COMODO)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-06-13] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-06-13] (Ericsson AB)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-01-30] (COMODO)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [153952 2011-05-06] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [217696 2011-05-06] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [607152 2011-05-06] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [97960 2011-05-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281544 2011-05-06] (McAfee, Inc.)
S3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [19968 2013-03-04] (Razer USA Ltd)
S3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [24576 2013-03-04] (Razer USA Ltd)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2012-10-27] (Duplex Secure Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)
S3 NETw5s64; system32\DRIVERS\NETw5s64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 11:31 - 2015-03-31 11:32 - 00030499 _____ () C:\Users\manni\Downloads\FRST.txt
2015-03-31 11:27 - 2015-03-31 11:30 - 00001181 _____ () C:\Users\manni\Downloads\JRT.txt
2015-03-31 10:59 - 2015-03-31 11:02 - 00000000 ____D () C:\AdwCleaner
2015-03-31 10:58 - 2015-03-31 10:58 - 01389097 _____ (Thisisu) C:\Users\manni\Downloads\JRT.exe
2015-03-31 10:57 - 2015-03-31 10:57 - 02208768 _____ () C:\Users\manni\Downloads\AdwCleaner_4.200.exe
2015-03-30 16:20 - 2015-03-31 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-30 16:20 - 2015-03-30 18:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-30 16:20 - 2015-03-30 16:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-30 16:18 - 2015-03-30 18:32 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-30 16:16 - 2015-03-30 16:16 - 00000000 ____D () C:\Users\manni\Downloads\mbar
2015-03-30 16:15 - 2015-03-30 16:15 - 16502728 _____ (Malwarebytes Corp.) C:\Users\manni\Downloads\mbar-1.09.1.1004.exe
2015-03-30 11:29 - 2015-03-30 12:09 - 00959270 _____ () C:\Users\manni\Downloads\Gmer.txt
2015-03-30 11:10 - 2015-03-30 11:10 - 00380416 _____ () C:\Users\manni\Downloads\Gmer-19357.exe
2015-03-30 11:06 - 2015-03-30 12:00 - 00041826 _____ () C:\Users\manni\Downloads\Addition.txt.old
2015-03-30 11:05 - 2015-03-31 11:31 - 00000000 ____D () C:\FRST
2015-03-30 11:05 - 2015-03-30 12:05 - 00037124 _____ () C:\Users\manni\Downloads\FRST.txt.old
2015-03-30 11:05 - 2015-03-30 11:05 - 02095616 _____ (Farbar) C:\Users\manni\Downloads\FRST64.exe
2015-03-30 11:03 - 2015-03-30 12:00 - 00000504 _____ () C:\Users\manni\Downloads\defogger_disable.log
2015-03-30 11:03 - 2015-03-30 11:03 - 00000020 _____ () C:\Users\manni\defogger_reenable
2015-03-30 11:02 - 2015-03-30 11:02 - 00050477 _____ () C:\Users\manni\Downloads\Defogger.exe
2015-03-30 09:06 - 2007-02-18 20:00 - 00001688 _____ () C:\Windows\SysWOW64\autoexec.bak
2015-03-30 09:05 - 2015-03-30 12:30 - 00000000 ____D () C:\AV-CLS
2015-03-26 11:00 - 2015-03-26 11:00 - 00000000 ____D () C:\Users\manni\AppData\Local\Colossal Order
2015-03-26 10:59 - 2015-03-26 10:59 - 00000000 ____D () C:\Users\manni\AppData\Roaming\Steam

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 11:30 - 2012-01-02 16:08 - 00004308 _____ () C:\Windows\system32\Notepad2.ini
2015-03-31 11:29 - 2011-05-06 11:09 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-03-31 11:21 - 2011-05-06 11:09 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-03-31 11:12 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-31 11:12 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-31 11:10 - 2010-11-21 08:21 - 00851666 _____ () C:\Windows\system32\perfh007.dat
2015-03-31 11:10 - 2010-11-21 08:21 - 00198464 _____ () C:\Windows\system32\perfc007.dat
2015-03-31 11:10 - 2009-07-14 07:13 - 01827172 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-31 11:08 - 2011-12-20 01:00 - 01060215 _____ () C:\Windows\WindowsUpdate.log
2015-03-31 11:04 - 2012-10-02 10:54 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-31 11:04 - 2011-12-20 12:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-31 11:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-31 11:04 - 2009-07-14 06:51 - 00021725 _____ () C:\Windows\setupact.log
2015-03-31 11:03 - 2010-11-21 05:47 - 00308448 _____ () C:\Windows\PFRO.log
2015-03-31 10:01 - 2014-10-19 09:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-30 17:21 - 2013-06-10 12:10 - 00000000 ____D () C:\Windows\Minidump
2015-03-30 17:21 - 2011-12-20 00:57 - 00340997 ____N () C:\Windows\Minidump\033015-16052-01.dmp
2015-03-30 16:11 - 2013-07-16 13:35 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-03-30 11:07 - 2015-02-15 02:40 - 00381440 _____ (Farbar) C:\Windows\mod_frst.exe
2015-03-30 11:03 - 2011-12-20 14:44 - 00000000 ____D () C:\Users\manni
2015-03-30 09:03 - 2014-03-19 12:00 - 00000000 ____D () C:\Temp
2015-03-30 08:53 - 2012-04-24 13:30 - 00002046 ____H () C:\Users\manni\Documents\Default.rdp
2015-03-27 20:56 - 2011-12-20 00:57 - 00343101 ____N () C:\Windows\Minidump\032715-38454-01.dmp
2015-03-26 10:57 - 2013-07-18 17:05 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-03-26 10:57 - 2013-07-18 17:05 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-23 11:28 - 2012-10-21 13:23 - 00000049 _____ () C:\Windows\NeroDigital.ini
2015-03-23 11:27 - 2013-05-01 14:40 - 00000000 ____D () C:\Users\manni\dwhelper
2015-03-04 21:25 - 2012-01-03 11:25 - 00000000 ____D () C:\Users\manni\AppData\Local\Eclipse
2015-03-04 21:24 - 2013-08-09 08:42 - 00000000 ____D () C:\Program Files\Eclipse 4.2 Juno SR2 (64bit)
2015-03-03 10:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 14:14 - 2013-07-16 13:36 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-03-02 14:13 - 2009-07-14 06:45 - 01302072 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-02 14:12 - 2013-07-16 13:52 - 00027766 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-03-02 14:06 - 2014-10-14 10:20 - 00000000 ____D () C:\Users\manni\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2015-01-21 22:49 - 2015-01-28 16:34 - 0002919 _____ () C:\Users\manni\AppData\Roaming\SAS7_000.DAT
2012-12-06 18:26 - 2015-01-02 17:09 - 0011776 _____ () C:\Users\manni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-22 14:42 - 2014-05-22 14:42 - 0000002 _____ () C:\Users\manni\AppData\Local\PC-Information.Flag
2012-02-07 16:58 - 2013-02-20 11:45 - 0007605 _____ () C:\Users\manni\AppData\Local\Resmon.ResmonCfg
2015-02-18 13:48 - 2015-02-18 13:48 - 0004864 _____ () C:\ProgramData\vczcspay.tpu

Files to move or delete:
====================
C:\Users\manni\hsqlprefs.dat


Some content of TEMP:
====================
C:\Users\manni\AppData\Local\Temp\Quarantine.exe
C:\Users\manni\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-30 17:08

==================== End Of Log ============================
         
--- --- ---


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by manni at 2015-03-31 11:32:33
Running from C:\Users\manni\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Disabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: COMODO Antivirus (Disabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Disabled - Out of date) {3D54B793-665E-3129-9103-206115370C8A}
AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Disabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Anti-Twin (Installation 22.09.2014) (HKLM-x32\...\Anti-Twin 2014-09-22 14.22.27) (Version:  - Joerg Rosenthal, Germany)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.60.01 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Axway API Gateway (HKLM-x32\...\Axway API Gateway 7.2.2) (Version: 7.2.2 - Axway)
Bitvise Tunnelier 4.35 (remove only) (HKLM-x32\...\Tunnelier) (Version:  - )
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.07059 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.07059 - Cisco Systems, Inc.) Hidden
Combined Community Codec Pack 2011-07-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)
COMODO Internet Security Premium (HKLM\...\{A0BABADE-E154-4F08-97A1-2903CD110E88}) (Version: 6.2.20728.2847 - COMODO Security Solutions Inc.)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.2 - Conexant)
DbVisualizer 8.0.10 (HKLM\...\8973-4025-0853-7287) (Version: 8.0.10 - DbVis Software AB)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.6.2 Exedra Chac - Alexandre Devilliers (aka Elbereth))
Dxtory version 2.0.126 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.126 - ExKode Co. Ltd.)
Enterprise Architect 9.3  - 30 Day Trial Edition (HKLM-x32\...\{4C78E7B2-AE8C-492E-8A97-BA6A641C616B}) (Version: 9.3.935.12 - Sparx Systems)
ffdshow x64 v1.3.4500 [2013-01-06] (HKLM\...\ffdshow64_is1) (Version: 1.3.4500.0 - )
FileZilla Client 3.2.7.1 (HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\FileZilla Client) (Version: 3.2.7.1 - )
flam (HKLM\...\{BFFE0B20-6BEC-4AFB-A145-EA164D07BB8C}) (Version: 5.1.3.8040 - limes datentechnik gmbh)
FormsForWeb® Filler 3.2.3 (HKLM-x32\...\{18815D2C-C62D-4066-94F3-55966581D2A5}) (Version: 3.2.3 - Lucom GmbH)
Frontplatten Designer (HKU\S-1-5-21-748579090-2159190992-1044474020-1528\...\Frontplatten Designer) (Version: 4.1.4 - Schaeffer AG)
FTL -  Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.2.0.12 - GOG.com)
Git version 1.9.0-preview20140217 (HKLM-x32\...\Git_is1) (Version: 1.9.0-preview20140217 - The Git Development Community)
Gold Wave Editor v10.0.1 (HKLM-x32\...\Gold Wave Editor_is1) (Version:  - )
GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
HDClone 4.2.12 Professional Edition (HKLM\...\Miray.HDClone.Professional.4.2.12.1031-{4FA40B6A-B5EA-49AA-8BC1-F86DC5E1DC8A}) (Version: 4.2 - Miray Software AG)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
IBM WebSphere MQ (HKLM-x32\...\{C8C5A8CC-14C2-4972-B7F6-2DB9044CD50D}) (Version: 7.0.1.3 - IBM)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Indeo® Software (HKLM-x32\...\Indeo® Software) (Version:  - )
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera Driver Installer Package Ver.1.1.0.42 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.42 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.74.0 (HKLM-x32\...\{C6D4B05A-EA7E-1027-80EF-C925E740E99C}) (Version: 1.0.74.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java SE Development Kit 7 Update 17 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
Java(TM) 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle)
Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Java(TM) 7 Update 1 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217001FF}) (Version: 7.0.10 - Oracle)
Java(TM) SE Development Kit 6 Update 24 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160240}) (Version: 1.6.0.240 - Oracle)
Java(TM) SE Development Kit 6 Update 30 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160300}) (Version: 1.6.0.300 - Oracle)
Java(TM) SE Development Kit 6 Update 30 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160300}) (Version: 1.6.0.300 - Oracle)
Java(TM) SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
Java(TM) SE Development Kit 7 Update 1 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
JProfiler 8.0.5 (HKLM\...\8785-2147-3791-3338) (Version: 8.0.5 - ej-technologies GmbH)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5802.24 - PC-Doctor, Inc.)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.16.20140414 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
LiteShow (HKLM-x32\...\LiteShow_is1) (Version:  - )
McAfee Agent (HKLM-x32\...\{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}) (Version: 4.5.0.1810 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.00000 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 6.5.1.5 - Ericsson AB)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.04.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mp3tag v2.49 (HKLM-x32\...\Mp3tag) (Version: v2.49 - Florian Heidenreich)
MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.)
NatLink version 4.1mike (including Vocola 2.8.1I+ and Unimacro) (HKLM-x32\...\NatLink_is1) (Version:  - )
Nero 8 (HKLM-x32\...\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}) (Version: 8.0.182 - Nero AG)
Nero 9 Lite (HKLM-x32\...\{0bb7eff0-cb5c-4492-9eab-9029285c1e9b}) (Version:  - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )
NVIDIA 3D Vision Treiber 275.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.93 - NVIDIA Corporation)
NVIDIA Grafiktreiber 275.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.93 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA nView 135.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.64 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.1.4 (HKLM-x32\...\OpenVPN) (Version: 2.1.4 - )
Oracle VM VirtualBox 4.1.8 (HKLM\...\{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}) (Version: 4.1.8 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PathFileTwirler (HKLM-x32\...\PathFileTwirler) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Pixel Heroes: Byte & Magic (HKLM-x32\...\UGl4ZWxIZXJvZXNCeXRlTWFnaWM=_is1) (Version: 1 - )
Python 2.7 pywin32-218 (HKLM-x32\...\pywin32-py2.7) (Version:  - )
Python 2.7 PyXML-0.8.4 (HKLM-x32\...\PyXML-py2.7) (Version:  - )
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
RazorSQL 5.6.4 (HKLM-x32\...\RazorSQL 5.6.4_is1) (Version:  - Richardson Software, LLC)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
R-Studio NTFS v2.0 (HKLM-x32\...\R-Studio NTFS_is1) (Version: 2.0 - R-tools Technology Inc.)
RTPatch Update (HKLM-x32\...\RTPatch_is1) (Version:  - PocketSoft)
SAM Development Kit - SamSdk (HKLM-x32\...\{6E10CFBE-2702-3057-1388-C126199EDD5B}) (Version: 1.1.0 - Beta Systems Software AG)
SAM Development Kit - SamSdk (HKLM-x32\...\{BD53FB07-A243-55ED-8778-1B813C445B5B}) (Version: 1.1.0 - Beta Systems Software AG)
SAM Development Kit - SamSdk (HKLM-x32\...\{E314F879-8475-F8B2-AE50-5CA8B2FF07CB}) (Version: 1.1.0 - Beta Systems Software AG)
SeventhGate (HKLM-x32\...\{BD61A677-6D91-492E-A624-7EFE1BCEB88D}) (Version: 0.1 - Piotr Gawron)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
Theme Resource Changer X64 v1.0 (HKLM\...\Theme Resource Changer X64 v1.0) (Version:  - Bad Ass Apps)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2900 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.64 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.64.00.00 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - )
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.43 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{C2938C94-239C-4156-B245-C5406A4F3E93}) (Version: 5.9.5.7038 - Authentec Inc.)
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.73 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
TightVNC 2.0.2 (HKLM-x32\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)
TortoiseGit 1.8.7.0 (64 bit) (HKLM\...\{B7307613-51D1-40EA-80CD-4A5A71CC657B}) (Version: 1.8.7.0 - TortoiseGit)
Tyrian 2000 (HKLM-x32\...\GOGPACKTYRIAN2000_is1) (Version: 2.0.0.11 - GOG.com)
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WEKA Update Center (HKLM-x32\...\{A8217164-542A-4C4B-9031-2AB445CA314A}) (Version: 1.00.00.0003 - WEKA MEDIA GmbH & Co. KG)
Winamp  2009 (HKLM-x32\...\{BBDE8B7B-829A-405A-8357-6F9240050D44}) (Version:  - kandelar)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Style Builder (HKLM-x32\...\{AFDF950D-3814-4F98-B66F-8C286A69F405}) (Version: 1.5.03 - AveApps)
WinSCP 4.3.2 (HKLM-x32\...\winscp3_is1) (Version: 4.3.2 - Martin Prikryl)
wxPython 2.8.12.1 (ansi) for Python 2.7 (HKLM-x32\...\wxPython2.8-ansi-py27_is1) (Version: 2.8.12.1-ansi - Total Control Software)
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) (HKLM-x32\...\x264vfw64) (Version:  - )
Xaldon WebSpider2 (HKLM-x32\...\WebSpider2) (Version:  - )
XAMPP 1.7.7 (HKLM-x32\...\xampp) (Version:  - )
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A0226A6-C458-4656-A8F0-6DAC506F37CD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {1E080631-3B54-4054-B284-6E641BDB6202} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO)
Task: {20607124-BA02-497B-ABF7-71B6C00DFBD7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {24B75C89-E747-4C75-94D9-AF30656954E4} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO)
Task: {25047045-0598-4F8F-9D26-A4BB565ED484} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2C723B3C-EE77-439D-8199-1F05FC2600CA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3A7C3A85-016C-4EED-9CFE-31DE9FDD1C85} - System32\Tasks\Microsoft_Hardware_Launch_LifeExp_exe => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
Task: {4128E48A-6CE1-4314-B856-E883D6223FF2} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {57BD5A85-BED3-4448-9850-90F8C1780366} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-01-30] (COMODO)
Task: {6319A5D4-E118-4040-9062-042ED395F5A8} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-04-01] (PC-Doctor, Inc.)
Task: {68FE4945-FDE1-4439-8E28-609DC4FF5F08} - System32\Tasks\{C156F379-A259-48AC-B125-8718502E563D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1620
Task: {75E7E562-3EA0-467B-BB4A-395E41BF7EE2} - System32\Tasks\{AE89C570-7B65-4686-A6BA-5D85F773F1FD} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.21.0.104&amp;LastError=12002
Task: {A90FBEFB-7F19-4534-8D98-45CEC38B29C9} - System32\Tasks\{145F5F82-B51F-44ED-AE43-5750930F596D} => pcalua.exe -a C:\Users\manni\Desktop\imsm_makedisk_6001022\64\AsusSetup.exe -d C:\Users\manni\Desktop\imsm_makedisk_6001022\64
Task: {AAB11F08-C974-479B-A82F-6997E70A4AC6} - System32\Tasks\{CDBC4372-D87A-49A3-8F24-50FFEAFFC9A9} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.16.0.105&amp;LastError=12007
Task: {B78E3566-8D4E-401B-81AE-7181D972E80E} - System32\Tasks\{5BEC0656-2832-4BCB-8BE4-D540C6E74646} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.16.0.105&amp;LastError=12007
Task: {BF750A8E-530E-4997-B483-78DD87687883} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-04-01] (PC-Doctor, Inc.)
Task: {C1D86E4A-6BD6-4369-934B-F6BDEBBA56F5} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-01-30] (COMODO)
Task: {C89FC067-F60F-4C46-A3BB-658BD84DA6D9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E3F18D60-67EA-4190-82FA-1ED5B0DEAE42} - System32\Tasks\{29E0F2A4-2A6C-4A35-BD85-5CF062D329AB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1620
Task: {F53C14B6-D464-4ED1-8303-8B558BC1BA98} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-04-01] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) ==============

2011-07-27 21:07 - 2011-07-27 21:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-12-20 15:02 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-10-08 07:18 - 2010-10-08 07:18 - 00056592 _____ () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
2010-09-02 09:24 - 2010-09-02 09:24 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00019456 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00026624 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00035328 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00119296 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2010-11-16 15:38 - 2010-11-16 15:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2010-10-08 07:18 - 2010-10-08 07:18 - 00957712 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2010-09-02 09:24 - 2010-09-02 09:24 - 00028160 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2010-09-02 09:25 - 2010-09-02 09:25 - 00040448 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2010-09-02 09:24 - 2010-09-02 09:24 - 00030720 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2010-10-08 07:18 - 2010-10-08 07:18 - 00697616 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2011-09-09 19:46 - 2011-09-09 19:46 - 08158720 _____ () c:\xampp\mysql\bin\mysqld.exe
2014-12-10 00:22 - 2014-12-10 00:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2011-12-20 14:38 - 2010-10-26 14:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2010-11-29 04:34 - 2010-11-29 04:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-02 16:08 - 2011-05-06 01:00 - 00919552 _____ () C:\Windows\System32\Notepad2.exe
2014-01-12 19:39 - 2014-01-12 19:39 - 00728424 _____ () C:\Program Files\TortoiseGit\bin\libgit2.dll
2014-01-12 19:39 - 2014-01-12 19:39 - 00087400 _____ () C:\Program Files\TortoiseGit\bin\zlib1.dll
2011-03-15 08:19 - 2011-03-15 08:19 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-08-23 19:24 - 2009-08-23 19:24 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2011-02-09 02:56 - 2011-02-09 02:56 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2013-04-15 18:39 - 2013-04-15 18:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2011-01-12 16:05 - 2011-01-12 16:05 - 00065536 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
2011-01-12 08:08 - 2011-01-12 08:08 - 00150032 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll
2010-08-31 13:09 - 2010-08-31 13:09 - 00956480 _____ () C:\Program Files (x86)\IBM\WebSphere MQ\bin\amqmjps.dll
2011-12-19 18:51 - 2011-05-26 18:17 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\System:$WIMMOUNTDATA
AlternateDataStreams: C:\Windows\mod_frst.exe:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
AlternateDataStreams: C:\Users\manni\Downloads\AdwCleaner_4.200.exe:$CmdZnID
AlternateDataStreams: C:\Users\manni\Downloads\Defogger.exe:$CmdZnID
AlternateDataStreams: C:\Users\manni\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\manni\Downloads\Gmer-19357.exe:$CmdTcID
AlternateDataStreams: C:\Users\manni\Downloads\Gmer-19357.exe:$CmdZnID
AlternateDataStreams: C:\Users\manni\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\manni\Downloads\mbar-1.09.1.1004.exe:$CmdTcID
AlternateDataStreams: C:\Users\manni\Downloads\mbar-1.09.1.1004.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-748579090-2159190992-1044474020-1528\Control Panel\Desktop\\Wallpaper -> C:\Users\manni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.19.254.8 - 172.19.255.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
MSCONFIG\startupreg: HW_OPENEYE_OUC_Mobile Partner => "C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe"
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: McAfeeUpdaterUI => "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: PowerDVD12Agent => "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
MSCONFIG\startupreg: PowerDVD12DMREngine => "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: ShStatEXE => "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
MSCONFIG\startupreg: WekaUpdateCenter => C:\Program Files (x86)\Common Files\Weka\Update Manager\WekaUpdateManager.exe /autostart

==================== Accounts: =============================

Administrator (S-1-5-21-3210954253-528678137-795811057-500 - Administrator - Disabled)
Gast (S-1-5-21-3210954253-528678137-795811057-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3210954253-528678137-795811057-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
Percentage of memory in use: 32%
Total physical RAM: 8075.23 MB
Available physical RAM: 5491.03 MB
Total Pagefile: 16265.43 MB
Available Pagefile: 11888.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:117.19 GB) (Free:15.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive v: (SYSTEM) (Network) (Total:117.19 GB) (Free:15.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 21DD3534)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 31.03.2015, 12:35   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Standard

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
C:\ProgramData\vczcspay.tpu
C:\Users\manni\hsqlprefs.dat
EmptyTemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.03.2015, 13:01   #14
ManniLundgre
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Standard

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



Vielen lieben Dank schonmal für alles, was du bisher bereits für mich getan hast!!

Ich weiß es zu schätzen, glaub mir!

Hier das Ergebnis:

Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by manni at 2015-03-31 13:52:00 Run:1
Running from C:\Users\manni\Downloads
Loaded Profiles: UpdatusUser & manni (Available profiles: UpdatusUser & manni)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
C:\ProgramData\vczcspay.tpu
C:\Users\manni\hsqlprefs.dat
EmptyTemp:
*****************

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\ProgramData\vczcspay.tpu => Moved successfully.
C:\Users\manni\hsqlprefs.dat => Moved successfully.
EmptyTemp: => Removed 2.8 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 13:53:07 ====
         

Alt 31.03.2015, 13:03   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Standard

Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität
bildschirm, bluescreen 002000712100, computer, conhost.exe, cpu-last, fehlercode 22, fehlercode 28, fehlercode windows, festplatte, flash player, homepage, lightning, msiexec.exe, programm, prozesse, registry, software, svchost.exe, this device is disabled. (code 22), trojan.agent.ed, trojan.clicker.fms, trojan.fakems.ed, trojan.fakems.svsgen2



Ähnliche Themen: Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität


  1. Troj/AndroMem-B in C:\Windows\SysWOW64\msiexec.exe
    Plagegeister aller Art und deren Bekämpfung - 02.11.2015 (11)
  2. Nach USB-Stick: Avast meldet blockieren der Websites disorderstatus.ru und diferentia.ru; Prozess windows\SysWOW64\msiexec
    Log-Analyse und Auswertung - 14.09.2015 (13)
  3. Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere verdächtige Aktivitäten
    Log-Analyse und Auswertung - 19.07.2015 (19)
  4. Verdächtige aktivität nach aufruf einer Spam seite
    Plagegeister aller Art und deren Bekämpfung - 04.09.2014 (1)
  5. conhost.exe startet und beendet sich mehrfach alle paar Sekunden in der Prozessliste (win7-64bit)
    Plagegeister aller Art und deren Bekämpfung - 12.08.2014 (9)
  6. [3x Conhost?] Ständig laufen 3 Conhost.exe -Anwendungen
    Log-Analyse und Auswertung - 17.06.2014 (7)
  7. Pc installiert ungefragt zahlreiche äußerst fragwürdige Virenscanner
    Log-Analyse und Auswertung - 15.06.2014 (1)
  8. Lollipop und andere Viren entfernen- Windows8; 64bit
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (5)
  9. Windows 7: AV 3 verdächtige Funde
    Log-Analyse und Auswertung - 26.10.2013 (7)
  10. Windows 7 - Firefox 24.0 - Nach unbestimmter Zeit ohne Aktivität öffnen sich ungewollte Werbeseiten
    Log-Analyse und Auswertung - 09.10.2013 (3)
  11. Windows 7: u.A. Lange Bootzeit / Verdächtige Dateien im Ordner Windows/SysWOW64
    Log-Analyse und Auswertung - 23.09.2013 (21)
  12. c:\Windows\System32\conhost.exe erzeugt 99% GPU-Last
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (11)
  13. Hohe Arbeitsspeicherauslastung des Windows Installer (msiexec.exe) unter Win 8
    Log-Analyse und Auswertung - 17.11.2012 (1)
  14. conhost.exe in C:\Windows\Temp\ AUSLÖSER: KGB - Keylogger
    Log-Analyse und Auswertung - 22.08.2011 (10)
  15. conhost.exe in C:\Windows\Temp\ frisst Ressourcen (doppelt )
    Mülltonne - 21.08.2011 (0)
  16. btaskv.dll ... äußerst Merkwürdig
    Plagegeister aller Art und deren Bekämpfung - 28.03.2008 (13)
  17. Verdächtige EXE-Dateien in C:\Windows\Temp
    Log-Analyse und Auswertung - 17.07.2005 (6)

Zum Thema Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität - Guten Tag liebe Helfer, ich habe seit einigen Wochen verdächtige Aktivitäten folgender Dateien bemerkt: cmd.exe conhost.exe msiexec.exe Gelegentlich scheinen zufällige Anwendungen laut meinem proaktiven Schutz von Comodo die Rechte für - Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität...
Archiv
Du betrachtest: Windows 7 64bit SP1: cmd.exe, conhost.exe, msiexec.exe und andere: äußerst verdächtige Aktivität auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.