| |
| |||||||
Log-Analyse und Auswertung: Windows7 Firefox öffnet ständig neue Tabs mit WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.08.2014, 17:22
| #1 |
| |  Windows7 Firefox öffnet ständig neue Tabs mit Werbung Hallo Zusammen. wie aus dem Titel hervorgeht, habe ich das Problem, dass FF ständig Tabs mit Werbeseiten öffnet. Wenn mir geholfen werden könnte, wäre ich sehr dankbar. LG Olli Folgende Logfiles habe ich erstellet: Defogger Log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:31 on 13/08/2014 (*******)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014
Ran by Oliver (administrator) on OLIVER-PC on 13-08-2014 18:08:39
Running from C:\Users\Oliver\Desktop\Virus\FRST
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Realtek) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Oliver\AppData\Local\ContextFree\nvcmd.exe
(Dropbox, Inc.) C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-02-10] (Microsoft Corporation)
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [framei] => C:\Users\Oliver\AppData\Local\ContextFree\framei.exe [567808 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [nvcmd] => C:\Users\Oliver\AppData\Local\ContextFree\nvcmd.exe [596480 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Run: [cntcmd] => C:\Users\Oliver\AppData\Local\ContextFree\cntcmd.exe [596480 2014-07-01] ()
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-956886985-2695973545-304803630-1000\...\MountPoints2: {e801ad7e-90e1-11e3-9cc6-806e6f6e6963} - D:\wubi.exe
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-08-09]
FF Extension: PDF Updater Free - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{c5518a8b-51fa-437a-9f4d-34a5beb015eb}.xpi [2014-07-20]
FF Extension: Adblock Plus - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-07]
FF Extension: {d3d8eb04-2a7c-4d14-84b4-f701af9beb83} - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{d3d8eb04-2a7c-4d14-84b4-f701af9beb83}.xpi [2014-07-17]
FF Extension: Fox!Box - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\cfg85hsu.default-1402174875213\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2014-08-10]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-02]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-08-09]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Realtek11nSU; C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-14] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-06-20] (Duplex Secure Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 ufdiapob; \??\C:\Users\Oliver\AppData\Local\Temp\ufdiapob.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-13 17:31 - 2014-08-13 17:31 - 00000176 _____ () C:\Users\Oliver\defogger_reenable
2014-08-13 17:07 - 2014-08-13 17:07 - 00144584 _____ () C:\Windows\Minidump\081314-16676-01.dmp
2014-08-13 17:00 - 2014-08-13 18:08 - 00000000 ____D () C:\FRST
2014-08-13 16:59 - 2014-08-13 17:33 - 00000000 ____D () C:\Users\Oliver\Desktop\Virus
2014-08-12 18:32 - 2014-08-12 18:32 - 00000000 ____D () C:\Program Files\ESET
2014-08-12 18:26 - 2014-08-12 18:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-10 12:59 - 2014-08-12 17:57 - 00000000 ____D () C:\Windows\AutoKMS
2014-08-10 12:16 - 2014-08-10 12:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Genesis_08101016
2014-08-10 12:05 - 2014-08-10 12:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\ContextFree
2014-08-10 12:04 - 2014-08-10 12:06 - 00000000 ____D () C:\Users\Oliver\AppData\Local\fabulous_08101004
2014-08-09 20:29 - 2014-08-09 20:38 - 238945732 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 1.avi
2014-08-09 20:19 - 2014-08-09 20:29 - 230164014 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 2.avi
2014-08-09 18:33 - 2014-08-10 11:09 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-09 18:33 - 2014-08-10 11:09 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 18:33 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Skype
2014-08-09 18:32 - 2014-08-09 18:32 - 00002176 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-08-08 20:27 - 2014-08-08 20:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-07 17:39 - 2014-08-07 17:39 - 00367576 _____ () C:\Windows\Minidump\080714-19905-01.dmp
2014-07-31 21:40 - 2014-07-31 21:40 - 00367568 _____ () C:\Windows\Minidump\073114-20872-01.dmp
2014-07-29 21:49 - 2014-07-29 21:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-19 21:20 - 2014-07-20 12:24 - 00000000 ____D () C:\Users\Oliver\Desktop\Urlaub
2014-07-17 22:13 - 2014-07-17 22:15 - 00000000 ____D () C:\Users\Oliver\Desktop\backup
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\Desktop\converted
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1______
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e___
2014-07-17 22:05 - 2014-07-17 22:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e__
2014-07-17 22:04 - 2014-07-17 22:04 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_____
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1____
2014-07-17 21:34 - 2014-07-17 21:34 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e_
2014-07-17 21:32 - 2014-07-17 21:32 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1___
2014-07-17 21:31 - 2014-07-17 22:15 - 00000223 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.conf
2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1__
2014-07-17 21:03 - 2014-07-17 21:03 - 00371736 _____ () C:\Windows\Minidump\071714-27690-01.dmp
2014-07-17 20:49 - 2014-07-17 20:49 - 00002013 _____ () C:\Users\Oliver\Desktop\iDevice Manager.lnk
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Users\Oliver\AppData\Local\IsolatedStorage
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Program Files\iDevice Manager
2014-07-17 20:47 - 2014-07-17 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Oliver\Desktop\iDevice Manager iPhone Explorer - CHIP-Installer.exe
2014-07-17 20:34 - 2014-07-17 20:42 - 00000000 ____D () C:\Users\Oliver\AppData\Local\pangu
2014-07-17 20:33 - 2014-07-17 20:34 - 35956160 _____ () C:\Users\Oliver\Desktop\Pangu_v1.1.exe
2014-07-17 20:23 - 2014-07-17 20:23 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-17 20:23 - 2014-07-17 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 20:22 - 2014-07-17 20:23 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-17 20:22 - 2014-07-17 20:23 - 00000000 ____D () C:\Program Files\iTunes
2014-07-17 20:22 - 2014-07-17 20:22 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 19:27 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Oliver\Desktop\Whatsapp
2014-07-17 19:24 - 2014-07-19 19:22 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\GHISLER
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempd60233d1130df8bd03cd6d2e3c2fc7d1
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Temp82152e590ca5570bb7bf75cfa8125e90
2014-07-17 19:18 - 2014-07-17 22:16 - 00004078 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.log
2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\ChromeExtensions
2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-13 18:08 - 2014-08-13 17:00 - 00000000 ____D () C:\FRST
2014-08-13 18:03 - 2014-02-08 18:59 - 01932986 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 17:39 - 2009-07-14 06:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 17:39 - 2009-07-14 06:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 17:33 - 2014-08-13 16:59 - 00000000 ____D () C:\Users\Oliver\Desktop\Virus
2014-08-13 17:33 - 2014-02-08 21:00 - 00000000 ___RD () C:\Users\Oliver\Dropbox
2014-08-13 17:33 - 2014-02-08 20:57 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Dropbox
2014-08-13 17:32 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 17:32 - 2009-07-14 06:39 - 00047528 _____ () C:\Windows\setupact.log
2014-08-13 17:31 - 2014-08-13 17:31 - 00000176 _____ () C:\Users\Oliver\defogger_reenable
2014-08-13 17:31 - 2014-02-08 19:32 - 00000000 ____D () C:\Users\Oliver
2014-08-13 17:30 - 2014-02-08 19:13 - 01628044 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 17:16 - 2014-02-10 20:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 17:07 - 2014-08-13 17:07 - 00144584 _____ () C:\Windows\Minidump\081314-16676-01.dmp
2014-08-13 17:07 - 2014-03-16 15:02 - 00000000 ____D () C:\Windows\Minidump
2014-08-13 17:07 - 2014-03-16 15:01 - 357774381 _____ () C:\Windows\MEMORY.DMP
2014-08-12 20:47 - 2014-02-08 20:31 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\KeePass
2014-08-12 18:51 - 2014-02-16 18:38 - 00000000 ____D () C:\Users\Oliver\Desktop\Börsenkurse
2014-08-12 18:32 - 2014-08-12 18:32 - 00000000 ____D () C:\Program Files\ESET
2014-08-12 18:26 - 2014-08-12 18:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 18:23 - 2014-02-09 11:38 - 00023638 _____ () C:\Windows\PFRO.log
2014-08-12 18:22 - 2013-11-13 18:28 - 00000000 ____D () C:\AdwCleaner
2014-08-12 17:57 - 2014-08-10 12:59 - 00000000 ____D () C:\Windows\AutoKMS
2014-08-10 12:51 - 2014-02-09 10:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-10 12:18 - 2014-08-10 12:16 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Genesis_08101016
2014-08-10 12:18 - 2014-03-02 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-10 12:18 - 2014-03-02 14:52 - 00001797 _____ () C:\ProgramData\hpzinstall.log
2014-08-10 12:18 - 2014-03-02 14:52 - 00000000 ____D () C:\Program Files\HP
2014-08-10 12:06 - 2014-08-10 12:04 - 00000000 ____D () C:\Users\Oliver\AppData\Local\fabulous_08101004
2014-08-10 12:05 - 2014-08-10 12:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\ContextFree
2014-08-10 11:09 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-10 11:09 - 2014-08-09 18:33 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 21:18 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-09 20:38 - 2014-08-09 20:29 - 238945732 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 1.avi
2014-08-09 20:29 - 2014-08-09 20:19 - 230164014 _____ () C:\Users\Oliver\Desktop\PLANET E_ ABENTEUER - MALLORCA, TEIL 2.avi
2014-08-09 18:39 - 2014-06-07 09:13 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\vlc
2014-08-09 18:33 - 2014-08-09 18:33 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Skype
2014-08-09 18:33 - 2014-06-01 12:03 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\DVDVideoSoft
2014-08-09 18:32 - 2014-08-09 18:32 - 00002176 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-08-09 18:32 - 2014-06-01 12:05 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-08-08 20:34 - 2014-02-08 19:48 - 00110056 _____ () C:\Users\Oliver\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-08 20:33 - 2009-07-14 06:33 - 00410352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-08 20:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-08 20:27 - 2014-08-08 20:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-08 20:27 - 2014-02-09 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-08-08 20:27 - 2014-02-09 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-08 20:26 - 2009-07-14 10:56 - 00000000 ____D () C:\Windows\ShellNew
2014-08-08 20:26 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-08-08 20:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-08 20:23 - 2009-07-14 04:04 - 00000615 _____ () C:\Windows\win.ini
2014-08-07 17:39 - 2014-08-07 17:39 - 00367576 _____ () C:\Windows\Minidump\080714-19905-01.dmp
2014-08-04 19:14 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-31 21:40 - 2014-07-31 21:40 - 00367568 _____ () C:\Windows\Minidump\073114-20872-01.dmp
2014-07-31 17:14 - 2014-02-08 19:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 21:49 - 2014-07-29 21:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 13:02 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-29 08:04 - 2014-02-09 13:50 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 18:40 - 2014-02-09 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-28 18:11 - 2014-02-08 20:58 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-28 18:11 - 2013-01-03 18:51 - 00001021 _____ () C:\Users\Oliver\Desktop\Dropbox.lnk
2014-07-20 21:40 - 2014-03-10 18:59 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-20 21:40 - 2014-03-10 18:59 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-20 16:17 - 2014-02-08 20:55 - 00000000 ____D () C:\Users\Oliver\Documents\Meine Scans
2014-07-20 12:24 - 2014-07-19 21:20 - 00000000 ____D () C:\Users\Oliver\Desktop\Urlaub
2014-07-19 19:22 - 2014-07-17 19:24 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\GHISLER
2014-07-17 22:31 - 2014-04-19 17:28 - 00000000 ____D () C:\Program Files\i-Funbox DevTeam
2014-07-17 22:16 - 2014-07-17 19:18 - 00004078 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.log
2014-07-17 22:15 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\Desktop\backup
2014-07-17 22:15 - 2014-07-17 21:31 - 00000223 _____ () C:\Users\Oliver\Desktop\WhatsAppMigrator.conf
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\Desktop\converted
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1______
2014-07-17 22:13 - 2014-07-17 22:13 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e___
2014-07-17 22:12 - 2014-07-17 19:27 - 00000000 ____D () C:\Users\Oliver\Desktop\Whatsapp
2014-07-17 22:05 - 2014-07-17 22:05 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e__
2014-07-17 22:04 - 2014-07-17 22:04 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_____
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1____
2014-07-17 21:34 - 2014-07-17 21:34 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e_
2014-07-17 21:32 - 2014-07-17 21:32 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1___
2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1__
2014-07-17 21:11 - 2014-04-19 17:28 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\iFunbox_UserCache
2014-07-17 21:03 - 2014-07-17 21:03 - 00371736 _____ () C:\Windows\Minidump\071714-27690-01.dmp
2014-07-17 20:49 - 2014-07-17 20:49 - 00002013 _____ () C:\Users\Oliver\Desktop\iDevice Manager.lnk
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Users\Oliver\AppData\Local\IsolatedStorage
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-17 20:49 - 2014-07-17 20:49 - 00000000 ____D () C:\Program Files\iDevice Manager
2014-07-17 20:47 - 2014-07-17 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Oliver\Desktop\iDevice Manager iPhone Explorer - CHIP-Installer.exe
2014-07-17 20:42 - 2014-07-17 20:34 - 00000000 ____D () C:\Users\Oliver\AppData\Local\pangu
2014-07-17 20:34 - 2014-07-17 20:33 - 35956160 _____ () C:\Users\Oliver\Desktop\Pangu_v1.1.exe
2014-07-17 20:23 - 2014-07-17 20:23 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-17 20:23 - 2014-07-17 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 20:23 - 2014-07-17 20:22 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-17 20:23 - 2014-07-17 20:22 - 00000000 ____D () C:\Program Files\iTunes
2014-07-17 20:22 - 2014-07-17 20:22 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 20:22 - 2014-05-04 11:48 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1_
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempd60233d1130df8bd03cd6d2e3c2fc7d1
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempb3e4a92b2fa33cb7a7281f2eb2a6c78e
2014-07-17 19:21 - 2014-07-17 19:21 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Temp82152e590ca5570bb7bf75cfa8125e90
2014-07-17 19:19 - 2014-07-13 12:10 - 00000000 ____D () C:\Users\Oliver\.gimp-2.8
2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\ChromeExtensions
2014-07-17 19:18 - 2014-07-17 19:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Tempde97d1ecad57e6a299c82b803e0e23e1
2014-07-16 22:01 - 2014-02-08 20:14 - 00001075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-07-16 22:01 - 2014-02-08 20:14 - 00000000 ____D () C:\Program Files\KeePass Password Safe 2
2014-07-16 22:01 - 2013-10-20 11:29 - 00001063 _____ () C:\Users\Oliver\Desktop\KeePass 2.lnk
2014-07-15 21:30 - 2014-06-13 16:10 - 00000000 ____D () C:\Users\Oliver\Desktop\WM
Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\13-12_win7_win8_32_dd_ccc_whql.exe
C:\Users\Oliver\AppData\Local\Temp\amazonicon_v6.exe
C:\Users\Oliver\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Oliver\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplh0xpr.dll
C:\Users\Oliver\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Oliver\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Oliver\AppData\Local\Temp\foxy_security.exe
C:\Users\Oliver\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Oliver\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Oliver\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_nerocoverdesigner-ESD_small-20131212115353069-12.0.01800.nsx.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\MouseKeyboardCenterx86_1031.exe
C:\Users\Oliver\AppData\Local\Temp\MTK25beta5setup__6216_il14229.exe
C:\Users\Oliver\AppData\Local\Temp\nshAF48.exe
C:\Users\Oliver\AppData\Local\Temp\nsi1836.exe
C:\Users\Oliver\AppData\Local\Temp\nsmF88C.exe
C:\Users\Oliver\AppData\Local\Temp\nsrFD8C.exe
C:\Users\Oliver\AppData\Local\Temp\nswAB12.exe
C:\Users\Oliver\AppData\Local\Temp\ose00000.exe
C:\Users\Oliver\AppData\Local\Temp\PidGenX.dll
C:\Users\Oliver\AppData\Local\Temp\raptrpatch.exe
C:\Users\Oliver\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Oliver\AppData\Local\Temp\sdapskill.exe
C:\Users\Oliver\AppData\Local\Temp\sdaspwn.exe
C:\Users\Oliver\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Oliver\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite28784.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite42183.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite53031.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite56639.dll
C:\Users\Oliver\AppData\Local\Temp\System.Data.SQLite92236.dll
C:\Users\Oliver\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe
C:\Users\Oliver\AppData\Local\Temp\WhatsAppMigrator_1.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-07 18:05
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014
Ran by Oliver at 2014-08-13 18:08:57
Running from C:\Users\Oliver\Desktop\Virus\FRST
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2796CF4-6517-00C1-9F70-6A9C50680D29}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{B5D724AD-AC50-46B4-AAA7-62EF18F0CDFE}) (Version: 1.44.0 - Kovid Goyal)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CloudReading (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
ContextFree (HKCU\...\ContextFree) (Version: - )
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Creo Elements/Direct Modeling Express 4.0 (HKLM\...\{B4531C1A-9721-416A-A3BD-C0C600155176}) (Version: 40.0.10020 - Parametric Technology GmbH)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM\...\dreamboxEDIT) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
EPU-6 Engine (HKLM\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.01.14 - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
F2100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
F2100_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Free YouTube Download version 3.2.43.806 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.43.806 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.38.530 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.38.530 - DVDVideoSoft Ltd.)
FRITZ!Box-Fernzugang einrichten (HKLM\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Designjet 3D Software Solution 1.1 (HKLM\...\{3100A54E-7256-4D77-96B6-F51E910425F4}) (Version: 1.1 - Hewlett-Packard)
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.27 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
LightScribe System Software (HKLM\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Nero ControlCenter (Version: 11.0.15500 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (Version: 11.0.20200 - Nero AG) Hidden
Nero CoverDesigner (HKLM\...\{3143E3EB-17A5-48F9-90FC-D7CA556CA210}) (Version: 12.0.01500 - Nero AG)
Nero CoverDesigner (Version: 12.0.10003 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (Version: 12.0.2000 - Nero AG) Hidden
Nero Update (Version: 11.0.11800.31.0 - Nero AG) Hidden
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0175 - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TIPP10 Version 2.1.0 (HKLM\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-956886985-2695973545-304803630-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
19-07-2014 17:22:56 Removed Apple Application Support
21-07-2014 08:31:56 Windows Update
28-07-2014 16:11:31 Windows Update
28-07-2014 16:39:32 Windows Update
01-08-2014 18:43:56 Windows Update
05-08-2014 19:27:19 Windows Update
08-08-2014 18:21:18 Configured Microsoft Office Professional Plus 2010
10-08-2014 09:03:10 Windows Update
10-08-2014 09:09:26 Removed Skype™ 6.18
10-08-2014 10:02:55 Uniblue SpeedUpMyPC installation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1E53F79C-86D1-4F91-A72E-5C16E03333B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {20777A6D-966D-41ED-8DCA-97B01DB18C99} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe [2009-05-25] ()
Task: {3C0228AF-F8E5-4205-B9C4-5BDE4AE1C940} - \AutoKMS No Task File <==== ATTENTION
Task: {3E423C2E-9348-41D3-AF66-B84627CD3870} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {5A44A6F8-E1A4-43C5-9F9E-C93159962FDA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {63225ABD-F84F-4C8F-8F4F-8704FADC65CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {9612E598-CC56-4176-B702-4381D362F24C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A7766A69-D134-4673-9E4A-D76784D0423A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E01649FF-E8C1-4508-98C3-A412E8630422} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-09 10:56 - 2009-05-25 11:33 - 06017024 _____ () C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
2014-02-09 10:56 - 2009-04-22 21:20 - 00179712 _____ () C:\Program Files\ASUS\EPU-6 Engine\ASUSSERVICE.DLL
2014-02-09 10:56 - 2009-04-20 14:55 - 00565248 _____ () C:\Program Files\ASUS\EPU-6 Engine\pngio.dll
2014-02-09 10:56 - 2006-01-10 17:50 - 00024576 _____ () C:\Windows\system32\AsIo.dll
2014-02-09 10:56 - 2009-04-20 14:55 - 00053248 _____ () C:\Program Files\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-09 10:56 - 2009-04-02 13:27 - 00090112 _____ () C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2014-02-08 19:42 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
2014-07-01 14:26 - 2014-07-01 14:26 - 00596480 _____ () C:\Users\Oliver\AppData\Local\ContextFree\nvcmd.exe
2014-08-13 17:33 - 2014-08-13 17:33 - 00043008 _____ () c:\users\oliver\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplh0xpr.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Oliver\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-29 21:49 - 2014-07-29 21:49 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-08 16:54 - 2014-07-08 16:54 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Oliver\Desktop\2014-05-25 14.58.09.jpg:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Update => "C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/13/2014 05:39:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012298
ID des fehlerhaften Prozesses: 0x5c8
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Error: (08/13/2014 05:09:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012298
ID des fehlerhaften Prozesses: 0xc98
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Error: (08/13/2014 05:09:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Gmer-19357.exe, Version 2.1.19357.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ddc
Startzeit: 01cfb70863704513
Endzeit: 15
Anwendungspfad: C:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exe
Berichts-ID: c377e711-22fb-11e4-95c1-0022156399ca
System errors:
=============
Error: (08/13/2014 05:07:19 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000008e (0xc0000005, 0x00007640, 0xaad71a6c, 0x00000000)C:\Windows\MEMORY.DMP081314-16676-01
Error: (08/13/2014 05:07:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 13.08.2014 um 17:05:19 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (08/13/2014 05:39:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000122985c801cfb70c974f8a2bC:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exeC:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exefdc2ca70-22ff-11e4-a6f0-000272b08a19
Error: (08/13/2014 05:09:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c000000500012298c9801cfb70887a76f67C:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exeC:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exee1580c60-22fb-11e4-95c1-0022156399ca
Error: (08/13/2014 05:09:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Gmer-19357.exe2.1.19357.0ddc01cfb7086370451315C:\Users\Oliver\Desktop\Virus\Gmer\Gmer-19357.exec377e711-22fb-11e4-95c1-0022156399ca
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 39%
Total physical RAM: 3327.05 MB
Available physical RAM: 2005.84 MB
Total Pagefile: 6652.4 MB
Available Pagefile: 5071.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:365.16 GB) (Free:102.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:465.76 GB) (Free:63.34 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 000148CA)
Partition 1: (Active) - (Size=145 GB) - (Type=83)
Partition 2: (Not Active) - (Size=4 GB) - (Type=05)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: BA51F4EA)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 16251625)
Partition 1: (Active) - (Size=365 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=101 GB) - (Type=05)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-13 18:02:33
Windows 6.1.7601 Service Pack 1 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-5 SAMSUNG_HD502IJ rev.1AA01118 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Oliver\AppData\Local\Temp\ufdiapob.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E4CA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E86212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9221A000, 0x153F4A, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!NtCreateFile 76F05608 5 Bytes JMP 608C3D20 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!NtFlushBuffersFile 76F05998 5 Bytes JMP 608AC661 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!NtQueryFullAttributesFile 76F06028 5 Bytes JMP 608C3820 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!NtReadFile 76F062F8 5 Bytes JMP 608AC750 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!NtReadFileScatter 76F06308 5 Bytes JMP 6114E1FF C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!NtWriteFile 76F06AA8 5 Bytes JMP 608C43D0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!NtWriteFileGather 76F06AB8 5 Bytes JMP 6114E1AE C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] ntdll.dll!LdrLoadDll 76F222AE 5 Bytes JMP 66641F4C C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 752A94E6 7 Bytes JMP 610EF55F C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!QueryPerformanceCounter + 13 752AC4E5 7 Bytes JMP 610EF582 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] kernel32.dll!LoadAppInitDlls + 355 752AF5A6 7 Bytes JMP 608C06F3 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] USER32.dll!GetWindowInfo 76AF4B5E 5 Bytes JMP 60FFE5A9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] GDI32.dll!GetViewportOrgEx + 26C 7679884B 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3132] GDI32.dll!GetViewportOrgEx + 26C 7679884B 7 Bytes JMP 610EF4E0 C:\Program Files\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Threads - GMER 2.1 ----
Thread System [4:2432] A44E4F2E
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167998c5c
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0xAA 0x7F 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0xF4 0x31 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0x56 0x78 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167998c5c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0xAA 0x7F 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0xF4 0x31 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0x56 0x78 0x67 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDFE23FE-57DB-4479-A595-E4F5612DE272}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDFE23FE-57DB-4479-A595-E4F5612DE272}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDFE23FE-57DB-4479-A595-E4F5612DE272}@Path \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDFE23FE-57DB-4479-A595-E4F5612DE272}@Hash 0x02 0x6C 0x72 0x3E ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDFE23FE-57DB-4479-A595-E4F5612DE272}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDFE23FE-57DB-4479-A595-E4F5612DE272}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan@Id {FDFE23FE-57DB-4479-A595-E4F5612DE272}
---- EOF - GMER 2.1 ----
|
Baum-Darstellung