Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8.1, "BKA/Interpol-Virus", Rechner läuft, Prozess im TM deaktiviert (https://www.trojaner-board.de/163733-windows-8-1-bka-interpol-virus-rechner-laeuft-prozess-tm-deaktiviert.html)

schrauber 11.02.2015 13:24
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ShortcutTarget: 75BA36AF7.lnk -> C:\PROGRA~3\7FA63AB57.cpp (No File)
Tcpip\..\Interfaces\{A5991357-9741-4C3E-BB6C-B10DE74BD949}: [NameServer] 156.154.70.25,156.154.71.25
Tcpip\..\Interfaces\{CE2573B1-6E34-444D-B297-E4E20EB9EDD5}: [NameServer] 156.154.70.25,156.154.71.25
S2 Winmgmt; C:\PROGRA~3\75BA36AF7.zot [X]
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte.


Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



Pappa Bear 11.02.2015 22:22
Na dann...

Fixlog:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by ***** at 2015-02-11 22:03:05 Run:1
Running from C:\Users\*****\Desktop\BKA-Virus Jan. 2015
Loaded Profiles: UpdatusUser & ***** (Available profiles: UpdatusUser & *****)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ShortcutTarget: 75BA36AF7.lnk -> C:\PROGRA~3\7FA63AB57.cpp (No File)
Tcpip\..\Interfaces\{A5991357-9741-4C3E-BB6C-B10DE74BD949}: [NameServer] 156.154.70.25,156.154.71.25
Tcpip\..\Interfaces\{CE2573B1-6E34-444D-B297-E4E20EB9EDD5}: [NameServer] 156.154.70.25,156.154.71.25
S2 Winmgmt; C:\PROGRA~3\75BA36AF7.zot [X]
Emptytemp:
       
*****************

C:\PROGRA~3\7FA63AB57.cpp not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A5991357-9741-4C3E-BB6C-B10DE74BD949}\\NameServer => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CE2573B1-6E34-444D-B297-E4E20EB9EDD5}\\NameServer => value deleted successfully.
Winmgmt => Service restored successfully.
EmptyTemp: => Removed 194.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:03:15 ====
FRST-Log: (Das ging diesmal sehr schnell, hatte binnen Sekunden ein Ergebnis. Danke, "Magier"! ;-) )

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by ***** (administrator) on WOHNZIMMER-PC on 11-02-2015 22:10:16
Running from C:\Users\*****\Desktop\BKA-Virus Jan. 2015
Loaded Profiles: UpdatusUser & ***** (Available profiles: UpdatusUser & *****)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2874256 2012-12-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1276488 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKU\S-1-5-21-1264040666-3370852229-1384236812-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\75BA36AF7.lnk
ShortcutTarget: 75BA36AF7.lnk -> C:\PROGRA~3\7FA63AB57.cpp (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1264040666-3370852229-1384236812-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-1264040666-3370852229-1384236812-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-1264040666-3370852229-1384236812-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/?fr=fp-comodo
HKU\S-1-5-21-1264040666-3370852229-1384236812-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1264040666-3370852229-1384236812-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ca48qdon.default
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://de.yahoo.com?fr=fp-comodo
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ca48qdon.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ca48qdon.default\searchplugins\google-maps.xml
FF Extension: Cliqz Beta - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ca48qdon.default\Extensions\cliqz@cliqz.com.xpi [2014-12-01]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-1264040666-3370852229-1384236812-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ca48qdon.default\extensions\cliqz@cliqz.com

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-13] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-13] (COMODO)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-11-29] (Foxit Software Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-07-08] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2014-12-09] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2014-12-09] (COMODO)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2014-12-09] (COMODO)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-07-08] (Dritek System Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 10:22 - 2015-02-11 21:56 - 00000000 _____ () C:\Users\*****\Desktop\Neues Textdokument.txt
2015-02-08 19:46 - 2015-02-08 21:02 - 00000000 ____D () C:\AdwCleaner
2015-02-08 19:41 - 2015-02-08 20:12 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 19:41 - 2015-02-08 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-08 19:41 - 2015-02-08 19:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-08 19:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-08 19:41 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-08 19:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-08 13:01 - 2015-02-08 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-08 02:13 - 2015-02-08 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-08 02:13 - 2015-02-08 02:13 - 00000000 ____D () C:\Program Files\7-Zip
2015-02-08 00:42 - 2015-02-11 22:10 - 00000000 ____D () C:\FRST
2015-02-08 00:39 - 2015-02-08 00:39 - 00000000 _____ () C:\Users\*****\defogger_reenable
2015-02-08 00:33 - 2015-02-11 22:10 - 00000000 ____D () C:\Users\*****\Desktop\BKA-Virus Jan. 2015
2015-02-07 21:20 - 2015-02-07 21:21 - 00000000 ____D () C:\Users\*****\Doctor Web
2015-01-30 22:12 - 2015-01-30 22:12 - 542121823 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-30 22:12 - 2015-01-30 22:12 - 00787856 _____ () C:\WINDOWS\Minidump\013015-22203-01.dmp
2015-01-30 22:12 - 2015-01-30 22:12 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-23 17:18 - 2015-01-23 17:18 - 00000424 _____ () C:\Users\*****\Desktop\Dieser PC - Verknüpfung.lnk
2015-01-18 16:27 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-18 16:27 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-18 16:27 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-18 16:27 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-18 16:27 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-18 16:27 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-18 16:27 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-18 16:27 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-18 16:27 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-18 16:27 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-18 16:27 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-18 16:27 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-18 16:27 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-18 16:27 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-18 16:27 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-18 16:27 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-18 16:27 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-18 16:27 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-18 16:27 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-18 16:27 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-18 16:27 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-18 16:27 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-18 16:27 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-18 16:27 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-18 16:27 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-18 16:27 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-18 16:27 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-18 16:27 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-18 16:27 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-18 16:27 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-18 16:27 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 22:10 - 2014-11-30 14:06 - 01700480 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-11 22:10 - 2014-03-04 03:24 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1264040666-3370852229-1384236812-1002
2015-02-11 22:10 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-11 22:07 - 2014-11-30 14:56 - 00000000 ___DO () C:\Users\*****\OneDrive
2015-02-11 22:04 - 2014-11-29 22:31 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
2015-02-11 22:04 - 2014-09-23 22:06 - 00156664 _____ () C:\WINDOWS\PFRO.log
2015-02-11 22:04 - 2013-08-22 15:46 - 00327939 _____ () C:\WINDOWS\setupact.log
2015-02-11 22:04 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-11 22:04 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-11 22:02 - 2014-12-14 10:56 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-11 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-11 21:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-10 22:06 - 2014-11-30 14:13 - 00000000 ____D () C:\Users\*****
2015-02-08 21:03 - 2014-05-18 22:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-08 20:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-02-07 21:02 - 2014-12-14 10:56 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2014-12-13 09:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-13 09:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 23:10 - 2014-03-04 03:16 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Adobe
2015-01-26 15:22 - 2014-09-24 07:17 - 02121612 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-26 15:22 - 2014-09-24 06:43 - 01021576 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-26 15:22 - 2014-09-24 06:43 - 00243696 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-26 08:33 - 2014-11-29 18:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-26 08:29 - 2014-11-29 18:10 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-23 17:21 - 2014-07-26 18:53 - 00000000 ____D () C:\Users\*****\AppData\Local\clear.fi

==================== Files in the root of some directories =======

2013-07-08 15:44 - 2013-07-08 15:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-10 10:35

==================== End Of Log ============================
--- --- ---


Addition-Log:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by ***** at 2015-02-11 22:11:16
Running from C:\Users\*****\Desktop\BKA-Virus Jan. 2015
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Out of date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{81C6F800-A69B-4E70-9DC0-74732F8B00E7}) (Version: 1.00.3015 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
COMODO Internet Security Premium (HKLM\...\{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}) (Version: 8.0.0.4337 - COMODO Security Solutions Inc.)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.17.002_WHQL (HKLM\...\Elantech) (Version: 11.6.17.002 - ELAN Microelectronic Corp.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NVIDIA Grafiktreiber 311.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.30 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Qualcomm Atheros Communications Inc.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28124 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1264040666-3370852229-1384236812-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

26-01-2015 08:25:28 Windows Update
08-02-2015 02:13:18 Installed 7-Zip 9.20 (x64 edition)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {34B5F279-7DA5-4330-87BD-89D99E9ECCBA} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2013-02-08] ()
Task: {35AB068A-60B1-4F7F-848C-7E37C6E048BD} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-08] (CyberLink)
Task: {52C554B3-246C-46D3-B6AD-7FA1E64E0629} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-13] (COMODO)
Task: {64421EE9-B0FD-4208-B753-8858889B1BFA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-26] (Microsoft Corporation)
Task: {6E403754-8FE2-467A-BEA5-B027DE37D598} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {7B908A10-3C74-4CD2-86BE-C7F7C5AD3155} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-27] (Adobe Systems Incorporated)
Task: {998BB934-9149-41A3-98F8-0A0C390F9458} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {CD32ACF4-E397-40C2-86C6-CB2B91014807} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-13] (COMODO)
Task: {D94CFF4C-A713-4825-9F9E-09DA961ED5B8} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {D9B313DA-8103-4F47-A417-147527C4920C} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2013-02-08] ()
Task: {DB98D47B-A1AE-4C5B-8F2B-E318A3334ECD} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-13] (COMODO)
Task: {DC757743-9568-45D6-9C81-B6F9114E4156} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-23] (Acer Incorporated)
Task: {DFD3FD88-BD72-4726-958E-DCE6DDD552D4} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-13] (COMODO)
Task: {F445B4EE-FF5C-412F-B093-3A387E8AF118} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {F451AF5B-5FE4-4CA1-AC2C-5B8B0B9608C4} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-13] (COMODO)
Task: {FCA61716-C2ED-4049-86A2-E1F180474BEE} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {FE3D98E8-E388-45D4-9B38-A44BD6C31DF5} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-13] (COMODO)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2013-07-08 16:06 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-01-28 13:45 - 2013-01-28 13:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 13:42 - 2013-01-28 13:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 13:47 - 2013-01-28 13:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2013-02-08 22:24 - 2013-02-08 22:24 - 00044616 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2013-02-08 22:24 - 2013-02-08 22:24 - 00025672 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2013-07-08 15:35 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-08 13:01 - 2015-02-08 13:01 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lockscreencn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcr120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SET745D.tmp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhRichClient3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlite36_engine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msgpioclx.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwififlt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwifimp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\*****\OneDrive:ms-properties
AlternateDataStreams: C:\Users\*****\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe:$CmdTcID
AlternateDataStreams: C:\Users\*****\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe:$CmdZnID
AlternateDataStreams: C:\Users\*****\Downloads\document.pdf:$CmdTcID
AlternateDataStreams: C:\Users\*****\Downloads\document.pdf:$CmdZnID
AlternateDataStreams: C:\Users\*****\Downloads\Finanzreport_Nr.10_vom_04.11.2014665154.pdf:$CmdTcID
AlternateDataStreams: C:\Users\*****\Downloads\Finanzreport_Nr.10_vom_04.11.2014665154.pdf:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1264040666-3370852229-1384236812-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1264040666-3370852229-1384236812-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1264040666-3370852229-1384236812-1002\...\StartupApproved\StartupFolder: => "75BA36AF7.lnk"

==================== Accounts: =============================

Administrator (S-1-5-21-1264040666-3370852229-1384236812-500 - Administrator - Disabled)
***** (S-1-5-21-1264040666-3370852229-1384236812-1002 - Administrator - Enabled) => C:\Users\*****
Gast (S-1-5-21-1264040666-3370852229-1384236812-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1264040666-3370852229-1384236812-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2015 09:48:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 7.0.3013.0, Zeitstempel: 0x5142c4ea
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 7.0.3013.0, Zeitstempel: 0x5142c4ea
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000792c
ID des fehlerhaften Prozesses: 0xfd8
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3
Vollständiger Name des fehlerhaften Pakets: ePowerTray.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ePowerTray.exe5

Error: (02/10/2015 09:30:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerSvc.exe, Version: 7.0.3013.0, Zeitstempel: 0x5142c4d9
Name des fehlerhaften Moduls: ePowerSvc.exe, Version: 7.0.3013.0, Zeitstempel: 0x5142c4d9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000aa80
ID des fehlerhaften Prozesses: 0xe98
Startzeit der fehlerhaften Anwendung: 0xePowerSvc.exe0
Pfad der fehlerhaften Anwendung: ePowerSvc.exe1
Pfad des fehlerhaften Moduls: ePowerSvc.exe2
Berichtskennung: ePowerSvc.exe3
Vollständiger Name des fehlerhaften Pakets: ePowerSvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ePowerSvc.exe5

Error: (02/10/2015 09:29:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Notification.exe, Version: 6.0.3007.0, Zeitstempel: 0x50ffcf8d
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebf2e
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000606c
ID des fehlerhaften Prozesses: 0x16f4
Startzeit der fehlerhaften Anwendung: 0xNotification.exe0
Pfad der fehlerhaften Anwendung: Notification.exe1
Pfad des fehlerhaften Moduls: Notification.exe2
Berichtskennung: Notification.exe3
Vollständiger Name des fehlerhaften Pakets: Notification.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Notification.exe5

Error: (02/10/2015 09:29:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Notification.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.COMException
Stapel:
  bei System.Management.ManagementScope.Initialize()
  bei System.Management.ManagementObjectSearcher.Initialize()
  bei System.Management.ManagementObjectSearcher.Get()
  bei Notification.eRyBaseFunction.CheckPQServiceartition()
  bei Notification.App.Main(System.String[])

Error: (02/10/2015 09:20:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/10/2015 09:18:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/10/2015 01:05:38 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (02/10/2015 01:05:38 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (02/10/2015 01:05:38 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (02/10/2015 01:05:37 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (02/11/2015 10:03:58 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (02/11/2015 10:02:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (02/11/2015 10:02:13 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/11/2015 10:00:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (02/11/2015 10:00:13 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/11/2015 09:58:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (02/11/2015 09:58:13 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/11/2015 09:56:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (02/11/2015 09:56:13 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/10/2015 10:06:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126


Microsoft Office Sessions:
=========================
Error: (02/10/2015 09:48:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe7.0.3013.05142c4eaePowerTray.exe7.0.3013.05142c4eac0000005000000000000792cfd801d0450a3554764dC:\Program Files\Acer\Acer Power Management\ePowerTray.exeC:\Program Files\Acer\Acer Power Management\ePowerTray.exe97f6e72c-b101-11e4-be89-2cd05af9bb94

Error: (02/10/2015 09:30:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerSvc.exe7.0.3013.05142c4d9ePowerSvc.exe7.0.3013.05142c4d9c0000005000000000000aa80e9801d0450a35af10b5C:\Program Files\Acer\Acer Power Management\ePowerSvc.exeC:\Program Files\Acer\Acer Power Management\ePowerSvc.exe1413ad00-b0ff-11e4-be89-2cd05af9bb94

Error: (02/10/2015 09:29:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Notification.exe6.0.3007.050ffcf8dKERNELBASE.dll6.3.9600.1727853eebf2ee0434352000000000000606c16f401d0450b8914ad1eC:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exeC:\WINDOWS\system32\KERNELBASE.dlleb0f3849-b0fe-11e4-be89-2cd05af9bb94

Error: (02/10/2015 09:29:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Notification.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.COMException
Stapel:
  bei System.Management.ManagementScope.Initialize()
  bei System.Management.ManagementObjectSearcher.Initialize()
  bei System.Management.ManagementObjectSearcher.Get()
  bei Notification.eRyBaseFunction.CheckPQServiceartition()
  bei Notification.App.Main(System.String[])

Error: (02/10/2015 09:20:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/10/2015 09:18:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\*****\Desktop\BKA-Virus Jan. 2015\esetsmartinstaller_deu.exe

Error: (02/10/2015 01:05:38 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (02/10/2015 01:05:38 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (02/10/2015 01:05:38 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (02/10/2015 01:05:37 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe


CodeIntegrity Errors:
===================================
  Date: 2015-02-11 22:09:39.980
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-11 21:56:30.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-10 21:37:34.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-10 10:29:56.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-10 10:23:30.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-10 09:59:06.385
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-10 09:40:34.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-10 09:19:02.182
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 23:38:35.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 23:11:16.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 26%
Total physical RAM: 8010.27 MB
Available physical RAM: 5857.55 MB
Total Pagefile: 16202.27 MB
Available Pagefile: 13601.3 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:913.26 GB) (Free:869.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D0200254)

Partition: GPT Partition Type.

==================== End Of Log ============================
Und zum Schluss die FSS-Log:
Code:
Farbar Service Scanner Version: 17-01-2015
Ran by ***** (administrator) on 11-02-2015 at 22:19:15
Running from "C:\Users\*****\Desktop\BKA-Virus Jan. 2015"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

schrauber 12.02.2015 18:19
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\75BA36AF7.lnk
ShortcutTarget: 75BA36AF7.lnk -> C:\PROGRA~3\7FA63AB57.cpp (No File)

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Noch Probleme?

Pappa Bear 12.02.2015 22:02
Fixlog
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by ***** at 2015-02-12 21:44:07 Run:2
Running from C:\Users\*****\Desktop\BKA-Virus Jan. 2015
Loaded Profiles: UpdatusUser & ***** (Available profiles: UpdatusUser & *****)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\75BA36AF7.lnk
ShortcutTarget: 75BA36AF7.lnk -> C:\PROGRA~3\7FA63AB57.cpp (No File)
       
*****************

C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\75BA36AF7.lnk not found.
C:\PROGRA~3\7FA63AB57.cpp not found.

==== End of Fixlog 21:44:07 ====
1.: Kann die "7FA63AB57.cpp" noch im Taskmanager im Autostart sehen (ist deaktiviert), allerdings ist die Option "Dateipfad öffnen" ausgeblendet. Hätte gedacht, dass die irgendwie wieder verschwindet. Die Datei ist ja offensichtlich nicht mehr auf dem Rechner. Soll ich den einfach mal wieder aktivieren, oder kann da noch was passieren?!

2.: Soll ich den JRT auch noch mal drüber rasseln lassen, oder ist das jetzt hinfällig?

schrauber 13.02.2015 07:16
JRT brauchste nit. Ja aktivieren, dann den Fix wiederholen.

Pappa Bear 13.02.2015 08:00
Fixlog:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by ***** at 2015-02-13 07:54:04 Run:3
Running from C:\Users\*****\Desktop\BKA-Virus Jan. 2015
Loaded Profiles: UpdatusUser & ***** (Available profiles: UpdatusUser & *****)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\75BA36AF7.lnk
ShortcutTarget: 75BA36AF7.lnk -> C:\PROGRA~3\7FA63AB57.cpp (No File)
       
*****************

C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\75BA36AF7.lnk => Moved successfully.
C:\PROGRA~3\7FA63AB57.cpp not found.

==== End of Fixlog 07:54:04 ====
Eintrag ist nun aus dem TM verschwunden. (Hatte beim letzten Mal das Rückwandeln in User-spezifische Daten vergessen... :facepalm)

FRST-Log:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by ***** (administrator) on WOHNZIMMER-PC on 13-02-2015 07:55:56
Running from C:\Users\*****\Desktop\BKA-Virus Jan. 2015
Loaded Profiles: UpdatusUser & ***** (Available profiles: UpdatusUser & *****)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
Failed to access process -> dllhost.exe
Failed to access process -> dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2874256 2012-12-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1276488 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKU\S-1-5-21-1264040666-3370852229-1384236812-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1264040666-3370852229-1384236812-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-1264040666-3370852229-1384236812-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-1264040666-3370852229-1384236812-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/?fr=fp-comodo
HKU\S-1-5-21-1264040666-3370852229-1384236812-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1264040666-3370852229-1384236812-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ca48qdon.default
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://de.yahoo.com?fr=fp-comodo
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ca48qdon.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ca48qdon.default\searchplugins\google-maps.xml
FF Extension: Cliqz Beta - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ca48qdon.default\Extensions\cliqz@cliqz.com.xpi [2014-12-01]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-1264040666-3370852229-1384236812-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ca48qdon.default\extensions\cliqz@cliqz.com

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-02-12] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-02-12] (COMODO)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-11-29] (Foxit Software Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-07-08] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2015-01-30] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2015-01-30] (COMODO)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2015-01-30] (COMODO)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-07-08] (Dritek System Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 10:22 - 2015-02-11 21:56 - 00000000 _____ () C:\Users\*****\Desktop\Neues Textdokument.txt
2015-02-08 19:46 - 2015-02-08 21:02 - 00000000 ____D () C:\AdwCleaner
2015-02-08 19:41 - 2015-02-08 20:12 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 19:41 - 2015-02-08 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-08 19:41 - 2015-02-08 19:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-08 19:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-08 19:41 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-08 19:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-08 13:01 - 2015-02-08 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-08 02:13 - 2015-02-08 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-08 02:13 - 2015-02-08 02:13 - 00000000 ____D () C:\Program Files\7-Zip
2015-02-08 00:42 - 2015-02-13 07:56 - 00000000 ____D () C:\FRST
2015-02-08 00:39 - 2015-02-08 00:39 - 00000000 _____ () C:\Users\*****\defogger_reenable
2015-02-08 00:33 - 2015-02-13 07:55 - 00000000 ____D () C:\Users\*****\Desktop\BKA-Virus Jan. 2015
2015-02-07 21:20 - 2015-02-07 21:21 - 00000000 ____D () C:\Users\*****\Doctor Web
2015-01-30 22:12 - 2015-01-30 22:12 - 542121823 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-30 22:12 - 2015-01-30 22:12 - 00787856 _____ () C:\WINDOWS\Minidump\013015-22203-01.dmp
2015-01-30 22:12 - 2015-01-30 22:12 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-23 17:18 - 2015-01-23 17:18 - 00000424 _____ () C:\Users\*****\Desktop\Dieser PC - Verknüpfung.lnk
2015-01-18 16:27 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-18 16:27 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-18 16:27 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-18 16:27 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-18 16:27 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-18 16:27 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-18 16:27 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-18 16:27 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-18 16:27 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-18 16:27 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-18 16:27 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-18 16:27 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-18 16:27 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-18 16:27 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-18 16:27 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-18 16:27 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-18 16:27 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-18 16:27 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-18 16:27 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-18 16:27 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-18 16:27 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-18 16:27 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-18 16:27 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-18 16:27 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-18 16:27 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-18 16:27 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-18 16:27 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-18 16:27 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-18 16:27 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-18 16:27 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-18 16:27 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 07:52 - 2014-11-29 22:31 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
2015-02-13 07:51 - 2014-11-30 14:06 - 01935306 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-13 07:50 - 2014-11-30 14:56 - 00000000 __RDO () C:\Users\*****\OneDrive
2015-02-13 07:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-12 23:02 - 2014-12-14 10:56 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-12 22:18 - 2014-03-04 03:24 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1264040666-3370852229-1384236812-1002
2015-02-12 21:50 - 2014-09-24 07:17 - 02121612 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-12 21:50 - 2014-09-24 06:43 - 01021576 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-12 21:50 - 2014-09-24 06:43 - 00243696 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-12 21:45 - 2014-12-13 09:41 - 00003996 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
2015-02-12 21:45 - 2013-08-22 15:46 - 00328016 _____ () C:\WINDOWS\setupact.log
2015-02-12 21:45 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-12 21:45 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-11 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 22:12 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-11 22:04 - 2014-09-23 22:06 - 00156664 _____ () C:\WINDOWS\PFRO.log
2015-02-10 22:06 - 2014-11-30 14:13 - 00000000 ____D () C:\Users\*****
2015-02-08 21:03 - 2014-05-18 22:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-08 20:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-02-07 21:02 - 2014-12-14 10:56 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2014-12-13 09:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-13 09:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 23:10 - 2014-03-04 03:16 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Adobe
2015-01-30 13:27 - 2014-11-13 10:53 - 00807568 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-01-30 13:27 - 2014-11-13 10:53 - 00126208 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-01-30 13:27 - 2014-11-13 10:53 - 00035080 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2015-01-30 13:27 - 2014-11-13 10:53 - 00020184 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2015-01-30 13:27 - 2014-11-13 10:52 - 00481576 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-01-30 13:27 - 2014-11-13 10:52 - 00386768 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-01-30 13:27 - 2014-11-13 10:52 - 00354520 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2015-01-30 13:27 - 2014-11-13 10:52 - 00286424 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2015-01-30 13:27 - 2014-11-13 10:52 - 00045784 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2015-01-30 13:27 - 2014-11-13 10:52 - 00040736 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2015-01-30 13:27 - 2014-11-13 10:52 - 00040664 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2015-01-26 08:33 - 2014-11-29 18:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-26 08:29 - 2014-11-29 18:10 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-23 17:21 - 2014-07-26 18:53 - 00000000 ____D () C:\Users\*****\AppData\Local\clear.fi

==================== Files in the root of some directories =======

2013-07-08 15:44 - 2013-07-08 15:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-12 22:18

==================== End Of Log ============================
--- --- ---


Addition-Log:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by ***** at 2015-02-13 07:57:00
Running from C:\Users\*****\Desktop\BKA-Virus Jan. 2015
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{81C6F800-A69B-4E70-9DC0-74732F8B00E7}) (Version: 1.00.3015 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
COMODO Internet Security Premium (HKLM\...\{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}) (Version: 8.0.0.4337 - COMODO Security Solutions Inc.)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.17.002_WHQL (HKLM\...\Elantech) (Version: 11.6.17.002 - ELAN Microelectronic Corp.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NVIDIA Grafiktreiber 311.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.30 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Qualcomm Atheros Communications Inc.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28124 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1264040666-3370852229-1384236812-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

26-01-2015 08:25:28 Windows Update
08-02-2015 02:13:18 Installed 7-Zip 9.20 (x64 edition)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {34B5F279-7DA5-4330-87BD-89D99E9ECCBA} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2013-02-08] ()
Task: {35AB068A-60B1-4F7F-848C-7E37C6E048BD} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-08] (CyberLink)
Task: {52C554B3-246C-46D3-B6AD-7FA1E64E0629} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-12] (COMODO)
Task: {6E403754-8FE2-467A-BEA5-B027DE37D598} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {7B908A10-3C74-4CD2-86BE-C7F7C5AD3155} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-27] (Adobe Systems Incorporated)
Task: {998BB934-9149-41A3-98F8-0A0C390F9458} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {CD32ACF4-E397-40C2-86C6-CB2B91014807} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-12] (COMODO)
Task: {D94CFF4C-A713-4825-9F9E-09DA961ED5B8} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {D9B313DA-8103-4F47-A417-147527C4920C} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2013-02-08] ()
Task: {DB98D47B-A1AE-4C5B-8F2B-E318A3334ECD} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-02-12] (COMODO)
Task: {DC757743-9568-45D6-9C81-B6F9114E4156} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-23] (Acer Incorporated)
Task: {DFD3FD88-BD72-4726-958E-DCE6DDD552D4} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-02-12] (COMODO)
Task: {F445B4EE-FF5C-412F-B093-3A387E8AF118} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {F451AF5B-5FE4-4CA1-AC2C-5B8B0B9608C4} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-12] (COMODO)
Task: {FAE8994F-6498-4FF1-93F0-B42056908450} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-26] (Microsoft Corporation)
Task: {FCA61716-C2ED-4049-86A2-E1F180474BEE} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {FE3D98E8-E388-45D4-9B38-A44BD6C31DF5} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-12] (COMODO)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-07-08 16:06 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-01-28 13:45 - 2013-01-28 13:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 13:42 - 2013-01-28 13:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 13:47 - 2013-01-28 13:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2013-02-08 22:24 - 2013-02-08 22:24 - 00044616 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2013-02-08 22:24 - 2013-02-08 22:24 - 00025672 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2013-07-08 15:35 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-08 13:01 - 2015-02-08 13:01 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lockscreencn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcr120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SET745D.tmp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhRichClient3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlite36_engine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msgpioclx.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwififlt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwifimp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\*****\OneDrive:ms-properties
AlternateDataStreams: C:\Users\*****\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe:$CmdTcID
AlternateDataStreams: C:\Users\*****\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe:$CmdZnID
AlternateDataStreams: C:\Users\*****\Downloads\document.pdf:$CmdTcID
AlternateDataStreams: C:\Users\*****\Downloads\document.pdf:$CmdZnID
AlternateDataStreams: C:\Users\*****\Downloads\Finanzreport_Nr.10_vom_04.11.2014665154.pdf:$CmdTcID
AlternateDataStreams: C:\Users\*****\Downloads\Finanzreport_Nr.10_vom_04.11.2014665154.pdf:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1264040666-3370852229-1384236812-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1264040666-3370852229-1384236812-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1264040666-3370852229-1384236812-500 - Administrator - Disabled)
***** (S-1-5-21-1264040666-3370852229-1384236812-1002 - Administrator - Enabled) => C:\Users\*****
Gast (S-1-5-21-1264040666-3370852229-1384236812-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1264040666-3370852229-1384236812-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2015 10:32:11 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (02/12/2015 10:32:11 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (02/12/2015 10:32:11 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (02/10/2015 09:48:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 7.0.3013.0, Zeitstempel: 0x5142c4ea
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 7.0.3013.0, Zeitstempel: 0x5142c4ea
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000792c
ID des fehlerhaften Prozesses: 0xfd8
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3
Vollständiger Name des fehlerhaften Pakets: ePowerTray.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ePowerTray.exe5

Error: (02/10/2015 09:30:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerSvc.exe, Version: 7.0.3013.0, Zeitstempel: 0x5142c4d9
Name des fehlerhaften Moduls: ePowerSvc.exe, Version: 7.0.3013.0, Zeitstempel: 0x5142c4d9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000aa80
ID des fehlerhaften Prozesses: 0xe98
Startzeit der fehlerhaften Anwendung: 0xePowerSvc.exe0
Pfad der fehlerhaften Anwendung: ePowerSvc.exe1
Pfad des fehlerhaften Moduls: ePowerSvc.exe2
Berichtskennung: ePowerSvc.exe3
Vollständiger Name des fehlerhaften Pakets: ePowerSvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ePowerSvc.exe5

Error: (02/10/2015 09:29:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Notification.exe, Version: 6.0.3007.0, Zeitstempel: 0x50ffcf8d
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebf2e
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000606c
ID des fehlerhaften Prozesses: 0x16f4
Startzeit der fehlerhaften Anwendung: 0xNotification.exe0
Pfad der fehlerhaften Anwendung: Notification.exe1
Pfad des fehlerhaften Moduls: Notification.exe2
Berichtskennung: Notification.exe3
Vollständiger Name des fehlerhaften Pakets: Notification.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Notification.exe5

Error: (02/10/2015 09:29:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Notification.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.COMException
Stapel:
  bei System.Management.ManagementScope.Initialize()
  bei System.Management.ManagementObjectSearcher.Initialize()
  bei System.Management.ManagementObjectSearcher.Get()
  bei Notification.eRyBaseFunction.CheckPQServiceartition()
  bei Notification.App.Main(System.String[])

Error: (02/10/2015 09:20:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/10/2015 09:18:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/10/2015 01:05:38 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.


System errors:
=============
Error: (02/11/2015 10:03:58 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (02/11/2015 10:02:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (02/11/2015 10:02:13 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/11/2015 10:00:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (02/11/2015 10:00:13 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/11/2015 09:58:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (02/11/2015 09:58:13 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/11/2015 09:56:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126

Error: (02/11/2015 09:56:13 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/10/2015 10:06:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126


Microsoft Office Sessions:
=========================
Error: (02/12/2015 10:32:11 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (02/12/2015 10:32:11 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (02/12/2015 10:32:11 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (02/10/2015 09:48:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe7.0.3013.05142c4eaePowerTray.exe7.0.3013.05142c4eac0000005000000000000792cfd801d0450a3554764dC:\Program Files\Acer\Acer Power Management\ePowerTray.exeC:\Program Files\Acer\Acer Power Management\ePowerTray.exe97f6e72c-b101-11e4-be89-2cd05af9bb94

Error: (02/10/2015 09:30:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerSvc.exe7.0.3013.05142c4d9ePowerSvc.exe7.0.3013.05142c4d9c0000005000000000000aa80e9801d0450a35af10b5C:\Program Files\Acer\Acer Power Management\ePowerSvc.exeC:\Program Files\Acer\Acer Power Management\ePowerSvc.exe1413ad00-b0ff-11e4-be89-2cd05af9bb94

Error: (02/10/2015 09:29:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Notification.exe6.0.3007.050ffcf8dKERNELBASE.dll6.3.9600.1727853eebf2ee0434352000000000000606c16f401d0450b8914ad1eC:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exeC:\WINDOWS\system32\KERNELBASE.dlleb0f3849-b0fe-11e4-be89-2cd05af9bb94

Error: (02/10/2015 09:29:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Notification.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.COMException
Stapel:
  bei System.Management.ManagementScope.Initialize()
  bei System.Management.ManagementObjectSearcher.Initialize()
  bei System.Management.ManagementObjectSearcher.Get()
  bei Notification.eRyBaseFunction.CheckPQServiceartition()
  bei Notification.App.Main(System.String[])

Error: (02/10/2015 09:20:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/10/2015 09:18:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\*****\Desktop\BKA-Virus Jan. 2015\esetsmartinstaller_deu.exe

Error: (02/10/2015 01:05:38 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4


CodeIntegrity Errors:
===================================
  Date: 2015-02-12 22:38:25.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-12 21:48:52.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-12 21:42:51.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-11 22:09:39.980
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-11 21:56:30.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-10 21:37:34.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-10 10:29:56.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-10 10:23:30.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-10 09:59:06.385
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-10 09:40:34.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 21%
Total physical RAM: 8010.27 MB
Available physical RAM: 6258.27 MB
Total Pagefile: 16202.27 MB
Available Pagefile: 13646.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:913.26 GB) (Free:869.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D0200254)

Partition: GPT Partition Type.

==================== End Of Log ============================
Noch einmal Danke für deine Mühe!

schrauber 13.02.2015 17:26
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Pappa Bear 14.02.2015 20:56
Hallo Schrauber,

hiermit nun die Rückmeldung, die du dir erwünscht hattest.

Habe alle Schritte abgearbeitet und nix auffäliges mehr entdecken können.

Ich möchte mich noch ein letztes Mal herzlich bei dir bedanken für deinen Einsatz und die Zeit, die du in mich und dieses Problem investiert hast. Ihr seid ein Spitzenteam!!!

Also dann, mach es gut! Ich hoffe, dass ich nicht so schnell wieder auf eure Hilfe angewiesen sein werde.

Viele Grüße,
Pappa Bear.

schrauber 15.02.2015 15:22
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:09 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131