Hallo Schrauber,
vielen Dank für deine Hilfe.
MBAM Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Update, 09.02.2015 09:03:38, SYSTEM, ML, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 09.02.2015 09:03:39, SYSTEM, ML, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1,
Protection, 09.02.2015 09:03:41, SYSTEM, ML, Protection, Malware Protection, Starting,
Protection, 09.02.2015 09:03:41, SYSTEM, ML, Protection, Malware Protection, Started,
Protection, 09.02.2015 09:03:41, SYSTEM, ML, Protection, Malicious Website Protection, Starting,
Protection, 09.02.2015 09:03:43, SYSTEM, ML, Protection, Malicious Website Protection, Started,
Update, 09.02.2015 09:03:45, SYSTEM, ML, Manual, Malware Database, 2014.11.20.6, 2015.2.9.3,
Protection, 09.02.2015 09:03:46, SYSTEM, ML, Protection, Refresh, Starting,
Protection, 09.02.2015 09:03:46, SYSTEM, ML, Protection, Malicious Website Protection, Stopping,
Protection, 09.02.2015 09:03:46, SYSTEM, ML, Protection, Malicious Website Protection, Stopped,
Protection, 09.02.2015 09:04:29, SYSTEM, ML, Protection, Refresh, Success,
Protection, 09.02.2015 09:04:29, SYSTEM, ML, Protection, Malicious Website Protection, Starting,
Protection, 09.02.2015 09:04:31, SYSTEM, ML, Protection, Malicious Website Protection, Started,
Scan, 09.02.2015 10:03:05, SYSTEM, ML, Manual, Start:09.02.2015 09:05:04, Duration:53 min 40 sec, Threat Scan, Completed, 1 Malware Detection, 3 Non-Malware Detections,
Protection, 09.02.2015 10:08:13, SYSTEM, ML, Protection, Malware Protection, Starting,
Protection, 09.02.2015 10:08:13, SYSTEM, ML, Protection, Malware Protection, Started,
Protection, 09.02.2015 10:08:13, SYSTEM, ML, Protection, Malicious Website Protection, Starting,
Protection, 09.02.2015 10:09:26, SYSTEM, ML, Protection, Malicious Website Protection, Started,
Update, 09.02.2015 11:12:39, SYSTEM, ML, Scheduler, Malware Database, 2015.2.9.3, 2015.2.9.4,
Protection, 09.02.2015 11:12:40, SYSTEM, ML, Protection, Refresh, Starting,
Protection, 09.02.2015 11:12:40, SYSTEM, ML, Protection, Malicious Website Protection, Stopping,
Protection, 09.02.2015 11:12:40, SYSTEM, ML, Protection, Malicious Website Protection, Stopped,
Protection, 09.02.2015 11:16:17, SYSTEM, ML, Protection, Refresh, Success,
Protection, 09.02.2015 11:16:17, SYSTEM, ML, Protection, Malicious Website Protection, Starting,
Protection, 09.02.2015 11:16:18, SYSTEM, ML, Protection, Malicious Website Protection, Started,
Protection, 09.02.2015 11:31:01, SYSTEM, ML, Protection, Malware Protection, Starting,
Protection, 09.02.2015 11:31:01, SYSTEM, ML, Protection, Malware Protection, Started,
Protection, 09.02.2015 11:31:01, SYSTEM, ML, Protection, Malicious Website Protection, Starting,
Protection, 09.02.2015 11:31:39, SYSTEM, ML, Protection, Malicious Website Protection, Started,
(end) Code:
# AdwCleaner v4.110 - Bericht erstellt 09/02/2015 um 11:29:18
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-08.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : a_hsa - ML
# Gestarted von : C:\Users\a_hsa\Downloads\AdwCleaner_4.110.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\a_hsa\AppData\Roaming\Mozilla\Firefox\Profiles\nxrilbtr.default-1423123967461\foxydeal.sqlite
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Comodo Dragon v36.1.1.21
*************************
AdwCleaner[R0].txt - [5306 Bytes] - [05/02/2015 09:44:10]
AdwCleaner[R1].txt - [5367 Bytes] - [05/02/2015 10:27:51]
AdwCleaner[R2].txt - [1170 Bytes] - [09/02/2015 11:16:05]
AdwCleaner[S0].txt - [4141 Bytes] - [05/02/2015 12:11:37]
AdwCleaner[S1].txt - [1093 Bytes] - [09/02/2015 11:29:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1152 Bytes] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by a_hsa on 09.02.2015 at 12:06:00,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2723630736-2526727609-1248015878-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.02.2015 at 13:11:24,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by a_hsa (administrator) on ML on 09-02-2015 13:20:02
Running from C:\Users\a_hsa\Downloads
Loaded Profiles: a_hsa (Available profiles: a_hsa)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\QAMsg.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Quick Access\QuickAccess.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\PDF Architect 2.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\ws.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-10-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-02-07] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2723630736-2526727609-1248015878-1001 -> {2C9D55A0-0DBB-4600-8A66-A3BFC43E7FD8} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\a_hsa\AppData\Roaming\Mozilla\Firefox\Profiles\nxrilbtr.default-1423123967461
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Extension: Avira Browser Safety - C:\Users\a_hsa\AppData\Roaming\Mozilla\Firefox\Profiles\nxrilbtr.default-1423123967461\Extensions\abs@avira.com [2015-02-05]
FF Extension: FireShot - C:\Users\a_hsa\AppData\Roaming\Mozilla\Firefox\Profiles\nxrilbtr.default-1423123967461\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-07]
FF Extension: ProxTube - C:\Users\a_hsa\AppData\Roaming\Mozilla\Firefox\Profiles\nxrilbtr.default-1423123967461\Extensions\ich@maltegoetz.de.xpi [2015-02-05]
FF Extension: FastestFox - C:\Users\a_hsa\AppData\Roaming\Mozilla\Firefox\Profiles\nxrilbtr.default-1423123967461\Extensions\smarterwiki@wikiatic.com.xpi [2015-02-05]
FF Extension: Adblock Plus - C:\Users\a_hsa\AppData\Roaming\Mozilla\Firefox\Profiles\nxrilbtr.default-1423123967461\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2014-06-26]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-12-01]
FF HKU\S-1-5-21-2723630736-2526727609-1248015878-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\a_hsa\AppData\Roaming\Mozilla\Firefox\Profiles\2nrb7auj.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2015-02-07] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2800896 2014-05-02] (Acer Incorporated)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-02-04] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-02-04] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-10-02] (ELAN Microelectronics Corp.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMSvc; C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-02-09] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2015-02-09] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R3 QASvc; C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Packard Bell\Packard Bell Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [807568 2015-01-30] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2015-01-30] (COMODO)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-25] (Symantec Corporation)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2014-06-26] ()
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140822.001\IDSvia64.sys [525016 2014-06-25] (Symantec Corporation)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126208 2015-01-30] (COMODO)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-02-09] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-02-09] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140824.002\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140824.002\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-07] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 OATool; \??\C:\Users\Administrator\AppData\Local\Temp\OAToolx64.sys [X]
S3 TDKLIB; \??\C:\Users\Administrator\AppData\Local\Temp\TdkLib64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-09 13:19 - 2015-02-09 13:19 - 00000000 ____D () C:\Users\a_hsa\Downloads\FRST-OlderVersion
2015-02-09 13:11 - 2015-02-09 13:11 - 00001342 _____ () C:\Users\a_hsa\Desktop\JRT.txt
2015-02-09 12:04 - 2015-02-09 12:04 - 01388274 _____ (Thisisu) C:\Users\a_hsa\Downloads\JRT.exe
2015-02-09 11:45 - 2015-02-09 11:45 - 00002837 _____ () C:\Users\a_hsa\Desktop\mbam.txt
2015-02-09 11:14 - 2015-02-09 11:14 - 02112512 _____ () C:\Users\a_hsa\Downloads\AdwCleaner_4.110.exe
2015-02-09 09:03 - 2015-02-09 13:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 09:01 - 2015-02-09 09:01 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 09:01 - 2015-02-09 09:01 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 09:01 - 2015-02-09 09:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-09 09:01 - 2015-02-09 09:01 - 00001090 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-09 09:01 - 2015-02-09 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 09:01 - 2015-02-09 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 09:01 - 2015-02-09 09:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 08:58 - 2015-02-09 08:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\a_hsa\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-07 09:50 - 2015-02-07 09:50 - 00001125 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-06 10:02 - 2015-02-06 10:07 - 00034095 _____ () C:\Users\a_hsa\Downloads\Addition.txt
2015-02-06 09:56 - 2015-02-09 13:20 - 00019772 _____ () C:\Users\a_hsa\Downloads\FRST.txt
2015-02-06 09:56 - 2015-02-09 13:20 - 00000000 ____D () C:\FRST
2015-02-06 09:55 - 2015-02-09 13:19 - 02132992 _____ (Farbar) C:\Users\a_hsa\Downloads\FRST64.exe
2015-02-05 10:23 - 2015-02-05 10:23 - 00000000 ____D () C:\Users\a_hsa\AppData\Local\BMExplorer
2015-02-05 10:22 - 2015-02-05 10:22 - 00000000 ____D () C:\Users\a_hsa\Documents\Bluetooth Folder
2015-02-05 09:44 - 2015-02-09 11:29 - 00000000 ____D () C:\AdwCleaner
2015-02-05 09:42 - 2015-02-05 09:42 - 02194432 _____ () C:\Users\a_hsa\Downloads\AdwCleaner09.exe
2015-02-05 09:12 - 2015-02-05 09:12 - 00000000 ____D () C:\Users\a_hsa\Desktop\Alte Firefox-Daten
2015-02-05 01:40 - 2015-02-05 01:40 - 00003138 _____ () C:\Windows\System32\Tasks\{1D570CDB-80A8-4A67-985D-571437FF1903}
2015-02-04 15:07 - 2015-02-04 15:07 - 00619488 _____ () C:\Users\a_hsa\Downloads\download-apache-openoffice.exe
2015-02-04 15:05 - 2015-02-04 15:05 - 00055808 _____ () C:\Users\a_hsa\Desktop\my_budget.xls
2015-01-28 09:27 - 2015-01-28 09:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-13 20:38 - 2015-01-13 20:44 - 00000000 ____D () C:\ProgramData\tmp
2015-01-13 20:38 - 2015-01-13 20:38 - 00001059 _____ () C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
2015-01-13 20:38 - 2015-01-13 20:38 - 00001039 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2015-01-13 20:38 - 2015-01-13 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
2015-01-13 20:38 - 2015-01-13 20:38 - 00000000 ____D () C:\ProgramData\hps
2015-01-13 20:32 - 2015-01-13 20:32 - 00000000 ____D () C:\Program Files\CEWE
2015-01-13 20:31 - 2015-01-13 20:31 - 01633192 _____ () C:\Users\a_hsa\Downloads\setup_Mein_CEWE_FOTOBUCH.exe
2015-01-13 20:25 - 2015-01-13 20:25 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-13 20:25 - 2015-01-13 20:25 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-13 20:25 - 2015-01-13 20:25 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-13 20:25 - 2015-01-13 20:25 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-13 20:25 - 2015-01-13 20:25 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-13 20:25 - 2015-01-13 20:25 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-13 20:25 - 2015-01-13 20:25 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-13 20:25 - 2015-01-13 20:25 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-13 20:25 - 2015-01-13 20:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-13 20:25 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 20:25 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 20:25 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-13 20:25 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 20:25 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-13 20:25 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 20:25 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-13 20:25 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 19:26 - 2015-01-29 08:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2021-10-21 14:36 - 2014-03-06 07:00 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2014-03-06 07:00 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-02-09 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-09 12:35 - 2014-03-06 06:37 - 01530767 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 12:03 - 2014-06-29 10:52 - 00000000 ____D () C:\Users\a_hsa\AppData\Roaming\ClassicShell
2015-02-09 11:52 - 2014-06-25 20:48 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2723630736-2526727609-1248015878-1001
2015-02-09 11:39 - 2014-06-25 20:45 - 00000000 ___DO () C:\Users\a_hsa\SkyDrive
2015-02-09 11:35 - 2014-03-06 15:20 - 01021576 _____ () C:\Windows\system32\perfh007.dat
2015-02-09 11:35 - 2014-03-06 15:20 - 00243696 _____ () C:\Windows\system32\perfc007.dat
2015-02-09 11:35 - 2013-11-06 12:44 - 02121612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-09 11:30 - 2013-11-06 12:33 - 00245504 _____ () C:\Windows\PFRO.log
2015-02-09 11:30 - 2013-08-22 15:46 - 00015018 _____ () C:\Windows\setupact.log
2015-02-09 11:30 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 11:29 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-09 11:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-07 09:50 - 2014-11-04 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-07 09:50 - 2014-11-04 10:40 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-07 09:49 - 2014-11-04 10:40 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-06 11:15 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-06 09:54 - 2014-12-12 19:15 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 09:54 - 2014-12-12 19:15 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 12:16 - 2014-12-14 11:51 - 00453314 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-02-05 10:47 - 2014-06-28 12:20 - 00000000 ____D () C:\Users\a_hsa\AppData\Local\CrashDumps
2015-02-05 10:23 - 2014-03-06 07:11 - 00000000 ____D () C:\ProgramData\Atheros
2015-02-05 01:50 - 2014-06-25 20:42 - 00001466 _____ () C:\Users\a_hsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-05 01:43 - 2014-08-24 23:35 - 00001963 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2015-02-04 15:21 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-04 15:18 - 2014-06-25 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 13:27 - 2014-03-25 19:22 - 00807568 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2015-01-30 13:27 - 2014-03-25 19:22 - 00481576 _____ (COMODO) C:\Windows\system32\guard64.dll
2015-01-30 13:27 - 2014-03-25 19:22 - 00386768 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2015-01-30 13:27 - 2014-03-25 19:22 - 00354520 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2015-01-30 13:27 - 2014-03-25 19:22 - 00286424 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2015-01-30 13:27 - 2014-03-25 19:22 - 00126208 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2015-01-30 13:27 - 2014-03-25 19:22 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2015-01-30 13:27 - 2014-03-25 19:22 - 00040736 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2015-01-30 13:27 - 2014-03-25 19:22 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2015-01-30 13:27 - 2014-03-25 19:22 - 00035080 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2015-01-30 13:27 - 2014-03-25 19:22 - 00020184 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2015-01-29 15:22 - 2014-07-22 11:43 - 00152064 ___SH () C:\Users\a_hsa\Desktop\Thumbs.db
2015-01-23 15:25 - 2014-06-29 09:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-23 12:34 - 2014-06-29 09:43 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2014-10-20 10:44 - 2014-10-20 10:44 - 0007608 _____ () C:\Users\a_hsa\AppData\Local\Resmon.ResmonCfg
2014-03-06 07:00 - 2014-03-06 07:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\a_hsa\AppData\Local\Temp\avgnt.exe
C:\Users\a_hsa\AppData\Local\Temp\oct699E.tmp.exe
C:\Users\a_hsa\AppData\Local\Temp\octC2C3.tmp.exe
C:\Users\a_hsa\AppData\Local\Temp\Quarantine.exe
C:\Users\a_hsa\AppData\Local\Temp\sqlite3.dll
C:\Users\a_hsa\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-01 14:29
==================== End Of Log ============================ --- --- ---
--- --- --- |