Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8; Maleware beseitigt, trotzdem läuft der PC nicht einwandfrei (https://www.trojaner-board.de/147464-windows-8-maleware-beseitigt-trotzdem-laeuft-pc-einwandfrei.html)

allexx 06.01.2014 21:09
Windows 8; Maleware beseitigt, trotzdem läuft der PC nicht einwandfrei
 
Hallo Zusammen,

letzten Monat habe ich einige Programme zur Säuberung durchgeführt. Wie z. B. Malewarebytes, ADWCleaner, Junkware Removetool, das Windowstool zum entf..., Antivirusprogramm von AVG durchgeführt. Nach den Funden wurden alle gelöscht oder blockiert. Letzte Woche hat sich auch noch ein sogenannter BitGuard eingeschlichen, der wurde auch beseitig.

Trotzdem flackert mein Browser, ab und zu öffnen sich Dateien, mein Antivirus schaltet sich selbstständig ab. Bei Facebook hat sich auch jemand einen Spaß erlaubt und über meinen Account anderen Leuten geschrieben. Nicht sehr schöne Dinge.

Habe mir jetzt noch zusätzlich die Comodo-Firewall free geholt. Diese meldet, dass eine ACEngSvr.exe eine geschützte Datei ändern will.

Der Defogger hat nicht gescannt. Die FRST64 wollte nicht starten, weil Windows es blockiert. gmer hatte da auch seine Probleme, heißt also ich hab keine Logfiles.

Ich weiß nicht genau ob das hier reingehört, aber: Meine IP beginnt mit 77.21... wenn ich ab und zu nach meinem Standort der IP suche, dann zeigt es mir Städte in ganz Deutschland an.
Zudem kommt noch, das die alle mit Max beginnen. Wie kann denn sowas sein??

schrauber 07.01.2014 09:23
Hi,

FRST einfach erlauben indem du auf mehr Informationen klickst, dann auf trotzdem ausführen.

allexx 07.01.2014 20:58
Hi schrauber,

danke für deine Antwort.

Hier einmal die defogger Logfile:

Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:21 on 06/01/2014 (Alexander)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST64 hatte trotzdem ein Problem und zwar sind die Logfiles leer.

Gmer hatte folgende Fehlermeldung:

C:\WINDOWS\system32\config\system: Der Prozess kann nicht auf die Dateien zugreifen, das sie von einem anderen Prozess verwendet wird.

Und das direkt nach einem Neustart.

Hi,

ich weiß nicht woran das gelegen hat, aber auf einmal hat es geklappt mit dem Gmer.
Trotz Internet und mein AVG war auch an:

Code:
GMER Logfile:

       
Code:

       
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-07 20:43:41
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000031 ST1000LM024_HN-M101MBB rev.2AR10001 931.51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ALEXAN~1\AppData\Local\Temp\fxldrpoc.sys


---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                         unknown MBR code

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [492:1016]                                                                                      fffff960009a74d0
Thread  C:\Windows\System32\SettingSyncHost.exe [1872:4296]                                                                           00007ffa1b464b30
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe [6264:7512]  00007ffa24fd80ac

---- EOF - GMER 2.1 ----

--- --- ---
Diese csrss.exe ist ja eigentlich eine Windows-Datei, es sei denn es liegt auf c:\windows.
Dann soll es angeblich ein E-Mail Wurm sein und zwar "netsky.AB"

Ich lass das mal alles so wie es ist, bis du dich meldest.
Ach Danke nochmal.

schrauber 08.01.2014 11:57
FRST schon mal neu geladen und nochmal versucht?

Wenn es nicht geht:

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

allexx 08.01.2014 19:45
Nach mehreren Versuchen hat FRST nur eine txt erstellt mit Daten.
Die Addition ist immer noch leer.

FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014
Ran by Alexander (administrator) on ASUS on 08-01-2014 19:18:51
Running from C:\Users\Alexander\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SynptSync64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
() C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications)
HKLM\...\Run: [SynAsusGestureAPIMgr] - C:\Program Files\Synaptics\SynTP\SynAsusGestureAPIMgr.exe [736568 2012-09-17] (Synaptics)
HKLM\...\Run: [AsusNewUI] - C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe [1367864 2012-09-17] ()
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-09-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [ROGNB] - C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-12-13] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2471448 2014-01-08] ()
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Power2GoExpress] - C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2646504 2012-05-14] (CyberLink Corp.)
HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Alexander\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=1fc2076157c747d39d30f54322b4007d-deb938a3927238d7a2affdc79dac21437613b9d5 /CMPID=1213b
AppInit_DLLs: c:\progra~2\nvidia~1\3dvisi~1\nvstin~1.dll [ ] ()
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1ABDD229DF0BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.5
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {D0235A4F-49C2-4EC8-A3B3-98AA6688A94F} URL =
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={D1614F35-87CB-48D9-A087-3987D6D2466C}&mid=1fc2076157c747d39d30f54322b4007d-deb938a3927238d7a2affdc79dac21437613b9d5&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-08 19:03:43&v=17.2.0.38&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={D1614F35-87CB-48D9-A087-3987D6D2466C}&mid=1fc2076157c747d39d30f54322b4007d-deb938a3927238d7a2affdc79dac21437613b9d5&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-08 19:03:43&v=17.2.0.38&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{91B1FCE1-ACC5-4D06-8229-9F23D9A2C41E}: [NameServer]156.154.70.25,156.154.71.25
Tcpip\..\Interfaces\{EFC2072A-5563-40A3-AC41-CA36EE7E67D8}: [NameServer]156.154.70.25,156.154.71.25

Chrome:
=======
CHR HomePage: hxxp://mysearch.avg.com?cid={D1614F35-87CB-48D9-A087-3987D6D2466C}&mid=1fc2076157c747d39d30f54322b4007d-deb938a3927238d7a2affdc79dac21437613b9d5&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-08 19:03:43&v=17.2.0.38&pid=safeguard&sg=&sap=hp
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchProvider: AVG Secure Search
CHR DefaultSearchURL: hxxp://mysearch.avg.com/search?cid={D1614F35-87CB-48D9-A087-3987D6D2466C}&mid=1fc2076157c747d39d30f54322b4007d-deb938a3927238d7a2affdc79dac21437613b9d5&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-08 19:03:43&v=17.2.0.38&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Extension: (Google Drive) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (AVG SafeGuard) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0
CHR Extension: (Google Wallet) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.2.0.38\avg.crx

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-12-13] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2098880 2013-11-11] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-12-13] (Comodo Security Solutions, Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2014-01-08] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [46368 2014-01-08] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2013-05-07] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [715824 2013-11-14] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [38072 2013-09-24] (COMODO)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2013-10-07] ()
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [118400 2013-09-24] (COMODO)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-17] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-07] (Microsoft Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 fxldrpoc; \??\C:\Users\ALEXAN~1\AppData\Local\Temp\fxldrpoc.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-08 19:18 - 2014-01-08 19:18 - 00000000 _____ C:\Users\Alexander\Desktop\Addition.txt
2014-01-08 19:12 - 2014-01-08 19:19 - 00021803 _____ C:\Users\Alexander\Desktop\FRST.txt
2014-01-08 19:12 - 2014-01-08 19:12 - 01932624 _____ (Farbar) C:\Users\Alexander\Desktop\FRST64.exe
2014-01-08 19:10 - 2014-01-08 19:10 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander\Downloads\OTL.exe
2014-01-08 19:03 - 2014-01-08 19:03 - 00046368 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-01-08 19:03 - 2014-01-08 19:03 - 00000000 ____D C:\Users\Alexander\AppData\Local\AVG SafeGuard toolbar
2014-01-08 19:03 - 2014-01-08 19:03 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2014-01-08 19:03 - 2014-01-08 19:03 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2014-01-08 19:03 - 2014-01-08 19:03 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2014-01-08 19:01 - 2014-01-08 19:05 - 00021917 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-08 19:01 - 2014-01-08 19:01 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-08 19:01 - 2014-01-08 19:01 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-07 20:43 - 2014-01-07 20:43 - 00000981 _____ C:\Users\Alexander\Desktop\rootkit.log
2014-01-07 20:32 - 2014-01-07 20:32 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-07 19:33 - 2014-01-07 19:33 - 00000000 ____D C:\FRST
2014-01-06 21:49 - 2014-01-07 19:56 - 00250314 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2014-01-06 21:49 - 2014-01-06 21:49 - 00000000 ___HD C:\VTRoot
2014-01-06 20:40 - 2014-01-06 20:40 - 00007774 _____ C:\Users\Alexander\Downloads\gmer.zip
2014-01-06 20:25 - 2014-01-06 20:25 - 00377856 _____ C:\Users\Alexander\Desktop\gmer_2.1.19163.exe
2014-01-06 20:21 - 2014-01-06 20:21 - 00000480 _____ C:\Users\Alexander\Desktop\defogger_disable.log
2014-01-06 20:21 - 2014-01-06 20:21 - 00000000 _____ C:\Users\Alexander\defogger_reenable
2014-01-06 20:19 - 2014-01-06 20:19 - 00050477 _____ C:\Users\Alexander\Desktop\Defogger.exe
2014-01-06 19:19 - 2014-01-06 19:19 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\SysWOW64\certsentry.dll
2014-01-06 19:19 - 2014-01-06 19:19 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2014-01-06 19:19 - 2014-01-06 19:19 - 00000000 ____D C:\first_launch
2014-01-06 19:18 - 2014-01-06 19:18 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2014-01-06 19:18 - 2014-01-06 19:18 - 00003028 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2014-01-06 19:17 - 2014-01-06 19:19 - 00057096 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2014-01-06 19:17 - 2014-01-06 19:18 - 00000000 ___SD C:\ProgramData\Shared Space
2014-01-06 19:17 - 2014-01-06 19:18 - 00000000 ____D C:\ProgramData\COMODO
2014-01-06 19:17 - 2014-01-06 19:18 - 00000000 ____D C:\Program Files (x86)\Comodo
2014-01-06 19:17 - 2014-01-06 19:17 - 00000000 ____D C:\Users\Alexander\AppData\Local\Comodo
2014-01-06 19:17 - 2014-01-06 19:17 - 00000000 ____D C:\Program Files\COMODO
2014-01-06 19:16 - 2014-01-06 19:16 - 00000000 ____D C:\ProgramData\Comodo Downloader
2014-01-06 19:10 - 2014-01-06 19:10 - 03466248 _____ (TrueCrypt Foundation) C:\Users\Alexander\Downloads\TrueCrypt_Datenverschlüsselung.exe
2014-01-06 19:09 - 2014-01-06 19:10 - 214262072 _____ (COMODO) C:\Users\Alexander\Downloads\comodo firewall.exe
2014-01-05 19:11 - 2014-01-05 21:45 - 00000000 ____D C:\Users\Alexander\AppData\Local\Vidalia
2014-01-04 23:26 - 2014-01-04 23:26 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\FreeHideIP
2014-01-04 23:26 - 2014-01-04 23:26 - 00000000 ____D C:\ProgramData\FreeHideIP
2014-01-04 23:01 - 2014-01-08 19:05 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4FE5FCCA-9B26-4D71-B09A-491188DDEDCB}
2014-01-04 22:48 - 2014-01-04 22:48 - 00000000 ____D C:\WINDOWS\SysWOW64\SearchProtect
2014-01-04 22:47 - 2014-01-04 23:01 - 00000000 ____D C:\Users\Alexander\AppData\Local\Conduit
2014-01-04 22:47 - 2014-01-04 22:47 - 00000009 _____ C:\END
2014-01-04 22:47 - 2014-01-04 22:47 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\SearchProtect
2014-01-04 22:47 - 2014-01-04 22:47 - 00000000 ____D C:\ProgramData\Conduit
2014-01-04 22:47 - 2014-01-04 22:47 - 00000000 ____D C:\Program Files (x86)\Conduit
2014-01-04 22:13 - 2014-01-04 22:13 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-04 20:40 - 2014-01-04 20:40 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\AVG2014
2014-01-04 20:39 - 2014-01-04 20:40 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-04 20:39 - 2014-01-04 20:39 - 00000000 ___HD C:\$AVG
2014-01-04 20:39 - 2014-01-04 20:39 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-04 20:35 - 2014-01-04 21:40 - 00000000 ____D C:\Users\Alexander\AppData\Local\Avg2014
2014-01-04 20:21 - 2014-01-04 20:28 - 137189352 _____ (AVG Technologies) C:\Users\Alexander\Downloads\avg_free_x86_all_2014_4259a6848.exe
2014-01-02 13:27 - 2014-01-02 13:38 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Audacity
2013-12-27 14:18 - 2014-01-04 20:29 - 00000000 ____D C:\Program Files\office.tmp
2013-12-27 13:51 - 2013-12-27 14:10 - 00000000 ____D C:\Users\Alexander\Documents\Cubase AI Projects
2013-12-27 13:50 - 2013-12-27 13:50 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\VST3 Presets
2013-12-27 13:47 - 2013-12-27 13:47 - 00000000 ____D C:\Users\Alexander\AppData\Local\eLicenser
2013-12-26 17:47 - 2013-12-27 13:50 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Steinberg
2013-12-26 17:47 - 2013-12-26 17:47 - 00000000 ____D C:\ProgramData\Steinberg
2013-12-26 17:45 - 2013-12-26 17:45 - 00002892 _____ () C:\WINDOWS\SysWOW64\audcon.sys
2013-12-26 17:45 - 2013-12-26 17:45 - 00000000 ____D C:\ProgramData\Syncrosoft
2013-12-26 17:44 - 2013-12-27 14:23 - 00000000 ____D C:\ProgramData\eLicenser
2013-12-26 17:44 - 2013-12-27 13:47 - 00000051 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg
2013-12-26 17:44 - 2009-09-17 16:20 - 01695232 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\system32\synsoacc.dll
2013-12-26 17:44 - 2009-09-17 16:20 - 01261568 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\SysWOW64\SYNSOACC.dll
2013-12-26 17:44 - 2009-05-19 15:21 - 00086016 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe
2013-12-26 17:44 - 2006-01-29 10:48 - 00147425 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Aide.chm
2013-12-26 17:44 - 2006-01-29 10:48 - 00147425 _____ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2013-12-26 17:44 - 2006-01-29 10:48 - 00120468 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Hilfe.chm
2013-12-26 17:44 - 2006-01-29 10:48 - 00120468 _____ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2013-12-26 17:44 - 2006-01-29 10:48 - 00114279 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Help.chm
2013-12-26 17:44 - 2006-01-29 10:48 - 00114279 _____ C:\WINDOWS\system32\SYNSOACC-Help.chm
2013-12-26 16:00 - 2013-12-26 16:00 - 00000000 ____D C:\Users\Alexander\Documents\MAGIX_Music_Maker_17_Silver
2013-12-26 15:25 - 2013-12-26 15:25 - 00000000 ____D C:\Users\Alexander\Documents\MAGIX
2013-12-26 15:24 - 2013-12-26 15:59 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\MAGIX
2013-12-26 15:18 - 2013-12-27 15:57 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Music_Maker_MX
2013-12-26 15:17 - 2013-12-26 16:02 - 00000000 ____D C:\Program Files (x86)\MAGIX
2013-12-26 15:17 - 2013-12-26 15:59 - 00000000 ____D C:\ProgramData\MAGIX
2013-12-26 15:17 - 2013-12-26 15:17 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-12-24 15:40 - 2013-12-24 15:40 - 00005107 _____ C:\Users\Alexander\AppData\Local\recently-used.xbel
2013-12-24 11:58 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BJCE.DLL
2013-12-24 11:58 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2013-12-24 11:53 - 2013-12-24 11:53 - 00000000 _____ C:\Users\Alexander\Sti_Trace.log
2013-12-22 14:12 - 2013-12-22 14:12 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\OpenOffice
2013-12-21 21:43 - 2013-12-21 21:43 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-21 21:35 - 2013-12-21 21:41 - 163606685 _____ C:\Users\Alexander\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-12-20 21:29 - 2013-12-22 15:31 - 00000000 ____D C:\Tools
2013-12-20 21:11 - 2013-12-20 21:11 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-20 20:44 - 2013-12-20 20:44 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-12-20 20:43 - 2013-12-20 21:31 - 00000000 ____D C:\AdwCleaner
2013-12-20 20:36 - 2013-12-20 20:36 - 00001185 _____ C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
2013-12-20 20:27 - 2013-12-20 20:27 - 00002780 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2013-12-20 20:27 - 2013-12-20 20:27 - 00000000 ____D C:\Program Files\CCleaner
2013-12-20 20:26 - 2013-12-20 20:26 - 03541544 _____ (Piriform Ltd) C:\Users\Alexander\Downloads\CCleaner.exe
2013-12-20 20:17 - 2013-12-20 20:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Alexander\Downloads\Malewarebytes.exe
2013-12-20 20:10 - 2013-12-26 00:18 - 00000000 ____D C:\Program Files (x86)\iCare Card Recovery Free
2013-12-20 20:09 - 2013-12-20 20:09 - 03774938 _____ (iCare Software                                              ) C:\Users\Alexander\Downloads\icare card recovery.exe
2013-12-20 20:01 - 2013-12-20 20:01 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2013-12-20 20:01 - 2013-12-20 20:01 - 00000000 ____D C:\Program Files (x86)\Convar
2013-12-16 17:42 - 2013-12-16 17:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-12-14 12:28 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-14 12:28 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-14 12:28 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-14 12:28 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-14 12:28 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-14 12:28 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-14 12:28 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-14 12:28 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-14 12:28 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-14 12:28 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-14 12:28 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-14 12:28 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-14 12:28 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-14 12:28 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-14 12:28 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-14 12:28 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-14 12:28 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-14 12:28 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-14 12:28 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-14 12:28 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-14 12:28 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-14 12:28 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-14 12:28 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-14 12:28 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-14 12:28 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-14 12:28 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-14 12:28 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-14 12:28 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-14 12:28 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-14 12:28 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-14 12:28 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-14 12:28 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-14 12:28 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-14 12:28 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-14 12:28 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-14 12:28 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-14 12:28 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-14 12:28 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-14 12:28 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-14 12:28 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-14 12:28 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-14 12:28 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-14 12:27 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 12:27 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 12:27 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-14 12:27 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-14 12:27 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-12 20:54 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-12 20:54 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-12 20:35 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-12 20:34 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-12 20:29 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-12 20:29 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-12 20:28 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-12 19:16 - 2014-01-06 19:38 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-12 18:00 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-12 18:00 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-12 18:00 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-12 18:00 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-12 18:00 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-12 18:00 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-12 18:00 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-12 17:59 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-12 17:59 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-12 17:59 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-12 17:59 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-12 17:59 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-12 17:59 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-12 17:59 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-12 17:59 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-12 17:59 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-12 17:59 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-12 17:59 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-12 17:59 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-12 17:59 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-12 17:59 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-12 17:59 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-10 18:46 - 2013-12-10 18:46 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Malwarebytes
2013-12-10 18:45 - 2013-12-20 20:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-10 18:45 - 2013-12-10 18:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-10 18:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-10 18:04 - 2013-12-10 18:04 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\TuneUp Software
2013-12-10 18:02 - 2014-01-08 19:06 - 00000000 ____D C:\ProgramData\MFAData
2013-12-10 18:02 - 2013-12-10 18:02 - 00000000 ____D C:\Users\Alexander\AppData\Local\MFAData

==================== One Month Modified Files and Folders =======

2014-01-08 19:19 - 2014-01-08 19:12 - 00021803 _____ C:\Users\Alexander\Desktop\FRST.txt
2014-01-08 19:18 - 2014-01-08 19:18 - 00000000 _____ C:\Users\Alexander\Desktop\Addition.txt
2014-01-08 19:14 - 2013-09-11 17:41 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-782853324-163606255-2445155786-1002
2014-01-08 19:12 - 2014-01-08 19:12 - 01932624 _____ (Farbar) C:\Users\Alexander\Desktop\FRST64.exe
2014-01-08 19:11 - 2013-12-07 15:02 - 00000000 ____D C:\Papierkorb
2014-01-08 19:10 - 2014-01-08 19:10 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander\Downloads\OTL.exe
2014-01-08 19:09 - 2013-09-11 17:54 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-08 19:09 - 2013-09-11 17:54 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-08 19:06 - 2013-12-10 18:02 - 00000000 ____D C:\ProgramData\MFAData
2014-01-08 19:05 - 2014-01-08 19:01 - 00021917 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-08 19:05 - 2014-01-04 23:01 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4FE5FCCA-9B26-4D71-B09A-491188DDEDCB}
2014-01-08 19:03 - 2014-01-08 19:03 - 00046368 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-01-08 19:03 - 2014-01-08 19:03 - 00000000 ____D C:\Users\Alexander\AppData\Local\AVG SafeGuard toolbar
2014-01-08 19:03 - 2014-01-08 19:03 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2014-01-08 19:03 - 2014-01-08 19:03 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2014-01-08 19:03 - 2014-01-08 19:03 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2014-01-08 19:02 - 2013-09-11 17:34 - 00000401 _____ C:\Users\Alexander\AppData\Roaming\sp_data.sys
2014-01-08 19:01 - 2014-01-08 19:01 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-08 19:01 - 2014-01-08 19:01 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-08 19:01 - 2013-12-07 00:38 - 00000000 __RDO C:\Users\Alexander\SkyDrive
2014-01-08 19:01 - 2013-09-12 20:30 - 00163328 ___SH C:\Users\Alexander\Desktop\Thumbs.db
2014-01-08 19:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-07 20:43 - 2014-01-07 20:43 - 00000981 _____ C:\Users\Alexander\Desktop\rootkit.log
2014-01-07 20:32 - 2014-01-07 20:32 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-07 19:57 - 2013-12-07 00:09 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-07 19:57 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-07 19:56 - 2014-01-06 21:49 - 00250314 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2014-01-07 19:56 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-07 19:33 - 2014-01-07 19:33 - 00000000 ____D C:\FRST
2014-01-07 19:05 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-06 21:49 - 2014-01-06 21:49 - 00000000 ___HD C:\VTRoot
2014-01-06 20:40 - 2014-01-06 20:40 - 00007774 _____ C:\Users\Alexander\Downloads\gmer.zip
2014-01-06 20:25 - 2014-01-06 20:25 - 00377856 _____ C:\Users\Alexander\Desktop\gmer_2.1.19163.exe
2014-01-06 20:21 - 2014-01-06 20:21 - 00000480 _____ C:\Users\Alexander\Desktop\defogger_disable.log
2014-01-06 20:21 - 2014-01-06 20:21 - 00000000 _____ C:\Users\Alexander\defogger_reenable
2014-01-06 20:21 - 2013-12-07 00:15 - 00000000 ____D C:\Users\Alexander
2014-01-06 20:19 - 2014-01-06 20:19 - 00050477 _____ C:\Users\Alexander\Desktop\Defogger.exe
2014-01-06 19:38 - 2013-12-12 19:16 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-06 19:19 - 2014-01-06 19:19 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\SysWOW64\certsentry.dll
2014-01-06 19:19 - 2014-01-06 19:19 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2014-01-06 19:19 - 2014-01-06 19:19 - 00000000 ____D C:\first_launch
2014-01-06 19:19 - 2014-01-06 19:17 - 00057096 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2014-01-06 19:18 - 2014-01-06 19:18 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2014-01-06 19:18 - 2014-01-06 19:18 - 00003028 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2014-01-06 19:18 - 2014-01-06 19:17 - 00000000 ___SD C:\ProgramData\Shared Space
2014-01-06 19:18 - 2014-01-06 19:17 - 00000000 ____D C:\ProgramData\COMODO
2014-01-06 19:18 - 2014-01-06 19:17 - 00000000 ____D C:\Program Files (x86)\Comodo
2014-01-06 19:18 - 2012-07-26 06:37 - 00000000 ____D C:\Users\Default.migrated
2014-01-06 19:17 - 2014-01-06 19:17 - 00000000 ____D C:\Users\Alexander\AppData\Local\Comodo
2014-01-06 19:17 - 2014-01-06 19:17 - 00000000 ____D C:\Program Files\COMODO
2014-01-06 19:16 - 2014-01-06 19:16 - 00000000 ____D C:\ProgramData\Comodo Downloader
2014-01-06 19:10 - 2014-01-06 19:10 - 03466248 _____ (TrueCrypt Foundation) C:\Users\Alexander\Downloads\TrueCrypt_Datenverschlüsselung.exe
2014-01-06 19:10 - 2014-01-06 19:09 - 214262072 _____ (COMODO) C:\Users\Alexander\Downloads\comodo firewall.exe
2014-01-05 21:45 - 2014-01-05 19:11 - 00000000 ____D C:\Users\Alexander\AppData\Local\Vidalia
2014-01-04 23:26 - 2014-01-04 23:26 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\FreeHideIP
2014-01-04 23:26 - 2014-01-04 23:26 - 00000000 ____D C:\ProgramData\FreeHideIP
2014-01-04 23:01 - 2014-01-04 22:47 - 00000000 ____D C:\Users\Alexander\AppData\Local\Conduit
2014-01-04 22:48 - 2014-01-04 22:48 - 00000000 ____D C:\WINDOWS\SysWOW64\SearchProtect
2014-01-04 22:47 - 2014-01-04 22:47 - 00000009 _____ C:\END
2014-01-04 22:47 - 2014-01-04 22:47 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\SearchProtect
2014-01-04 22:47 - 2014-01-04 22:47 - 00000000 ____D C:\ProgramData\Conduit
2014-01-04 22:47 - 2014-01-04 22:47 - 00000000 ____D C:\Program Files (x86)\Conduit
2014-01-04 22:13 - 2014-01-04 22:13 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-04 21:40 - 2014-01-04 20:35 - 00000000 ____D C:\Users\Alexander\AppData\Local\Avg2014
2014-01-04 20:43 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-04 20:40 - 2014-01-04 20:40 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\AVG2014
2014-01-04 20:40 - 2014-01-04 20:39 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-04 20:39 - 2014-01-04 20:39 - 00000000 ___HD C:\$AVG
2014-01-04 20:39 - 2014-01-04 20:39 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-04 20:39 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2014-01-04 20:36 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-04 20:36 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-04 20:36 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-04 20:29 - 2013-12-27 14:18 - 00000000 ____D C:\Program Files\office.tmp
2014-01-04 20:29 - 2013-08-22 15:44 - 00573264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-04 20:28 - 2014-01-04 20:21 - 137189352 _____ (AVG Technologies) C:\Users\Alexander\Downloads\avg_free_x86_all_2014_4259a6848.exe
2014-01-04 20:15 - 2013-09-11 18:04 - 00000000 ____D C:\ProgramData\Ashampoo
2014-01-02 13:38 - 2014-01-02 13:27 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Audacity
2013-12-27 15:57 - 2013-12-26 15:18 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Music_Maker_MX
2013-12-27 14:23 - 2013-12-26 17:44 - 00000000 ____D C:\ProgramData\eLicenser
2013-12-27 14:20 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2013-12-27 14:20 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2013-12-27 14:10 - 2013-12-27 13:51 - 00000000 ____D C:\Users\Alexander\Documents\Cubase AI Projects
2013-12-27 13:50 - 2013-12-27 13:50 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\VST3 Presets
2013-12-27 13:50 - 2013-12-26 17:47 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Steinberg
2013-12-27 13:47 - 2013-12-27 13:47 - 00000000 ____D C:\Users\Alexander\AppData\Local\eLicenser
2013-12-27 13:47 - 2013-12-26 17:44 - 00000051 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg
2013-12-26 18:59 - 2013-09-11 17:31 - 00000000 ____D C:\Users\Alexander\AppData\Local\Packages
2013-12-26 17:47 - 2013-12-26 17:47 - 00000000 ____D C:\ProgramData\Steinberg
2013-12-26 17:45 - 2013-12-26 17:45 - 00002892 _____ () C:\WINDOWS\SysWOW64\audcon.sys
2013-12-26 17:45 - 2013-12-26 17:45 - 00000000 ____D C:\ProgramData\Syncrosoft
2013-12-26 16:02 - 2013-12-26 15:17 - 00000000 ____D C:\Program Files (x86)\MAGIX
2013-12-26 16:00 - 2013-12-26 16:00 - 00000000 ____D C:\Users\Alexander\Documents\MAGIX_Music_Maker_17_Silver
2013-12-26 15:59 - 2013-12-26 15:24 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\MAGIX
2013-12-26 15:59 - 2013-12-26 15:17 - 00000000 ____D C:\ProgramData\MAGIX
2013-12-26 15:25 - 2013-12-26 15:25 - 00000000 ____D C:\Users\Alexander\Documents\MAGIX
2013-12-26 15:17 - 2013-12-26 15:17 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-12-26 15:17 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2013-12-26 00:18 - 2013-12-20 20:10 - 00000000 ____D C:\Program Files (x86)\iCare Card Recovery Free
2013-12-24 15:57 - 2013-12-08 18:45 - 00000000 ____D C:\Users\Alexander\.gimp-2.8
2013-12-24 15:40 - 2013-12-24 15:40 - 00005107 _____ C:\Users\Alexander\AppData\Local\recently-used.xbel
2013-12-24 15:40 - 2013-12-08 18:53 - 00000000 ____D C:\Users\Alexander\AppData\Local\gtk-2.0
2013-12-24 11:57 - 2013-11-16 17:05 - 00000000 ____D C:\Program Files (x86)\Epson Software
2013-12-24 11:53 - 2013-12-24 11:53 - 00000000 _____ C:\Users\Alexander\Sti_Trace.log
2013-12-22 15:31 - 2013-12-20 21:29 - 00000000 ____D C:\Tools
2013-12-22 14:12 - 2013-12-22 14:12 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\OpenOffice
2013-12-21 21:43 - 2013-12-21 21:43 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-21 21:41 - 2013-12-21 21:35 - 163606685 _____ C:\Users\Alexander\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-12-21 15:01 - 2013-09-11 17:32 - 00000000 ____D C:\Users\Alexander\AppData\Local\VirtualStore
2013-12-21 00:15 - 2013-12-07 00:04 - 00000000 ___DC C:\WINDOWS\Panther
2013-12-21 00:15 - 2013-09-14 12:55 - 00000000 ____D C:\Users\Alexander\AppData\Local\CrashDumps
2013-12-20 21:31 - 2013-12-20 20:43 - 00000000 ____D C:\AdwCleaner
2013-12-20 21:11 - 2013-12-20 21:11 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-20 20:44 - 2013-12-20 20:44 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-12-20 20:36 - 2013-12-20 20:36 - 00001185 _____ C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
2013-12-20 20:27 - 2013-12-20 20:27 - 00002780 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2013-12-20 20:27 - 2013-12-20 20:27 - 00000000 ____D C:\Program Files\CCleaner
2013-12-20 20:26 - 2013-12-20 20:26 - 03541544 _____ (Piriform Ltd) C:\Users\Alexander\Downloads\CCleaner.exe
2013-12-20 20:18 - 2013-12-10 18:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-20 20:17 - 2013-12-20 20:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Alexander\Downloads\Malewarebytes.exe
2013-12-20 20:09 - 2013-12-20 20:09 - 03774938 _____ (iCare Software                                              ) C:\Users\Alexander\Downloads\icare card recovery.exe
2013-12-20 20:01 - 2013-12-20 20:01 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2013-12-20 20:01 - 2013-12-20 20:01 - 00000000 ____D C:\Program Files (x86)\Convar
2013-12-18 20:00 - 2013-09-11 17:54 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-18 19:35 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-16 17:42 - 2013-12-16 17:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-12-15 12:25 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-15 12:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-15 12:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-15 12:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-15 12:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-14 12:52 - 2013-09-12 19:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-11 19:04 - 2013-09-11 17:54 - 00004096 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-11 19:04 - 2013-09-11 17:54 - 00003860 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-10 18:46 - 2013-12-10 18:46 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Malwarebytes
2013-12-10 18:45 - 2013-12-10 18:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-10 18:04 - 2013-12-10 18:04 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\TuneUp Software
2013-12-10 18:02 - 2013-12-10 18:02 - 00000000 ____D C:\Users\Alexander\AppData\Local\MFAData

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-07 21:13

==================== End Of Log ============================
--- --- ---


OTL

OTL Logfile:
Code:
OTL logfile created on: 08.01.2014 19:22:37 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Alexander\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,67 Gb Available Physical Memory | 71,31% Memory free
9,20 Gb Paging File | 5,75 Gb Available in Paging File | 62,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372,26 Gb Total Space | 320,19 Gb Free Space | 86,01% Space Free | Partition Type: NTFS
Drive D: | 537,60 Gb Total Space | 536,77 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive E: | 29,71 Gb Total Space | 29,71 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: ASUS | User Name: Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alexander\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe ()
PRC - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - c:\program files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll ()
MOD - c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
MOD - c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll ()
MOD - c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll ()
MOD - c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)
SRV - (vToolbarUpdater17.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (GeekBuddyRSP) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (CLPSLauncher) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions, Inc.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (cmdvirth) -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe (COMODO)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (Asus WebStorage Windows Service) -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Qualcomm Atheros Commnucations)
SRV - (ZAtheros Bt and Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)
SRV - (FanChkService) -- C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe (ASUSTek Computer Inc.)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgwfpa) -- C:\Windows\SysNative\drivers\avgwfpa.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (HIDSwitch) -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys (ASUS)
DRV:64bit: - (HMD) -- C:\Windows\SysNative\drivers\hmd.sys ()
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Avgboota) -- C:\Windows\SysNative\drivers\avgboota.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (CFRMD) -- C:\Windows\SysNative\drivers\CFRMD.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D0235A4F-49C2-4EC8-A3B3-98AA6688A94F}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A BD D2 29 DF 0B CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://mysearch.avg.com/search?cid={D1614F35-87CB-48D9-A087-3987D6D2466C}&mid=1fc2076157c747d39d30f54322b4007d-deb938a3927238d7a2affdc79dac21437613b9d5&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-08 19:03:43&v=17.2.0.38&pid=safeguard&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38 [2014.01.08 19:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
 
[2013.09.11 21:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://mysearch.avg.com?cid={D1614F35-87CB-48D9-A087-3987D6D2466C}&mid=1fc2076157c747d39d30f54322b4007d-deb938a3927238d7a2affdc79dac21437613b9d5&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-08 19:03:43&v=17.2.0.38&pid=safeguard&sg=&sap=hp
CHR - plugin: Shockwave Flash (Enabled) = c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: Google Drive = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: AVG SafeGuard = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\
CHR - Extension: Google Wallet = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Mail = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.08.22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [AsusNewUI] C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe ()
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusGestureAPIMgr] C:\Programme\Synaptics\SynTP\SynAsusGestureAPIMgr.exe (Synaptics)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROGNB] C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe ()
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\Alexander\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=1fc2076157c747d39d30f54322b4007d-deb938a3927238d7a2affdc79dac21437613b9d5 /CMPID=1213b File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-600 Series" File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-600 Series" File not found
O4 - HKCU..\Run: [Power2GoExpress] C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91B1FCE1-ACC5-4D06-8229-9F23D9A2C41E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91B1FCE1-ACC5-4D06-8229-9F23D9A2C41E}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFC2072A-5563-40A3-AC41-CA36EE7E67D8}: NameServer = 156.154.70.25,156.154.71.25
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - AppInit_DLLs: (c:\progra~2\nvidia~1\3dvisi~1\nvstin~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.01.08 19:12:00 | 001,932,624 | ---- | C] (Farbar) -- C:\Users\Alexander\Desktop\FRST64.exe
[2014.01.08 19:10:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2014.01.08 19:03:54 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\AVG SafeGuard toolbar
[2014.01.08 19:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2014.01.08 19:03:41 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\WINDOWS\SysNative\drivers\avgtpx64.sys
[2014.01.08 19:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2014.01.08 19:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2014.01.08 19:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2014.01.07 20:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014.01.07 19:33:27 | 000,000,000 | ---D | C] -- C:\FRST
[2014.01.06 21:49:03 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2014.01.06 19:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COMODO
[2014.01.06 19:19:06 | 000,000,000 | ---D | C] -- C:\first_launch
[2014.01.06 19:19:04 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\SysWow64\certsentry.dll
[2014.01.06 19:18:25 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfc71.dll
[2014.01.06 19:17:49 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2014.01.06 19:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2014.01.06 19:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2014.01.06 19:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2014.01.06 19:17:15 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Comodo
[2014.01.06 19:17:11 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\SysNative\certsentry.dll
[2014.01.06 19:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2014.01.06 19:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2014.01.05 19:11:13 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Vidalia
[2014.01.04 23:26:38 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\FreeHideIP
[2014.01.04 23:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeHideIP
[2014.01.04 22:48:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\SearchProtect
[2014.01.04 22:47:21 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\SearchProtect
[2014.01.04 22:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2014.01.04 22:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2014.01.04 22:47:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Conduit
[2014.01.04 22:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle
[2014.01.04 22:13:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014.01.04 20:40:23 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\AVG2014
[2014.01.04 20:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014.01.04 20:39:22 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014.01.04 20:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014.01.04 20:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014.01.04 20:35:59 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Avg2014
[2014.01.02 13:27:39 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Audacity
[2013.12.27 13:51:10 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Cubase AI Projects
[2013.12.27 13:50:24 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\VST3 Presets
[2013.12.27 13:47:24 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\eLicenser
[2013.12.26 17:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg
[2013.12.26 17:47:02 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Steinberg
[2013.12.26 17:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Syncrosoft
[2013.12.26 17:44:12 | 001,695,232 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\WINDOWS\SysNative\synsoacc.dll
[2013.12.26 17:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\eLicenser
[2013.12.26 17:44:07 | 001,261,568 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\WINDOWS\SysWow64\SYNSOACC.dll
[2013.12.26 16:00:03 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\MAGIX_Music_Maker_17_Silver
[2013.12.26 15:25:28 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\MAGIX Downloads
[2013.12.26 15:25:27 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\MAGIX
[2013.12.26 15:24:42 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\MAGIX
[2013.12.26 15:18:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Music_Maker_MX
[2013.12.26 15:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2013.12.26 15:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2013.12.26 15:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.12.26 15:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2013.12.26 15:17:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2013.12.24 11:58:19 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\SysNative\E_GCINST.DLL
[2013.12.24 11:58:15 | 000,083,968 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\SysNative\E_ID4BJCE.DLL
[2013.12.22 14:12:28 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\OpenOffice
[2013.12.21 21:43:59 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2013.12.21 21:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2013.12.20 21:29:06 | 000,000,000 | ---D | C] -- C:\Tools
[2013.12.20 21:11:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.12.20 20:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.12.20 20:43:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.12.20 20:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.12.20 20:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCare Card Recovery Free
[2013.12.20 20:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iCare Card Recovery Free
[2013.12.20 20:01:50 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2013.12.20 20:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convar
[2013.12.18 20:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.12.14 12:28:30 | 002,570,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2013.12.14 12:28:29 | 007,399,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2013.12.14 12:28:25 | 013,177,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013.12.14 12:28:24 | 000,358,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
[2013.12.14 12:28:23 | 000,637,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2013.12.14 12:28:21 | 011,674,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013.12.14 12:28:20 | 000,372,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2013.12.14 12:28:19 | 000,840,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2013.12.14 12:28:18 | 002,896,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2013.12.14 12:28:18 | 000,747,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidcli.dll
[2013.12.14 12:28:18 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2013.12.14 12:28:17 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2013.12.14 12:28:17 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2013.12.14 12:28:14 | 001,756,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPDMC.exe
[2013.12.14 12:28:14 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2013.12.14 12:28:14 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
[2013.12.14 12:28:14 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2013.12.14 12:28:13 | 001,345,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2013.12.14 12:28:12 | 001,642,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2013.12.14 12:28:12 | 001,476,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2013.12.14 12:28:09 | 001,506,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2013.12.14 12:28:08 | 002,266,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2013.12.14 12:28:08 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2013.12.14 12:28:08 | 000,086,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2013.12.14 12:28:07 | 001,391,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPDMC.exe
[2013.12.14 12:28:07 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2013.12.14 12:28:06 | 000,922,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2013.12.14 12:28:06 | 000,146,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\SerCx2.sys
[2013.12.14 12:28:05 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2013.12.14 12:28:05 | 000,039,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys
[2013.12.14 12:28:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
[2013.12.14 12:28:04 | 002,140,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2013.12.14 12:28:04 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
[2013.12.14 12:28:03 | 001,765,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2013.12.14 12:28:02 | 001,843,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2013.12.14 12:28:02 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2013.12.14 12:28:02 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcli.dll
[2013.12.14 12:28:02 | 000,516,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2013.12.14 12:28:01 | 000,382,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2013.12.14 12:28:00 | 001,302,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2013.12.14 12:27:59 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013.12.14 12:27:59 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013.12.14 12:27:58 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2013.12.14 12:27:58 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
[2013.12.14 12:27:57 | 001,765,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2013.12.12 20:54:13 | 000,393,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll
[2013.12.12 20:54:13 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll
[2013.12.12 20:35:01 | 004,105,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2013.12.12 20:34:09 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2013.12.12 20:29:18 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
[2013.12.12 20:29:12 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2013.12.12 20:28:56 | 000,240,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
[2013.12.12 19:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.12.12 18:00:44 | 000,075,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imagehlp.dll
[2013.12.12 18:00:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scrrun.dll
[2013.12.12 18:00:42 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scrrun.dll
[2013.12.12 18:00:08 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013.12.12 17:59:12 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2013.12.12 17:59:11 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2013.12.12 17:59:11 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2013.12.12 17:59:11 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2013.12.12 17:59:11 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013.12.10 18:46:12 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2013.12.10 18:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.12.10 18:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.12.10 18:45:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2013.12.10 18:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.12.10 18:04:38 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\TuneUp Software
[2013.12.10 18:02:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.12.10 18:02:01 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\MFAData
[2013.12.10 18:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.01.08 19:12:07 | 001,932,624 | ---- | M] (Farbar) -- C:\Users\Alexander\Desktop\FRST64.exe
[2014.01.08 19:10:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2014.01.08 19:09:54 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.01.08 19:09:00 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.08 19:03:19 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\WINDOWS\SysNative\drivers\avgtpx64.sys
[2014.01.08 19:02:06 | 000,000,401 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\sp_data.sys
[2014.01.08 19:01:24 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.01.07 19:57:00 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014.01.07 19:56:59 | 2536,034,303 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.07 19:56:05 | 000,250,314 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\fvstore.dat
[2014.01.07 19:41:11 | 000,356,928 | ---- | M] () -- C:\Users\Alexander\Desktop\Fehler FRST64.png
[2014.01.06 20:25:49 | 000,377,856 | ---- | M] () -- C:\Users\Alexander\Desktop\gmer_2.1.19163.exe
[2014.01.06 20:21:22 | 000,000,000 | ---- | M] () -- C:\Users\Alexander\defogger_reenable
[2014.01.06 20:19:33 | 000,050,477 | ---- | M] () -- C:\Users\Alexander\Desktop\Defogger.exe
[2014.01.06 19:28:10 | 000,002,031 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2014.01.06 19:19:04 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\SysNative\certsentry.dll
[2014.01.06 19:19:04 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\SysWow64\certsentry.dll
[2014.01.06 19:18:25 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfc71.dll
[2014.01.04 22:47:45 | 000,000,009 | ---- | M] () -- C:\END
[2014.01.04 20:36:35 | 001,776,918 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014.01.04 20:36:35 | 000,765,582 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2014.01.04 20:36:35 | 000,722,476 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014.01.04 20:36:35 | 000,159,366 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2014.01.04 20:36:35 | 000,135,592 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014.01.04 20:29:43 | 000,573,264 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.12.27 13:47:09 | 000,000,051 | ---- | M] () -- C:\WINDOWS\SysWow64\SYNSOPOS.exe.cfg
[2013.12.26 17:45:52 | 000,002,892 | ---- | M] () -- C:\WINDOWS\SysWow64\audcon.sys
[2013.12.24 15:40:49 | 000,005,107 | ---- | M] () -- C:\Users\Alexander\AppData\Local\recently-used.xbel
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.01.07 19:41:11 | 000,356,928 | ---- | C] () -- C:\Users\Alexander\Desktop\Fehler FRST64.png
[2014.01.06 21:49:00 | 000,250,314 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\fvstore.dat
[2014.01.06 20:25:45 | 000,377,856 | ---- | C] () -- C:\Users\Alexander\Desktop\gmer_2.1.19163.exe
[2014.01.06 20:21:22 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\defogger_reenable
[2014.01.06 20:19:32 | 000,050,477 | ---- | C] () -- C:\Users\Alexander\Desktop\Defogger.exe
[2014.01.06 19:17:26 | 000,002,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2014.01.04 22:47:08 | 000,000,009 | ---- | C] () -- C:\END
[2013.12.26 17:45:52 | 000,002,892 | ---- | C] () -- C:\WINDOWS\SysWow64\audcon.sys
[2013.12.26 17:44:13 | 000,147,425 | ---- | C] () -- C:\WINDOWS\SysNative\SYNSOACC-Aide.chm
[2013.12.26 17:44:13 | 000,120,468 | ---- | C] () -- C:\WINDOWS\SysNative\SYNSOACC-Hilfe.chm
[2013.12.26 17:44:13 | 000,114,279 | ---- | C] () -- C:\WINDOWS\SysNative\SYNSOACC-Help.chm
[2013.12.26 17:44:11 | 000,147,425 | ---- | C] () -- C:\WINDOWS\SysWow64\SYNSOACC-Aide.chm
[2013.12.26 17:44:11 | 000,120,468 | ---- | C] () -- C:\WINDOWS\SysWow64\SYNSOACC-Hilfe.chm
[2013.12.26 17:44:11 | 000,114,279 | ---- | C] () -- C:\WINDOWS\SysWow64\SYNSOACC-Help.chm
[2013.12.26 17:44:08 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SysWow64\SYNSOPOS.exe.cfg
[2013.12.26 17:44:07 | 000,086,016 | ---- | C] () -- C:\WINDOWS\SysWow64\SYNSOPOS.exe
[2013.12.24 15:40:49 | 000,005,107 | ---- | C] () -- C:\Users\Alexander\AppData\Local\recently-used.xbel
[2013.12.20 20:36:58 | 000,001,185 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
[2013.09.11 17:34:14 | 000,000,401 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\sp_data.sys
[2013.08.22 16:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013.08.22 16:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013.08.22 15:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013.08.22 08:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013.08.22 04:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013.08.22 04:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013.08.22 00:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013.08.22 00:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013.04.26 00:15:21 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2013.04.26 00:15:21 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2013.04.26 00:15:21 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
[2012.07.25 21:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012.07.25 21:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.12.07 00:01:15 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.12.07 00:01:15 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Alexander\SkyDrive:ms-properties

< End of report >
--- --- ---

[/CODE]

allexx 08.01.2014 19:46
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 08.01.2014 19:22:37 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Alexander\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,67 Gb Available Physical Memory | 71,31% Memory free
9,20 Gb Paging File | 5,75 Gb Available in Paging File | 62,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372,26 Gb Total Space | 320,19 Gb Free Space | 86,01% Space Free | Partition Type: NTFS
Drive D: | 537,60 Gb Total Space | 536,77 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive E: | 29,71 Gb Total Space | 29,71 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: ASUS | User Name: Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DF9207-336B-4D4F-B1FD-122BC45D324B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0ADD2E76-15A6-4EE7-865D-886B8E17D2F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{28C12EC4-158E-42B2-B1F2-9B6615745101}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FAE163B-3395-41B5-8F93-6ACC1E25C8AC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5098054C-9DA3-4A44-A4E4-B214D4A94F09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{703C70EF-D433-426D-9AEA-E08AC4D4D929}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C50C418-2449-4B63-8120-FE2C942FFC59}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A467E195-5DE4-4089-9CAB-0627887FDC9D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A9EE2284-B077-44E6-9799-E4503B4BC59C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C15C32C2-C7D2-4260-8479-3DE775E2D247}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CACDB418-5466-44CB-97EB-234638B11E8D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DDA78F91-EE2F-4372-A38D-68C2AFA26A29}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8C34850-1413-412F-A4A2-45E2CC8525E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010DD732-4B49-48A9-9472-240B408531BB}" = dir=out | name=windows_ie_ac_001 |
"{0366B44A-1A44-46AF-8365-E41A9322E1DD}" = dir=out | name=@{microsoft.zunevideo_1.5.299.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{04276558-C326-47DF-A48E-D391EBFACB84}" = dir=out | name=@{microsoft.zunevideo_2.2.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{073D18D0-540F-4025-9042-32FD07CE8597}" = dir=in | name=juniper networks junos pulse |
"{0A943EBD-4153-4831-993C-289A3C16D5F4}" = dir=out | name=f5 vpn |
"{0F62B899-F63E-4B97-8C10-5957819BA543}" = dir=out | name=skype |
"{16DB40B7-F7FE-41A6-947C-23E4D8DA9F68}" = dir=in | name=pinball fx2 |
"{1AA49D9B-F0D6-4373-8F7A-C2DC757AEA62}" = dir=out | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |
"{1DA54B5B-6183-44FA-926F-F92709621A04}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{1F29B1FE-B438-4E3B-A1CA-C63E30AF4563}" = dir=in | name=check point vpn |
"{1FB5E3BC-5AFD-4748-B3C6-089844954577}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{20065AE8-7543-4D78-8881-2CEDD6EFE18C}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{24CBF919-18EE-41F3-B820-A57BFCC02C4A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{26268C06-8644-4BB1-B6C2-6D75E29CD0F3}" = dir=out | name=juniper networks junos pulse |
"{2C102D93-9EE2-400E-978D-9663D2DF7B1D}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{31A64DC2-F6B4-4AA2-B3DC-145CF88D1707}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{32D3C908-6FBC-47A3-9868-9127B1947205}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{38ED68F5-526A-478C-A93B-F798C3F00665}" = dir=out | name=pinball fx2 |
"{3B9FA293-A0B5-44C0-B8D9-C1D82DF4522B}" = dir=in | name=sonicwall mobile connect |
"{3CC409B7-7FC9-4030-87F2-DAC17F28CE36}" = dir=out | name=@{microsoft.zunemusic_1.5.214.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{44E3CEB0-A593-4D9E-B712-A596A912B8AC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{45722CC1-3948-4EC6-BD31-596FA4D42930}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{46AD9372-847B-4917-9E8A-8AE3A87FEB98}" = dir=in | name=samsung printer experience |
"{48D12B47-E745-49AA-B800-11D9DEC0A68D}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{504F823F-72F6-4B49-A78D-295D89A4754C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{54AC389A-AC0A-4046-8BF5-14525BFC9BB9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5A2FBE44-750F-4201-BF38-6CD3AE61741A}" = dir=out | name=@{microsoft.zunemusic_2.2.339.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{5A6B6EBF-C452-4E11-BB0A-9CD7DDD13E22}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{5B587B41-A1C0-4F0A-9C37-9D71CD4183D4}" = dir=out | name=- games app - |
"{5B970198-3A51-4E29-800C-DB145A7ACE6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C3F3BA9-3A90-4839-A719-4A991A1714B0}" = dir=out | name=windows_ie_ac_001 |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{6521E0DE-112E-4BB3-950B-3C73E78A3C9E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{66C79276-7B00-4805-9623-7DD25997D5CF}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{67D991DB-629E-41D9-9C74-B360E5A43AF1}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{6B5EC987-48B8-4633-8584-2003F25148B0}" = dir=out | name=@{magix.musicmakerjam_2.0.1020.2_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
"{6F9D273E-09E7-481F-A624-111F71FE72A2}" = dir=in | name=skype |
"{798905BF-2CC4-4A29-9762-27A19B8A886A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{7EA07BD2-1DD4-45CE-B304-33157D838B08}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81735341-2C0E-4B1C-9C4D-ED979618C3DD}" = dir=out | name=fresh paint |
"{86AC3A75-102F-452B-8D88-99A4B5C33C48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A579985-692A-4971-AF52-0476A72D40BB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8AACE1E4-56E1-4B60-B0D7-C4B1AA21B4BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8BFC800C-C233-4A48-A8A2-58C1F7889362}" = dir=out | name=check point vpn |
"{8F742722-EB63-4B60-8280-435B83C49A8F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{920F4F7E-C709-4C6E-BE4F-329B4474787D}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{95487789-E93E-4723-ABDD-ED94E4B19A01}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{9593A053-B32D-4A81-A012-75C87CBBC44F}" = dir=in | name=@{magix.musicmakerjam_2.0.1020.2_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
"{97D3734F-4A9E-4292-9F31-6D8D20C381B0}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{9DB4EA41-867F-40C3-8E50-949CC207E670}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A914DBFB-C0D1-4407-8FEA-CD5C9D3EF474}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A92AAA47-D4DE-4DBA-B36A-602714D28A54}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A9FA68F6-D856-4E9A-8E13-4AC37F143473}" = dir=in | name=f5 vpn |
"{AD488AD1-28DD-4C26-A9F9-F41CF2187285}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{B5869FC4-FAE8-4EC1-A512-A134F73BCD21}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{BB0D17B9-EEF2-474C-81CE-770FA7017FE2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BDBCA066-A941-424A-8E9F-F40E4AAF3863}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C2E8E71D-112B-4C2D-9AE1-87C96E9AB0D0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C614B2EF-78AF-4376-A925-6E95B5D119EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7CCF814-5736-4084-998F-CB40A7BDAF30}" = dir=out | name=samsung printer experience |
"{C92525BD-E44F-4F8A-A243-0DD0AE8BC2D4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{CB2C0B4E-C2D2-4B2A-9696-4AC318CFB2A4}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{CD375486-DA49-4C08-97E6-08C58C9CE61A}" = dir=out | name=windows_ie_ac_001 |
"{CFC2D03F-55FC-4BA4-B688-23622D353B6E}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{D4072FBB-F432-4D5B-88EA-A1B17036758D}" = dir=out | name=sonicwall mobile connect |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D92B4754-063B-491D-AC19-864E39846AEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D960724E-72D2-4314-8035-FA4B09ADE4F3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DCBC498D-3F70-47B4-99F4-B59F28D0BDC3}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{DD03B041-009A-48EC-94F8-C9D19F8350F3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E39E23C0-0927-4DF2-A64C-FFACD10091F1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E67F245F-3749-4E2C-B0AC-55D59D35BFA9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EA3BA35A-C086-45D9-B03B-4D5E3E282432}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.335_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{EAA9CFE0-2480-47CB-B067-9140CB7D76A3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{EAEE6BC1-1C00-4381-A1C0-077668D33E78}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{EC4470D5-DC7C-4E48-B6A4-1A0D94EB2C23}" = protocol=6 | dir=out | app=system |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{ED843464-DCBE-4EEA-A4DF-17678C73AB7A}" = dir=out | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{F173C9E3-774F-44E6-8E5E-629732BAE2B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1B445F9-2119-491A-90AF-1AEE519F35A1}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{F1DB14A2-1622-4B0E-8A4E-33E45C5078E2}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{FCDF36AC-0A2E-439C-9B2E-B26A555C38D8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"TCP Query User{8A0232F3-968E-45F4-A11D-1E6929285000}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{B3DEBA83-69D2-4DAD-A098-675ADA214FCC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{BF4EA27A-3BEA-47E3-B55A-1DE544B067FD}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{CB35571A-1D81-43FB-AB5F-1D5E38CB4886}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{093F13A3-177C-493E-8958-912A0C690B64}" = COMODO Firewall
"{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}" = ASUS Screen Saver
"{1B2A7E66-0C42-4620-B868-0DE48EBE35A2}" = MAGIX Music Maker MX Update
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 327.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 327.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 327.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EC4E385C-4B7D-4FDD-9F0C-C91B116AD243}" = GeekBuddy
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"AVG" = AVG 2014
"CCleaner" = CCleaner
"EPSON XP-600 Series" = Druckerdeinstallation für EPSON XP-600 Series
"GIMP-2_is1" = GIMP 2.8.10
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}" = OpenOffice 4.0.1
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{2B0E8920-47D0-4F4D-BE03-76397409B837}" = ASUS Fan Filter Checker
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3B9E171F-A955-4834-B877-447C0A437260}" = ASUS ROG Gaming Mouse
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69CC4B1E-0ADB-48E7-83D5-B45DA8CD1320}" = Alcor Micro USB Card Reader
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{6EA9A3C5-B774-4453-848A-8B6DFDE8B100}" = MAGIX Screenshare
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus" = WildTangent Games App
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D5A64D4-FE90-47FB-A619-DC25A781CD07}" = MAGIX Goya burnR (MSI)
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{8F01524C-0676-4CC1-B4AE-64753C723391}" = Epson Event Manager
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1" = Ashampoo Burning Studio 6 FREE v.6.84
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE13C43-6C78-4616-8D3E-F480DEAD774D}" = MAGIX Music Maker MX
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A3B308B9-BE96-4334-816F-3D82B19A7DE2}" = Software Updater
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"AmUStor" = Alcor Micro USB Card Reader
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"Comodo Dragon" = Comodo Dragon
"Epson Connect Guide" = Anleitung für Epson Connect
"EPSON Scanner" = EPSON Scan
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.12.827
"Google Chrome" = Google Chrome
"iCare Card Recovery Free_is1" = iCare Card Recovery Free 2.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"MAGIX_MSI_mm18" = MAGIX Music Maker MX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MyBitCast" = MyBitCast 2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0eda17f7-fdf1-44cd-87c0-caf591ca3a2e" = Penguins!
"WTA-4ac01422-47f4-450d-be29-dd2c93505f68" = Peggle
"WTA-874d1d57-0527-4e80-adaa-bce83e1a070b" = Azteca
"WTA-cf23f5a3-be59-42a3-91d4-7147cb84c427" = Bejeweled 3
"WTA-d927468d-46de-4206-b527-35d00680ffb7" = Tales of Lagoona
"WTA-f9eaaca9-82be-44ea-8a23-da50b5803b42" = Cut the Rope
"XP-600 Series Netg" = Epson Netzwerkhandbuch XP-600 Series
"XP-600 Series Useg" = Epson Benutzerhandbuch XP-600 Series
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.01.2014 16:20:27 | Computer Name = Asus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MusicMaker.exe, Version: 18.0.4.1,
 Zeitstempel: 0x5061714d  Name des fehlerhaften Moduls: mfc90.dll, Version: 9.0.30729.6161,
 Zeitstempel: 0x4dad06e0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0020c397  ID des fehlerhaften
 Prozesses: 0x1348  Startzeit der fehlerhaften Anwendung: 0x01cf08ad7209d87e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\MAGIX\Music_Maker_MX\MusicMaker.exe
Pfad
 des fehlerhaften Moduls: C:\WINDOWS\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90.dll
Berichtskennung:
 7b664293-74b4-11e3-be90-240a6450e98e  Vollständiger Name des fehlerhaften Pakets:
  Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
 
Error - 03.01.2014 16:20:56 | Computer Name = Asus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MusicMaker.exe, Version: 18.0.4.1,
 Zeitstempel: 0x5061714d  Name des fehlerhaften Moduls: mfc90.dll, Version: 9.0.30729.6161,
 Zeitstempel: 0x4dad06e0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0020cab2  ID des fehlerhaften
 Prozesses: 0x1348  Startzeit der fehlerhaften Anwendung: 0x01cf08ad7209d87e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\MAGIX\Music_Maker_MX\MusicMaker.exe
Pfad
 des fehlerhaften Moduls: C:\WINDOWS\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90.dll
Berichtskennung:
 8c89bc3a-74b4-11e3-be90-240a6450e98e  Vollständiger Name des fehlerhaften Pakets:
  Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
 
Error - 03.01.2014 16:21:45 | Computer Name = Asus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MusicMaker.exe, Version: 18.0.4.1,
 Zeitstempel: 0x5061714d  Name des fehlerhaften Moduls: dbghelp.dll, Version: 6.3.9600.16384,
 Zeitstempel: 0x52157b79  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000290d2  ID des fehlerhaften
 Prozesses: 0x1348  Startzeit der fehlerhaften Anwendung: 0x01cf08ad7209d87e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\MAGIX\Music_Maker_MX\MusicMaker.exe
Pfad
 des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\dbghelp.dll  Berichtskennung: a9f8e938-74b4-11e3-be90-240a6450e98e
Vollständiger
 Name des fehlerhaften Pakets:  Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:
 
Error - 03.01.2014 21:01:49 | Computer Name = Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.01.2014 21:01:49 | Computer Name = Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14860
 
Error - 03.01.2014 21:01:49 | Computer Name = Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14860
 
Error - 04.01.2014 06:31:34 | Computer Name = Asus | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 04.01.2014 07:40:00 | Computer Name = Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.01.2014 07:40:00 | Computer Name = Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15203
 
Error - 04.01.2014 07:40:00 | Computer Name = Asus | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15203
 
[ System Events ]
Error - 06.01.2014 15:34:39 | Computer Name = Asus | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 AppX-Bereitstellungsdienst (AppXSVC) erreicht.
 
Error - 06.01.2014 15:34:39 | Computer Name = Asus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 06.01.2014 15:35:16 | Computer Name = Asus | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 AppX-Bereitstellungsdienst (AppXSVC) erreicht.
 
Error - 06.01.2014 15:35:16 | Computer Name = Asus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 06.01.2014 15:35:54 | Computer Name = Asus | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 AppX-Bereitstellungsdienst (AppXSVC) erreicht.
 
Error - 06.01.2014 15:35:54 | Computer Name = Asus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 06.01.2014 15:36:05 | Computer Name = Asus | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1326    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.01.2014 15:36:05 | Computer Name = Asus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 06.01.2014 15:36:51 | Computer Name = Asus | Source = DCOM | ID = 10016
Description =
 
Error - 07.01.2014 14:06:28 | Computer Name = Asus | Source = DCOM | ID = 10016
Description =
 
 
< End of report >
--- --- ---

[/CODE]

schrauber 09.01.2014 12:24
Downloade dir bitte Windows Repair (All In One) von hier.

allexx 09.01.2014 19:49
Ich hab eine andere Version bekommen.

Bei Step 3 kann ich so oft ich will auf Do IT klicken. Da kommt nichts.
Ich sollte es dann überspringen, steht da ja.

http://www.trojaner-board.de/picture...&pictureid=478


Bei Start Repairs kann ich keinen Mode auswählen.


http://www.trojaner-board.de/picture...&pictureid=479


Zum Ende würde es dann so aussehen


http://www.trojaner-board.de/picture...&pictureid=481

schrauber 10.01.2014 10:59
Einfach auf Start klicken, dann sollte die Seite mit den Kästchen kommen :)

allexx 11.01.2014 00:43
Ich weiß :)
Mein AVG musste ich auch noch ausmachen.
Er ist durch gelaufen. Ob das jetzt mein Problem gelöst hat?

Ich meinte das Windows Repair-Tool ist durch gelaufen.

schrauber 11.01.2014 15:27
Rechner testen und berichten :)

allexx 11.01.2014 16:46
Alles schon gemacht :) keine Funde

und siehe da, ich ruf Chrome auf und anstatt das Google kommt wie immer, zeigt er mir einen schwarzen Hintergrund. Wenn ich mit der rechten Maustaste auf eine Datei klicke, dauert es fast 20 Sekunden bis er das Menu öffnet.

schrauber 12.01.2014 08:33
Lad FRST mal neu, läuft es jetzt? Chrome deinstallieren, keine Daten behalten, neu installieren.

allexx 12.01.2014 15:58
Da sind die Logs


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2014
Ran by Alexander (administrator) on ASUS on 12-01-2014 14:41:23
Running from C:\Users\Alexander\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SynptSync64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
() C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0\ScriptHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Atheros Communications)
HKLM\...\Run: [SynAsusGestureAPIMgr] - C:\Program Files\Synaptics\SynTP\SynAsusGestureAPIMgr.exe [736568 2012-09-17] (Synaptics)
HKLM\...\Run: [AsusNewUI] - C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe [1367864 2012-09-17] ()
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-09-17] (Synaptics Incorporated)
HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] - "C:\ProgramData\cisF825.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [ROGNB] - C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-12-13] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2486296 2014-01-09] ()
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Power2GoExpress] - C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2646504 2012-05-14] (CyberLink Corp.)
HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIJCE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Alexander\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=1fc2076157c747d39d30f54322b4007d-deb938a3927238d7a2affdc79dac21437613b9d5 /CMPID=1213b
AppInit_DLLs: c:\progra~2\nvidia~1\3dvisi~1\nvstin~1.dll [ ] ()
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1ABDD229DF0BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.5
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {D0235A4F-49C2-4EC8-A3B3-98AA6688A94F} URL =
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={D1614F35-87CB-48D9-A087-3987D6D2466C}&mid=1fc2076157c747d39d30f54322b4007d-deb938a3927238d7a2affdc79dac21437613b9d5&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-08 19:03:43&v=17.2.0.38&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={D1614F35-87CB-48D9-A087-3987D6D2466C}&mid=1fc2076157c747d39d30f54322b4007d-deb938a3927238d7a2affdc79dac21437613b9d5&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-08 19:03:43&v=17.2.0.38&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://mysearch.avg.com?cid={D1614F35-87CB-48D9-A087-3987D6D2466C}&mid=1fc2076157c747d39d30f54322b4007d-deb938a3927238d7a2affdc79dac21437613b9d5&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-08 19:03:43&v=17.2.0.38&pid=safeguard&sg=&sap=hp
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Extension: (Google Drive) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-09-11]
CHR Extension: (YouTube) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-09-11]
CHR Extension: (Google Search) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-09-11]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0 [2013-11-12]
CHR Extension: (AVG SafeGuard) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.3.0.49_0 [2014-01-09]
CHR Extension: (Google Wallet) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-21]
CHR Extension: (Gmail) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2013-09-11]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-09]

==================== Services (Whitelisted) =================

U2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
U2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()
U2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)
U2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
U2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
U2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
U2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-12-13] (Comodo Security Solutions, Inc.)
U2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
U2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
U2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-12-13] (Comodo Security Solutions, Inc.)
U2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
U2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-09] (AVG Secure Search)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)

==================== Drivers (Whitelisted) ====================

U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
U1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
U1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
U0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
U1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
U0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
U0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
U0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
U1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [46368 2014-01-08] (AVG Technologies)
U1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
U1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2013-05-07] (Windows (R) Win 7 DDK provider)
U1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2013-10-07] ()
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-17] (Synaptics Incorporated)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-07] (Microsoft Corporation)
U3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-12 14:41 - 2014-01-12 14:41 - 00021000 _____ C:\Users\Alexander\Desktop\FRST.txt
2014-01-12 14:40 - 2014-01-12 14:40 - 02075136 _____ (Farbar) C:\Users\Alexander\Desktop\FRST64.exe
2014-01-12 01:44 - 2014-01-12 01:44 - 00005424 _____ C:\Users\Alexander\AppData\Local\recently-used.xbel
2014-01-12 01:20 - 2014-01-12 01:20 - 00000015 _____ C:\Users\Alexander\.gtk-bookmarks
2014-01-12 01:12 - 2014-01-12 01:22 - 00000000 ____D C:\geo
2014-01-12 01:10 - 2014-01-12 01:10 - 27981224 _____ (Wireshark development team) C:\Users\Alexander\Downloads\Wireshark-win64-1.10.5.exe
2014-01-09 18:19 - 2014-01-09 18:19 - 02903255 _____ C:\Users\Alexander\Downloads\tweaking.com_windows_repair_aio.zip
2014-01-09 17:53 - 2014-01-09 17:53 - 00000000 ____D C:\Program Files\7-Zip
2014-01-08 19:03 - 2014-01-09 19:18 - 00000000 ____D C:\Users\Alexander\AppData\Local\AVG SafeGuard toolbar
2014-01-08 19:03 - 2014-01-09 19:17 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2014-01-08 19:03 - 2014-01-08 19:03 - 00046368 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-01-08 19:03 - 2014-01-08 19:03 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2014-01-08 19:03 - 2014-01-08 19:03 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2014-01-08 19:01 - 2014-01-12 14:08 - 00215534 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-08 19:01 - 2014-01-08 19:01 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-08 19:01 - 2014-01-08 19:01 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-07 19:33 - 2014-01-07 19:33 - 00000000 ____D C:\FRST
2014-01-06 21:49 - 2014-01-10 21:41 - 00791450 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2014-01-06 21:49 - 2014-01-09 17:50 - 00000000 ___HD C:\VTRoot
2014-01-06 20:21 - 2014-01-06 20:21 - 00000000 _____ C:\Users\Alexander\defogger_reenable
2014-01-06 19:19 - 2014-01-06 19:19 - 00000000 ____D C:\first_launch
2014-01-06 19:18 - 2014-01-06 19:18 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2014-01-06 19:17 - 2014-01-10 18:08 - 00000000 ____D C:\Program Files (x86)\Comodo
2014-01-06 19:17 - 2014-01-10 18:07 - 00000000 ____D C:\Program Files\COMODO
2014-01-06 19:17 - 2014-01-06 19:19 - 00057096 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2014-01-06 19:17 - 2014-01-06 19:18 - 00000000 ____D C:\ProgramData\COMODO
2014-01-06 19:17 - 2014-01-06 19:17 - 00000000 ____D C:\Users\Alexander\AppData\Local\Comodo
2014-01-06 19:16 - 2014-01-06 19:16 - 00000000 ____D C:\ProgramData\Comodo Downloader
2014-01-05 19:11 - 2014-01-05 21:45 - 00000000 ____D C:\Users\Alexander\AppData\Local\Vidalia
2014-01-04 23:26 - 2014-01-04 23:26 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\FreeHideIP
2014-01-04 23:26 - 2014-01-04 23:26 - 00000000 ____D C:\ProgramData\FreeHideIP
2014-01-04 23:01 - 2014-01-12 14:37 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4FE5FCCA-9B26-4D71-B09A-491188DDEDCB}
2014-01-04 22:48 - 2014-01-04 22:48 - 00000000 ____D C:\WINDOWS\SysWOW64\SearchProtect
2014-01-04 22:47 - 2014-01-04 23:01 - 00000000 ____D C:\Users\Alexander\AppData\Local\Conduit
2014-01-04 22:47 - 2014-01-04 22:47 - 00000009 _____ C:\END
2014-01-04 22:47 - 2014-01-04 22:47 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\SearchProtect
2014-01-04 22:47 - 2014-01-04 22:47 - 00000000 ____D C:\ProgramData\Conduit
2014-01-04 22:47 - 2014-01-04 22:47 - 00000000 ____D C:\Program Files (x86)\Conduit
2014-01-04 22:13 - 2014-01-04 22:13 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-04 20:40 - 2014-01-04 20:40 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\AVG2014
2014-01-04 20:39 - 2014-01-04 20:40 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-04 20:39 - 2014-01-04 20:39 - 00000000 ___HD C:\$AVG
2014-01-04 20:39 - 2014-01-04 20:39 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-04 20:35 - 2014-01-04 21:40 - 00000000 ____D C:\Users\Alexander\AppData\Local\Avg2014
2014-01-04 20:21 - 2014-01-04 20:28 - 137189352 _____ (AVG Technologies) C:\Users\Alexander\Downloads\avg_free_x86_all_2014_4259a6848.exe
2014-01-02 13:27 - 2014-01-02 13:38 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Audacity
2013-12-27 14:18 - 2014-01-04 20:29 - 00000000 ____D C:\Program Files\office.tmp
2013-12-27 13:51 - 2013-12-27 14:10 - 00000000 ____D C:\Users\Alexander\Documents\Cubase AI Projects
2013-12-27 13:50 - 2013-12-27 13:50 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\VST3 Presets
2013-12-27 13:47 - 2013-12-27 13:47 - 00000000 ____D C:\Users\Alexander\AppData\Local\eLicenser
2013-12-26 17:47 - 2013-12-27 13:50 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Steinberg
2013-12-26 17:47 - 2013-12-26 17:47 - 00000000 ____D C:\ProgramData\Steinberg
2013-12-26 17:45 - 2013-12-26 17:45 - 00002892 _____ () C:\WINDOWS\SysWOW64\audcon.sys
2013-12-26 17:45 - 2013-12-26 17:45 - 00000000 ____D C:\ProgramData\Syncrosoft
2013-12-26 17:44 - 2013-12-27 14:23 - 00000000 ____D C:\ProgramData\eLicenser
2013-12-26 17:44 - 2013-12-27 13:47 - 00000051 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg
2013-12-26 17:44 - 2009-09-17 16:20 - 01695232 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\system32\synsoacc.dll
2013-12-26 17:44 - 2009-09-17 16:20 - 01261568 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\SysWOW64\SYNSOACC.dll
2013-12-26 17:44 - 2009-05-19 15:21 - 00086016 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe
2013-12-26 17:44 - 2006-01-29 10:48 - 00147425 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Aide.chm
2013-12-26 17:44 - 2006-01-29 10:48 - 00147425 _____ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2013-12-26 17:44 - 2006-01-29 10:48 - 00120468 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Hilfe.chm
2013-12-26 17:44 - 2006-01-29 10:48 - 00120468 _____ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2013-12-26 17:44 - 2006-01-29 10:48 - 00114279 _____ C:\WINDOWS\SysWOW64\SYNSOACC-Help.chm
2013-12-26 17:44 - 2006-01-29 10:48 - 00114279 _____ C:\WINDOWS\system32\SYNSOACC-Help.chm
2013-12-26 16:00 - 2013-12-26 16:00 - 00000000 ____D C:\Users\Alexander\Documents\MAGIX_Music_Maker_17_Silver
2013-12-26 15:25 - 2013-12-26 15:25 - 00000000 ____D C:\Users\Alexander\Documents\MAGIX
2013-12-26 15:24 - 2013-12-26 15:59 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\MAGIX
2013-12-26 15:18 - 2013-12-27 15:57 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Music_Maker_MX
2013-12-26 15:17 - 2013-12-26 16:02 - 00000000 ____D C:\Program Files (x86)\MAGIX
2013-12-26 15:17 - 2013-12-26 15:59 - 00000000 ____D C:\ProgramData\MAGIX
2013-12-26 15:17 - 2013-12-26 15:17 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-12-24 11:58 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BJCE.DLL
2013-12-24 11:58 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2013-12-24 11:53 - 2013-12-24 11:53 - 00000000 _____ C:\Users\Alexander\Sti_Trace.log
2013-12-22 14:12 - 2013-12-22 14:12 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\OpenOffice
2013-12-21 21:43 - 2013-12-21 21:43 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-21 21:35 - 2013-12-21 21:41 - 163606685 _____ C:\Users\Alexander\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-12-20 21:29 - 2013-12-22 15:31 - 00000000 ____D C:\Tools
2013-12-20 21:11 - 2013-12-20 21:11 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-20 20:44 - 2013-12-20 20:44 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-12-20 20:43 - 2013-12-20 21:31 - 00000000 ____D C:\AdwCleaner
2013-12-20 20:36 - 2013-12-20 20:36 - 00001185 _____ C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
2013-12-20 20:27 - 2013-12-20 20:27 - 00002780 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2013-12-20 20:27 - 2013-12-20 20:27 - 00000000 ____D C:\Program Files\CCleaner
2013-12-20 20:26 - 2013-12-20 20:26 - 03541544 _____ (Piriform Ltd) C:\Users\Alexander\Downloads\CCleaner.exe
2013-12-20 20:17 - 2013-12-20 20:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Alexander\Downloads\Malewarebytes.exe
2013-12-20 20:10 - 2013-12-26 00:18 - 00000000 ____D C:\Program Files (x86)\iCare Card Recovery Free
2013-12-20 20:09 - 2013-12-20 20:09 - 03774938 _____ (iCare Software                                              ) C:\Users\Alexander\Downloads\icare card recovery.exe
2013-12-20 20:01 - 2013-12-20 20:01 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2013-12-20 20:01 - 2013-12-20 20:01 - 00000000 ____D C:\Program Files (x86)\Convar
2013-12-16 17:42 - 2013-12-16 17:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-12-14 12:28 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-14 12:28 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-14 12:28 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-14 12:28 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-14 12:28 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-14 12:28 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-14 12:28 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-14 12:28 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-14 12:28 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-14 12:28 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-14 12:28 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-14 12:28 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-14 12:28 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-14 12:28 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-14 12:28 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-14 12:28 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-14 12:28 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-14 12:28 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-14 12:28 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-14 12:28 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-14 12:28 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-14 12:28 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-14 12:28 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-14 12:28 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-14 12:28 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-14 12:28 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-14 12:28 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-14 12:28 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-14 12:28 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-14 12:28 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-14 12:28 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-14 12:28 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-14 12:28 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-14 12:28 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-14 12:28 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-14 12:28 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-14 12:28 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-14 12:28 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-14 12:28 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-14 12:28 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-14 12:28 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-14 12:28 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-14 12:27 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 12:27 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 12:27 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-14 12:27 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-14 12:27 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

==================== One Month Modified Files and Folders =======

2014-01-12 14:41 - 2014-01-12 14:41 - 00021000 _____ C:\Users\Alexander\Desktop\FRST.txt
2014-01-12 14:40 - 2014-01-12 14:40 - 02075136 _____ (Farbar) C:\Users\Alexander\Desktop\FRST64.exe
2014-01-12 14:37 - 2014-01-04 23:01 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4FE5FCCA-9B26-4D71-B09A-491188DDEDCB}
2014-01-12 14:09 - 2013-09-11 17:54 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 14:08 - 2014-01-08 19:01 - 00215534 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-12 14:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-12 13:54 - 2013-09-11 17:41 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-782853324-163606255-2445155786-1002
2014-01-12 13:53 - 2013-12-10 18:02 - 00000000 ____D C:\ProgramData\MFAData
2014-01-12 13:53 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-12 13:49 - 2013-09-11 17:54 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-12 13:49 - 2013-09-11 17:34 - 00000401 _____ C:\Users\Alexander\AppData\Roaming\sp_data.sys
2014-01-12 13:48 - 2013-12-07 00:38 - 00000000 __RDO C:\Users\Alexander\SkyDrive
2014-01-12 01:44 - 2014-01-12 01:44 - 00005424 _____ C:\Users\Alexander\AppData\Local\recently-used.xbel
2014-01-12 01:24 - 2013-12-08 18:53 - 00000000 ____D C:\Users\Alexander\AppData\Local\gtk-2.0
2014-01-12 01:22 - 2014-01-12 01:12 - 00000000 ____D C:\geo
2014-01-12 01:20 - 2014-01-12 01:20 - 00000015 _____ C:\Users\Alexander\.gtk-bookmarks
2014-01-12 01:20 - 2013-12-07 00:15 - 00000000 ____D C:\Users\Alexander
2014-01-12 01:10 - 2014-01-12 01:10 - 27981224 _____ (Wireshark development team) C:\Users\Alexander\Downloads\Wireshark-win64-1.10.5.exe
2014-01-11 19:38 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-11 19:37 - 2013-12-07 00:09 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-10 21:47 - 2013-12-07 15:02 - 00000000 ____D C:\Papierkorb
2014-01-10 21:41 - 2014-01-06 21:49 - 00791450 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2014-01-10 21:41 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-10 18:08 - 2014-01-06 19:17 - 00000000 ____D C:\Program Files (x86)\Comodo
2014-01-10 18:07 - 2014-01-06 19:17 - 00000000 ____D C:\Program Files\COMODO
2014-01-09 19:42 - 2013-09-12 20:30 - 00236032 ___SH C:\Users\Alexander\Desktop\Thumbs.db
2014-01-09 19:18 - 2014-01-08 19:03 - 00000000 ____D C:\Users\Alexander\AppData\Local\AVG SafeGuard toolbar
2014-01-09 19:17 - 2014-01-08 19:03 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2014-01-09 18:33 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-09 18:19 - 2014-01-09 18:19 - 02903255 _____ C:\Users\Alexander\Downloads\tweaking.com_windows_repair_aio.zip
2014-01-09 17:53 - 2014-01-09 17:53 - 00000000 ____D C:\Program Files\7-Zip
2014-01-09 17:50 - 2014-01-06 21:49 - 00000000 ___HD C:\VTRoot
2014-01-08 19:03 - 2014-01-08 19:03 - 00046368 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-01-08 19:03 - 2014-01-08 19:03 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2014-01-08 19:03 - 2014-01-08 19:03 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2014-01-08 19:01 - 2014-01-08 19:01 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-08 19:01 - 2014-01-08 19:01 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-07 19:33 - 2014-01-07 19:33 - 00000000 ____D C:\FRST
2014-01-06 20:21 - 2014-01-06 20:21 - 00000000 _____ C:\Users\Alexander\defogger_reenable
2014-01-06 19:38 - 2013-12-12 19:16 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-06 19:19 - 2014-01-06 19:19 - 00000000 ____D C:\first_launch
2014-01-06 19:19 - 2014-01-06 19:17 - 00057096 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2014-01-06 19:18 - 2014-01-06 19:18 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2014-01-06 19:18 - 2014-01-06 19:17 - 00000000 ____D C:\ProgramData\COMODO
2014-01-06 19:18 - 2012-07-26 06:37 - 00000000 ____D C:\Users\Default.migrated
2014-01-06 19:17 - 2014-01-06 19:17 - 00000000 ____D C:\Users\Alexander\AppData\Local\Comodo
2014-01-06 19:16 - 2014-01-06 19:16 - 00000000 ____D C:\ProgramData\Comodo Downloader
2014-01-05 21:45 - 2014-01-05 19:11 - 00000000 ____D C:\Users\Alexander\AppData\Local\Vidalia
2014-01-04 23:26 - 2014-01-04 23:26 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\FreeHideIP
2014-01-04 23:26 - 2014-01-04 23:26 - 00000000 ____D C:\ProgramData\FreeHideIP
2014-01-04 23:01 - 2014-01-04 22:47 - 00000000 ____D C:\Users\Alexander\AppData\Local\Conduit
2014-01-04 22:48 - 2014-01-04 22:48 - 00000000 ____D C:\WINDOWS\SysWOW64\SearchProtect
2014-01-04 22:47 - 2014-01-04 22:47 - 00000009 _____ C:\END
2014-01-04 22:47 - 2014-01-04 22:47 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\SearchProtect
2014-01-04 22:47 - 2014-01-04 22:47 - 00000000 ____D C:\ProgramData\Conduit
2014-01-04 22:47 - 2014-01-04 22:47 - 00000000 ____D C:\Program Files (x86)\Conduit
2014-01-04 22:13 - 2014-01-04 22:13 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-04 21:40 - 2014-01-04 20:35 - 00000000 ____D C:\Users\Alexander\AppData\Local\Avg2014
2014-01-04 20:40 - 2014-01-04 20:40 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\AVG2014
2014-01-04 20:40 - 2014-01-04 20:39 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-04 20:39 - 2014-01-04 20:39 - 00000000 ___HD C:\$AVG
2014-01-04 20:39 - 2014-01-04 20:39 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-04 20:39 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2014-01-04 20:36 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-04 20:36 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-04 20:36 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-04 20:29 - 2013-12-27 14:18 - 00000000 ____D C:\Program Files\office.tmp
2014-01-04 20:29 - 2013-08-22 15:44 - 00573264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-04 20:28 - 2014-01-04 20:21 - 137189352 _____ (AVG Technologies) C:\Users\Alexander\Downloads\avg_free_x86_all_2014_4259a6848.exe
2014-01-04 20:15 - 2013-09-11 18:04 - 00000000 ____D C:\ProgramData\Ashampoo
2014-01-02 13:38 - 2014-01-02 13:27 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Audacity
2013-12-27 15:57 - 2013-12-26 15:18 - 00000000 ____D C:\Users\Public\Documents\MAGIX_Music_Maker_MX
2013-12-27 14:23 - 2013-12-26 17:44 - 00000000 ____D C:\ProgramData\eLicenser
2013-12-27 14:20 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2013-12-27 14:20 - 2013-08-22 16:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2013-12-27 14:10 - 2013-12-27 13:51 - 00000000 ____D C:\Users\Alexander\Documents\Cubase AI Projects
2013-12-27 13:50 - 2013-12-27 13:50 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\VST3 Presets
2013-12-27 13:50 - 2013-12-26 17:47 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Steinberg
2013-12-27 13:47 - 2013-12-27 13:47 - 00000000 ____D C:\Users\Alexander\AppData\Local\eLicenser
2013-12-27 13:47 - 2013-12-26 17:44 - 00000051 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg
2013-12-26 18:59 - 2013-09-11 17:31 - 00000000 ____D C:\Users\Alexander\AppData\Local\Packages
2013-12-26 17:47 - 2013-12-26 17:47 - 00000000 ____D C:\ProgramData\Steinberg
2013-12-26 17:45 - 2013-12-26 17:45 - 00002892 _____ () C:\WINDOWS\SysWOW64\audcon.sys
2013-12-26 17:45 - 2013-12-26 17:45 - 00000000 ____D C:\ProgramData\Syncrosoft
2013-12-26 16:02 - 2013-12-26 15:17 - 00000000 ____D C:\Program Files (x86)\MAGIX
2013-12-26 16:00 - 2013-12-26 16:00 - 00000000 ____D C:\Users\Alexander\Documents\MAGIX_Music_Maker_17_Silver
2013-12-26 15:59 - 2013-12-26 15:24 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\MAGIX
2013-12-26 15:59 - 2013-12-26 15:17 - 00000000 ____D C:\ProgramData\MAGIX
2013-12-26 15:25 - 2013-12-26 15:25 - 00000000 ____D C:\Users\Alexander\Documents\MAGIX
2013-12-26 15:17 - 2013-12-26 15:17 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-12-26 15:17 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2013-12-26 00:18 - 2013-12-20 20:10 - 00000000 ____D C:\Program Files (x86)\iCare Card Recovery Free
2013-12-24 15:57 - 2013-12-08 18:45 - 00000000 ____D C:\Users\Alexander\.gimp-2.8
2013-12-24 11:57 - 2013-11-16 17:05 - 00000000 ____D C:\Program Files (x86)\Epson Software
2013-12-24 11:53 - 2013-12-24 11:53 - 00000000 _____ C:\Users\Alexander\Sti_Trace.log
2013-12-22 15:31 - 2013-12-20 21:29 - 00000000 ____D C:\Tools
2013-12-22 14:12 - 2013-12-22 14:12 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\OpenOffice
2013-12-21 21:43 - 2013-12-21 21:43 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-21 21:41 - 2013-12-21 21:35 - 163606685 _____ C:\Users\Alexander\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2013-12-21 15:01 - 2013-09-11 17:32 - 00000000 ____D C:\Users\Alexander\AppData\Local\VirtualStore
2013-12-21 00:15 - 2013-12-07 00:04 - 00000000 ___DC C:\WINDOWS\Panther
2013-12-21 00:15 - 2013-09-14 12:55 - 00000000 ____D C:\Users\Alexander\AppData\Local\CrashDumps
2013-12-20 21:31 - 2013-12-20 20:43 - 00000000 ____D C:\AdwCleaner
2013-12-20 21:11 - 2013-12-20 21:11 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-20 20:44 - 2013-12-20 20:44 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-12-20 20:36 - 2013-12-20 20:36 - 00001185 _____ C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
2013-12-20 20:27 - 2013-12-20 20:27 - 00002780 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2013-12-20 20:27 - 2013-12-20 20:27 - 00000000 ____D C:\Program Files\CCleaner
2013-12-20 20:26 - 2013-12-20 20:26 - 03541544 _____ (Piriform Ltd) C:\Users\Alexander\Downloads\CCleaner.exe
2013-12-20 20:18 - 2013-12-10 18:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-20 20:17 - 2013-12-20 20:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Alexander\Downloads\Malewarebytes.exe
2013-12-20 20:09 - 2013-12-20 20:09 - 03774938 _____ (iCare Software                                              ) C:\Users\Alexander\Downloads\icare card recovery.exe
2013-12-20 20:01 - 2013-12-20 20:01 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2013-12-20 20:01 - 2013-12-20 20:01 - 00000000 ____D C:\Program Files (x86)\Convar
2013-12-18 20:00 - 2013-09-11 17:54 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-18 19:35 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-16 17:42 - 2013-12-16 17:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-12-15 12:25 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-15 12:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-15 12:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-15 12:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-15 12:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-14 12:52 - 2013-09-12 19:22 - 00000000 ____D C:\WINDOWS\system32\MRT

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-11 20:34

==================== End Of Log ============================
--- --- ---

--- --- ---



FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2014
Ran by Alexander at 2014-01-12 14:42:38
Running from C:\Users\Alexander\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

7-Zip 9.22 (x64 edition) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) Hidden
Anleitung für Epson Connect (x32 Version:  - )
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (x32 Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASUS Fan Filter Checker (x32 Version: 1.0.0001 - ASUS)
ASUS InstantOn (x32 Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (x32 Version: 3.1.9 - ASUS)
ASUS Live Update (x32 Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (Version: 2.1.7 - ASUS)
ASUS ROG Gaming Mouse (x32 Version: 2.00.020 - ASUS)
ASUS Screen Saver (Version: 1.0.0 - ASUS)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.03.0005 - ASUS)
ASUS USB Charger Plus (x32 Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (x32 Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (x32 Version: 1.0.0026 - ASUS)
AVG 2014 (Version: 14.0.3658 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
AVG SafeGuard toolbar (x32 Version: 17.3.0.49 - AVG Technologies)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CCleaner (Version: 4.08 - Piriform)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 7.0.0.2914 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.2914 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Druckerdeinstallation für EPSON XP-600 Series (Version:  - SEIKO EPSON Corporation)
Epson Benutzerhandbuch XP-600 Series (x32 Version:  - )
Epson Event Manager (x32 Version: 3.01.0005 - Seiko Epson Corporation)
Epson Netzwerkhandbuch XP-600 Series (x32 Version:  - )
EPSON Scan (x32 Version:  - Seiko Epson Corporation)
EpsonNet Print (x32 Version: 2.6.0 - SEIKO EPSON CORPORATION)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.27.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.12.827 (x32 Version: 3.12.12.827 - DVDVideoSoft Ltd.)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GeekBuddy (Version: 4.10.79 - Comodo Security Solutions Inc)
GIMP 2.8.10 (Version: 2.8.10 - The GIMP Team)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
iCare Card Recovery Free 2.0 (x32 Version:  - iCare Software)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
MAGIX Goya burnR (MSI) (x32 Version: 4.3.2.0 - MAGIX AG)
MAGIX Music Maker MX (x32 Version: 18.0.0.42 - MAGIX AG)
MAGIX Music Maker MX (x32 Version: 18.0.0.42 - MAGIX AG) Hidden
MAGIX Music Maker MX Update (Version: 18.0.4.1 - MAGIX AG) Hidden
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
MyBitCast 2.0 (x32 Version: 2.0 - ASUS)
NVIDIA 3D Vision Treiber 327.02 (Version: 327.02 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0613 (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2702 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation)
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Software Updater (x32 Version: 4.1.7 - SEIKO EPSON CORPORATION)
Synaptics Pointing Device Driver (Version: 16.2.11.7 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Text-To-Speech-Runtime (x32 Version: 1.0.0.0 - Magix Development GmbH)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (x32 Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (x32 Version: 2.41.1 - ASUS)

==================== Restore Points  =========================

26-12-2013 16:45:15 Installed Steinberg Cubase AI 5
04-01-2014 19:32:10 avast! antivirus system restore point
09-01-2014 16:52:54 Installed 7-Zip 9.22 (x64 edition)

==================== Hosts content: ==========================

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {124D346A-7E90-4B1A-BA0F-3CE30B844429} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {13E8A63E-0296-4545-BA9B-086B028EC284} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {1E741E9C-5276-4BC4-A867-1C207B0EDEB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-11] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {33C607B1-915E-4477-BCB9-0C62C2A0652A} - \ParetoLogic Update Version3 No Task File
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5B234D95-FAD9-436F-AD6C-E30BBC10187E} - \ParetoLogic Registration3 No Task File
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {87266708-9BF2-454E-A093-C00F85790616} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8BEA3F71-7A31-4342-B282-CC2DDEF4436A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-17] (Synaptics Incorporated)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A6B36914-1749-4BE3-825C-E1C222833B77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-11] (Google Inc.)
Task: {BD753FA2-31A1-4154-A7BC-AEDE05C74A6C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D0A06C1E-39A6-4EC7-BC51-58F35058200C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EA0E65FE-FC86-410B-A8CE-A54BF80D18C7} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-12-08 14:26 - 2013-12-08 14:26 - 00183808 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\ErrorReporting.dll
2012-09-29 19:02 - 2012-09-29 19:02 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-29 18:57 - 2012-09-29 18:57 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-09 19:17 - 2014-01-09 19:17 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2013-07-10 16:00 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-09-11 14:01 - 2012-09-11 14:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2011-03-09 13:21 - 2011-03-09 13:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 13:21 - 2011-03-09 13:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-12-06 21:06 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 21:06 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-06 21:06 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 21:06 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 21:06 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Alexander\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8143.19 MB
Available physical RAM: 5807.32 MB
Total Pagefile: 9423.19 MB
Available Pagefile: 6413.05 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.26 GB) (Free:317.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:537.6 GB) (Free:536.77 GB) NTFS
Drive e: () (Removable) (Total:29.71 GB) (Free:29.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2ADC1B83)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================
--- --- ---


Ist mein System vielleicht Kompromittiert? Und wenn mein Backup nicht sauber ist, hat eine Neuaufsetzung des Systems auch keinen Sinn. Selbst wenn es sauber ist, bräuchte ich ja erst einen nicht infizierten Recher um erst mein W-Lan-Schlüssel zu ändern.

Hast du da irgendeine Idee, wie man ermitteln könnte ob und wie Daten in der Art geändert werden können, Ohne gleich irgend eine forensische Ermittlung durchzuführen??

schrauber 13.01.2014 10:24
Da war nur Adware drauf, keine Daten weg, kein Grund zum Formatieren.
Geht Chrome wieder?


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:50 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131