| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA Trojaner, Windows fährt im abgesicherten Modus wieder runterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.09.2014, 12:49
| #1 |
 |  BKA Trojaner, Windows fährt im abgesicherten Modus wieder runter Hallo, ich habe mir auf meienm Windows 7 den BKA Trojaner mit dem Merkelbild eingefangen. Der Rechner fährt leider auch im abgesicherten Modus wieder runter. Ich habe die von FRST die Datei erstellen lassen. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by SYSTEM on MININT-JJVIMHG on 09-09-2014 13:35:02
Running from I:\
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8095776 2009-08-31] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3570176 2009-09-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2010-07-12] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{d45cd161-b482-47af-506b-450c5f535931}\n. ATTENTION! ====> ZeroAccess?
HKU\Administrator\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Administrator\...\Run: [BrowserMask] => C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101280 2011-06-21] (Microsoft)
HKU\Administrator\...\Run: [Giupmoal] => C:\Users\Administrator\AppData\Roaming\Xuiwi\xila.exe [241664 2011-09-25] (Acronis)
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MFT VCDS Updater.lnk
ShortcutTarget: MFT VCDS Updater.lnk -> C:\Diagnosetool\VCDS-MFT\VCDS.exe (No File)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\48B46F9.cpp ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk
ShortcutTarget: Ross-Tech VCDS DRV Updater.lnk -> C:\VCDS-Dt\VCDS.exe (No File)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3449856 2009-09-05] (Egis Technology Inc.)
S2 JWC; C:\Program Files (x86)\Jeppesen\JWC\JWC.exe [510512 2012-02-23] (Jeppesen)
S2 nHancer; C:\Program Files\nHancer\nHancerService.exe [39424 2009-10-04] (KSE - Korndörfer Software Engineering)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 Winmgmt; C:\ProgramData\9F64B84.dot [332532 2014-09-09] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
S3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
S3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ai-usb.sys [68608 2012-06-07] (FTDI Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [698376 2008-06-26] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-10-19] (DiBcom S.A.)
S3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-06-24] (Nuvoton Technology Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 13:34 - 2014-09-09 13:35 - 00000000 ____D () C:\FRST
2014-09-09 10:48 - 2014-09-09 10:48 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\9F64B84.dot
2014-09-09 10:46 - 2014-09-09 10:46 - 00135168 _____ () C:\ProgramData\48B46F9.cpp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 13:35 - 2014-09-09 13:34 - 00000000 ____D () C:\FRST
2014-09-09 12:30 - 2012-04-27 18:58 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 12:30 - 2012-04-03 09:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 11:23 - 2014-08-05 17:45 - 00000408 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job
2014-09-09 11:23 - 2012-04-27 18:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 11:23 - 2010-02-27 14:51 - 01547481 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 11:19 - 2014-08-05 17:34 - 00000560 _____ () C:\Windows\setupact.log
2014-09-09 11:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 11:09 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 11:09 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 10:48 - 2014-09-09 10:48 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\9F64B84.dot
2014-09-09 10:46 - 2014-09-09 10:46 - 00135168 _____ () C:\ProgramData\48B46F9.cpp
2014-09-09 10:30 - 2010-03-27 12:41 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AD3AB99-145F-4619-B3CA-9EC578688A25}
2014-08-19 16:46 - 2014-08-05 17:45 - 00000402 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Administrator.job
2014-08-19 16:40 - 2012-03-05 13:08 - 00000000 ____D () C:\Users\Administrator\Documents\Bewerbungen
ZeroAccess:
C:\Windows\Installer\{d45cd161-b482-47af-506b-450c5f535931}
C:\Windows\Installer\{d45cd161-b482-47af-506b-450c5f535931}\@
ZeroAccess:
C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}
C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}\@
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\diczmoqw.dll
C:\Users\Administrator\AppData\Local\Temp\kfe.dll
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3838.43 MB
Available physical RAM: 3231.06 MB
Total Pagefile: 3836.57 MB
Available Pagefile: 3218.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:2.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DATA) (Fixed) (Total:144.04 GB) (Free:142.92 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:10 GB) (Free:1.64 GB) NTFS
Drive i: (extern) (Fixed) (Total:372.61 GB) (Free:85.98 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (DATA) (Fixed) (Total:298.09 GB) (Free:138.52 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2FB1D8DA)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2C74BADC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 372.6 GB) (Disk ID: E9524FDE)
Partition 1: (Not Active) - (Size=372.6 GB) - (Type=07 NTFS)
LastRegBack: 2014-05-21 20:02
==================== End Of Log ============================
|
|
09.09.2014, 12:51
| #2 |
| /// TB-Ausbilder   | BKA Trojaner, Windows fährt im abgesicherten Modus wieder runter Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{d45cd161-b482-47af-506b-450c5f535931}\n. ATTENTION! ====> ZeroAccess?
HKU\Administrator\...\Run: [Giupmoal] => C:\Users\Administrator\AppData\Roaming\Xuiwi\xila.exe [241664 2011-09-25] (Acronis)
C:\Users\Administrator\AppData\Roaming\Xuiwi
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\48B46F9.cpp ()
S2 Winmgmt; C:\ProgramData\9F64B84.dot [332532 2014-09-09] (Microsoft Corporation)
C:\Windows\Installer\{d45cd161-b482-47af-506b-450c5f535931}
C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}
end
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Bitte berichte mir, ob der Rechner danach wieder normal startet (wir sind noch nicht fertig!). |
|
09.09.2014, 13:00
| #3 |
| | BKA Trojaner, Windows fährt im abgesicherten Modus wieder runterFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by SYSTEM on MININT-JJVIMHG on 09-09-2014 13:35:02
Running from I:\
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8095776 2009-08-31] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3570176 2009-09-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2010-07-12] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{d45cd161-b482-47af-506b-450c5f535931}\n. ATTENTION! ====> ZeroAccess?
HKU\Administrator\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Administrator\...\Run: [BrowserMask] => C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101280 2011-06-21] (Microsoft)
HKU\Administrator\...\Run: [Giupmoal] => C:\Users\Administrator\AppData\Roaming\Xuiwi\xila.exe [241664 2011-09-25] (Acronis)
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MFT VCDS Updater.lnk
ShortcutTarget: MFT VCDS Updater.lnk -> C:\Diagnosetool\VCDS-MFT\VCDS.exe (No File)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\48B46F9.cpp ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk
ShortcutTarget: Ross-Tech VCDS DRV Updater.lnk -> C:\VCDS-Dt\VCDS.exe (No File)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3449856 2009-09-05] (Egis Technology Inc.)
S2 JWC; C:\Program Files (x86)\Jeppesen\JWC\JWC.exe [510512 2012-02-23] (Jeppesen)
S2 nHancer; C:\Program Files\nHancer\nHancerService.exe [39424 2009-10-04] (KSE - Korndörfer Software Engineering)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 Winmgmt; C:\ProgramData\9F64B84.dot [332532 2014-09-09] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
S3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
S3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ai-usb.sys [68608 2012-06-07] (FTDI Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [698376 2008-06-26] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-10-19] (DiBcom S.A.)
S3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-06-24] (Nuvoton Technology Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 13:34 - 2014-09-09 13:35 - 00000000 ____D () C:\FRST
2014-09-09 10:48 - 2014-09-09 10:48 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\9F64B84.dot
2014-09-09 10:46 - 2014-09-09 10:46 - 00135168 _____ () C:\ProgramData\48B46F9.cpp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 13:35 - 2014-09-09 13:34 - 00000000 ____D () C:\FRST
2014-09-09 12:30 - 2012-04-27 18:58 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 12:30 - 2012-04-03 09:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 11:23 - 2014-08-05 17:45 - 00000408 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job
2014-09-09 11:23 - 2012-04-27 18:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 11:23 - 2010-02-27 14:51 - 01547481 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 11:19 - 2014-08-05 17:34 - 00000560 _____ () C:\Windows\setupact.log
2014-09-09 11:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 11:09 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 11:09 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 10:48 - 2014-09-09 10:48 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\9F64B84.dot
2014-09-09 10:46 - 2014-09-09 10:46 - 00135168 _____ () C:\ProgramData\48B46F9.cpp
2014-09-09 10:30 - 2010-03-27 12:41 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AD3AB99-145F-4619-B3CA-9EC578688A25}
2014-08-19 16:46 - 2014-08-05 17:45 - 00000402 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Administrator.job
2014-08-19 16:40 - 2012-03-05 13:08 - 00000000 ____D () C:\Users\Administrator\Documents\Bewerbungen
ZeroAccess:
C:\Windows\Installer\{d45cd161-b482-47af-506b-450c5f535931}
C:\Windows\Installer\{d45cd161-b482-47af-506b-450c5f535931}\@
ZeroAccess:
C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}
C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}\@
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\diczmoqw.dll
C:\Users\Administrator\AppData\Local\Temp\kfe.dll
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3838.43 MB
Available physical RAM: 3231.06 MB
Total Pagefile: 3836.57 MB
Available Pagefile: 3218.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:2.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DATA) (Fixed) (Total:144.04 GB) (Free:142.92 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:10 GB) (Free:1.64 GB) NTFS
Drive i: (extern) (Fixed) (Total:372.61 GB) (Free:85.98 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (DATA) (Fixed) (Total:298.09 GB) (Free:138.52 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2FB1D8DA)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2C74BADC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 372.6 GB) (Disk ID: E9524FDE)
Partition 1: (Not Active) - (Size=372.6 GB) - (Type=07 NTFS)
LastRegBack: 2014-05-21 20:02
==================== End Of Log ============================
|
|
09.09.2014, 13:03
| #4 |
| /// TB-Ausbilder | BKA Trojaner, Windows fährt im abgesicherten Modus wieder runter Servus, du sollst keinen Scan, sondern einen Fix im Reparaturmodus ausführen. |
|
09.09.2014, 13:13
| #5 |
| | BKA Trojaner, Windows fährt im abgesicherten Modus wieder runter Hallo, habe ich gemacht. Windows fährt jetzt auch wieder normal hoch.  Hier noch der Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by SYSTEM at 2014-09-09 14:06:00 Run:1
Running from I:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
start
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{d45cd161-b482-47af-506b-450c5f535931}\n. ATTENTION! ====> ZeroAccess?
HKU\Administrator\...\Run: [Giupmoal] => C:\Users\Administrator\AppData\Roaming\Xuiwi\xila.exe [241664 2011-09-25] (Acronis)
C:\Users\Administrator\AppData\Roaming\Xuiwi
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\48B46F9.cpp ()
S2 Winmgmt; C:\ProgramData\9F64B84.dot [332532 2014-09-09] (Microsoft Corporation)
C:\Windows\Installer\{d45cd161-b482-47af-506b-450c5f535931}
C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}
end
*****************
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\Giupmoal => value deleted successfully.
C:\Users\Administrator\AppData\Roaming\Xuiwi => Moved successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk => Moved successfully.
C:\ProgramData\48B46F9.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\Windows\Installer\{d45cd161-b482-47af-506b-450c5f535931} => Moved successfully.
C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931} => Moved successfully.
==== End of Fixlog ====
|
|
09.09.2014, 13:13
| #6 |
| /// TB-Ausbilder | BKA Trojaner, Windows fährt im abgesicherten Modus wieder runter Servus, FRST neu auf den Desktop laden, ausführen und beide Logdateien posten: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
09.09.2014, 13:18
| #7 |
| | BKA Trojaner, Windows fährt im abgesicherten Modus wieder runterFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Administrator (administrator) on LAPPI-PC on 09-09-2014 14:15:23
Running from C:\Users\Administrator\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Microsoft) C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Huawei Technologies Co., Ltd.) C:\Users\Administrator\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Jeppesen) C:\Program Files (x86)\Jeppesen\JWC\JWC.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(KSE - Korndörfer Software Engineering) C:\Program Files\nHancer\nHancerService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8095776 2009-08-31] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3570176 2009-09-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2010-07-12] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\Run: [BrowserMask] => C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101280 2011-06-21] (Microsoft)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {1b2577a0-b82c-11df-a2dd-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {2177d40f-a670-11e0-90a9-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {40729c3e-e5ad-11df-a470-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {4a2e3785-8d8d-11df-9979-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {4a2e3794-8d8d-11df-9979-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {5ea4abcd-93eb-11df-948d-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {a7d03881-23ac-11df-85f5-001e68e1f025} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {a957420b-b798-11df-8457-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {f88caf50-66fc-11e3-90b5-001e68e1f025} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}\n. ATTENTION! ====> ZeroAccess/Alureon?
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MFT VCDS Updater.lnk
ShortcutTarget: MFT VCDS Updater.lnk -> C:\Diagnosetool\VCDS-MFT\VCDS.exe (No File)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk
ShortcutTarget: Ross-Tech VCDS DRV Updater.lnk -> C:\VCDS-Dt\VCDS.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40709AB95DB8CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0594F643-F263-4487-99A2-9960337D6BC2} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=aebfd44b0000000000000017c4412da4&r=486
SearchScopes: HKCU - {0594F643-F263-4487-99A2-9960337D6BC2} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=aebfd44b0000000000000017c4412da4&r=486
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default
FF NewTab: chrome://quick_start/content/index.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-06-19]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-06-19]
FF Extension: ProxTube - Unblock YouTube - C:\Program Files (x86)\Mozilla Firefox\extensions\proxtube_gesperrte_youtube_videos_schauen-1.3.4-fx.xpi [2014-06-19]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=aebfd44b0000000000000017c4412da4"
CHR DefaultSearchProvider: Default -> Search the web (Softonic)
CHR DefaultSearchURL: Default -> hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=aebfd44b0000000000000017c4412da4
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-31]
CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-31]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-11-14]
CHR Extension: (RealDownloader) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-05-29]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-05-31]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-31]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3449856 2009-09-05] (Egis Technology Inc.) [File not signed]
R2 JWC; C:\Program Files (x86)\Jeppesen\JWC\JWC.exe [510512 2012-02-23] (Jeppesen)
R2 nHancer; C:\Program Files\nHancer\nHancerService.exe [39424 2009-10-04] (KSE - Korndörfer Software Engineering) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ai-usb.sys [68608 2012-06-07] (FTDI Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [698376 2008-06-26] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-10-19] (DiBcom S.A.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-06-24] (Nuvoton Technology Corporation)
S3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [82048 2011-08-08] (VSO Software) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 14:34 - 2014-09-09 14:15 - 00000000 ____D () C:\FRST
2014-09-09 14:15 - 2014-09-09 14:16 - 00023352 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-09 14:14 - 2014-09-09 14:14 - 02105344 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-09-09 11:48 - 2014-09-09 11:48 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\9F64B84.dot
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 14:16 - 2014-09-09 14:15 - 00023352 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-09 14:15 - 2014-09-09 14:34 - 00000000 ____D () C:\FRST
2014-09-09 14:14 - 2014-09-09 14:14 - 02105344 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-09-09 14:13 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 14:13 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 14:12 - 2009-07-14 19:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-09-09 14:12 - 2009-07-14 19:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-09-09 14:12 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-09 14:11 - 2010-02-27 15:51 - 01550368 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 14:08 - 2014-08-05 18:45 - 00000408 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job
2014-09-09 14:08 - 2014-08-05 18:34 - 00000616 _____ () C:\Windows\setupact.log
2014-09-09 14:08 - 2012-04-27 19:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 14:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 13:30 - 2012-04-27 19:58 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 13:30 - 2012-04-03 10:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 11:48 - 2014-09-09 11:48 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\9F64B84.dot
2014-09-09 11:30 - 2010-03-27 13:41 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AD3AB99-145F-4619-B3CA-9EC578688A25}
2014-08-19 17:46 - 2014-08-05 18:45 - 00000402 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Administrator.job
2014-08-19 17:40 - 2012-03-05 14:08 - 00000000 ____D () C:\Users\Administrator\Documents\Bewerbungen
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\diczmoqw.dll
C:\Users\Administrator\AppData\Local\Temp\kfe.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-05-21 21:02
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Administrator at 2014-09-09 14:16:44
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.56 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.7.1 - Suyin Optronics Corp)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Aerosoft's - Bari X (HKLM-x32\...\{2C34DF17-A9FE-44EE-ABE6-6933F0929300}) (Version: 1.00 - Aerosoft)
Aerosoft's - Frankfurt-Hahn X (HKLM-x32\...\{B0E7EC1F-53EC-4CD4-81B6-0AA25C8C5A9A}) (Version: 1.00 - Aerosoft)
AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 3.6.106 - Abelssoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression (HKLM-x32\...\{A4646CC8-905B-4E6D-A094-4C9FB1621042}) (Version: 1.2.26.429 - ArcSoft)
ATTC BU-Trainingssoftware 2.4 (HKLM-x32\...\ATTC BU-Trainingssoftware_is1) (Version: - ATTC)
AuthenTec TrueSuite (HKLM\...\{E6C44758-FF49-47D1-8182-65E3818ACE23}) (Version: 2.0.0.57 - AuthenTec, Inc.)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Azureus (HKLM-x32\...\Azureus) (Version: 2.5.0.4 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C90B King Air HD SERIES FSX (HKLM-x32\...\C90B King Air HD SERIES FSX) (Version: 1.00.00.00 - Carenado)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
Cessna NAVIII G1000 Trainer v8.20 (HKLM-x32\...\Cessna NAVIII G1000 Trainer v8.20) (Version: v8.20 - GARMIN)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: - Elaborate Bytes)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EXAM 11 (HKLM-x32\...\{809B22DC-A386-4F22-0023-DE0000000001}) (Version: 1.0 - Peters Software)
Faros Freeplay FMGS for A320 (HKLM-x32\...\Faros Freeplay FMGS for A320) (Version: - )
Fingerprint Solution (x32 Version: 6.1.56.0 - Egis Technology Inc.) Hidden
Free Video Converter V 3.0 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.0.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
IvAc v1.1.14 (b186-1) (HKLM-x32\...\IvAc_is1) (Version: - IVAO)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java TopTask (HKCU\...\Java TopTask) (Version: - Deutscher Wetterdienst)
Java(TM) 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jeppesen Program and Data Installation (HKLM-x32\...\{4173F0BF-2363-4DC3-92A9-446B69DBB134}) (Version: 1.0.0.0 - Jeppesen)
Jeppesen Weather Service (HKLM-x32\...\{3E1D1CE6-FF37-4A5D-9714-D6F48CFD589D}) (Version: 2.4.1.1 - Jeppesen)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
nHancer (HKLM\...\{8ACE41AA-6262-43F7-B3E6-217C50803BBA}) (Version: 2.5.0700 - KSE)
Nuvoton CIR Device Driver (HKLM-x32\...\{2D3858B1-226A-420D-9C9D-B51864E85429}) (Version: 8.60.1000 - Nuvoton Technology Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
PA34 200T SENECA II FSX (HKLM-x32\...\PA34 200T SENECA II FSX) (Version: 1.00.00.00 - Carenado)
PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version: - )
PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.2922 - PMDG Simulations, LLC.)
PPL-Tutor (HKLM-x32\...\{055266AD-172E-4831-9303-DE137E2ADD67}) (Version: 5.2.7 - BPS Lernprogramme)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5928 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM-x32\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SkyTest® AB-Trainingssoftware (HKLM-x32\...\SkyTest® AB-Trainingssoftware 2.5_is1) (Version: - SkyTest)
SkyTest® BU-Trainingssoftware 2.3 (HKLM-x32\...\SkyTest® BU-Trainingssoftware_is1) (Version: - SkyTest)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
The Eye v1.0.8 (b367) (HKLM-x32\...\IvAe_is1) (Version: - International Virtual Aviation Organisation VZW/ASBL)
T-Mobile Internet Manager (HKLM-x32\...\T-Mobile Internet Manager) (Version: 11.301.05.00.108 - Huawei Technologies Co.,Ltd)
TOPCAT 2.70 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.70 - FlightSimSoft.com Inh. Christian Grill)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VATroute 0.0.1.021 (HKLM-x32\...\VATroute) (Version: 0.0.1.021 - Dirk Trinkaus, Henning Hülsebusch)
VCDS PCI 12.12 (HKLM-x32\...\VCDS PCI) (Version: PCI 12.12 - PCI Diagnosetechnik GmbH & Co. KG)
VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.4 - Vuze Inc.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Searchqu Toolbar (HKLM-x32\...\Searchqu 414 MediaBar) (Version: 3.0.0.115676 - Bandoo Media Inc) <==== ATTENTION
Windows-Treiberpaket - Auto-Intern USB-Treiber (03/30/2010 2.06.02) (HKLM\...\42B17F23052FF114E91E57E2287CCEEDF216888D) (Version: 03/30/2010 2.06.02 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern USB-Treiber (05/21/2009 2.04.18) (HKLM\...\947671B77E4C5263102586E2E437A3673CC2795F) (Version: 05/21/2009 2.04.18 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (02/17/2009 2.04.18) (HKLM\...\0F5C7B3CFC52532DF1B4197D18B194DE5AD05130) (Version: 02/17/2009 2.04.18 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (03/30/2010 2.06.02) (HKLM\...\5EFB68C2F0CD0DB3442B0733C6FAB545A71A88FF) (Version: 03/30/2010 2.06.02 - Auto-Intern)
Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2029294292-1738002600-2468904224-500_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}\n. No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2012-06-02 15:41 - 00000895 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.google-analytics.com
127.0.0.1 google-analytics.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {411399AA-AA3B-47AA-956B-2057D462B555} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {4313BCD4-D384-4411-8762-03E8FC6196B2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {5530645A-19FF-4572-BCB3-64CDD19DAA0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {55D53F81-CCE1-4E5F-BADF-8C5417060BDE} - System32\Tasks\RNUpgradeHelperLogonPrompt_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {5B1C4DFA-3655-495C-B62F-F9EF24D02FE4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {5DA462E7-89DF-4AD5-A58E-533F8242C152} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {60F94F13-4FFE-4BE4-AE3C-AC5485B41A07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {81F25E03-31FE-4221-914C-A6EC959BD251} - System32\Tasks\ReclaimerUpdateFiles_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {9E34BF45-D26D-455C-B294-90B72965A6D4} - System32\Tasks\RealCreateProcessScheduledTask1558013S-1-5-21-2029294292-1738002600-2468904224-500 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-09-26] (RealNetworks, Inc.)
Task: {A1D4D485-D884-49AF-890B-40D5DDF3D170} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {BC55D489-A4C4-4C10-A120-7063CDA4107E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-30] (Adobe Systems Incorporated)
Task: {C19F09DA-DE61-4249-A3AD-026D8ECCF8B3} - System32\Tasks\RNUpgradeHelperResumePrompt_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {C83B0A70-701D-4387-B543-6B3E76EA92E9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {D4B6EFDA-946C-4EF7-94C5-A544B3000E70} - System32\Tasks\ReclaimerUpdateXML_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {F397BB9E-E06C-471A-914B-E6E76F7EFC5E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2008-05-26 19:24 - 2008-05-26 19:24 - 00103424 _____ () C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64.DLL
2010-03-03 17:51 - 2008-07-29 20:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2012-06-02 15:37 - 2011-06-21 12:07 - 00037792 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbCommons.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 06362528 _____ () C:\Program Files (x86)\AntiBrowserSpy\Commons.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00173984 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbBrowserLibs.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00018336 _____ () C:\Program Files (x86)\AntiBrowserSpy\VersionInfo.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00018848 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbSettingsKeeper.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00012704 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbProcessManager.dll
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00012800 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_system-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00045056 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_date_time-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00699904 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_regex-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00046592 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_thread-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00053760 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_iostreams-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00065024 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_zlib-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00130048 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_filesystem-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:47 - 00084480 _____ () C:\Program Files (x86)\Jeppesen\JWC\plugins\JVNavData.dll
2014-03-27 20:56 - 2012-02-23 16:48 - 00231936 _____ () C:\Program Files (x86)\Jeppesen\JWC\plugins\JWCConnect.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/09/2014 00:06:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.
Details:
Could not query the status of the EventSystem service.
System Error:
Der Computer wird heruntergefahren.
.
Error: (09/09/2014 11:23:04 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/19/2014 05:40:10 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/08/2014 06:14:34 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/05/2014 06:41:51 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/05/2014 06:39:13 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (07/30/2014 00:09:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: lappi-PC)
Description: Produkt: Microsoft Office XP Professional mit FrontPage - Update "{4757E865-0292-4E04-940D-9C51052A5DD6}" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (07/30/2014 00:09:17 PM) (Source: MsiInstaller) (EventID: 11706) (User: lappi-PC)
Description: Produkt: Microsoft Office XP Professional mit FrontPage -- Fehler 1706. Setup kann die benötigten Dateien nicht finden. Überprüfen Sie Ihre Verbindung mit dem Netzwerk oder dem CD-ROM-Laufwerk. Um mehr über mögliche Lösungen für dieses Problem zu erfahren, sehen sie bitte nach in C:\Program Files (x86)\Microsoft Office\Office10\1031\SETUP.HLP.
Error: (07/30/2014 11:18:52 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (06/19/2014 06:34:50 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
System errors:
=============
Error: (09/09/2014 02:09:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (09/09/2014 02:09:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891
Error: (09/09/2014 02:08:26 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (09/09/2014 02:08:23 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (09/09/2014 02:08:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060
Error: (09/09/2014 01:30:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (09/09/2014 00:23:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Error: (09/09/2014 00:23:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (09/09/2014 00:23:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891
Error: (09/09/2014 00:23:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%127
Microsoft Office Sessions:
=========================
Error: (09/09/2014 00:06:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.
System Error:
Der Computer wird heruntergefahren.
Error: (09/09/2014 11:23:04 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/19/2014 05:40:10 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/08/2014 06:14:34 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/05/2014 06:41:51 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/05/2014 06:39:13 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (07/30/2014 00:09:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: lappi-PC)
Description: Microsoft Office XP Professional mit FrontPage{4757E865-0292-4E04-940D-9C51052A5DD6}1603(NULL)(NULL)(NULL)
Error: (07/30/2014 00:09:17 PM) (Source: MsiInstaller) (EventID: 11706) (User: lappi-PC)
Description: Produkt: Microsoft Office XP Professional mit FrontPage -- Fehler 1706. Setup kann die benötigten Dateien nicht finden. Überprüfen Sie Ihre Verbindung mit dem Netzwerk oder dem CD-ROM-Laufwerk. Um mehr über mögliche Lösungen für dieses Problem zu erfahren, sehen sie bitte nach in C:\Program Files (x86)\Microsoft Office\Office10\1031\SETUP.HLP.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/30/2014 11:18:52 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (06/19/2014 06:34:50 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
==================== Memory info ===========================
Processor: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-80
Percentage of memory in use: 32%
Total physical RAM: 3838.43 MB
Available physical RAM: 2573.86 MB
Total Pagefile: 7675.04 MB
Available Pagefile: 6266.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:2.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:298.09 GB) (Free:138.52 GB) NTFS
Drive e: (DATA) (Fixed) (Total:144.04 GB) (Free:142.92 GB) NTFS
Drive g: (extern) (Fixed) (Total:372.61 GB) (Free:86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2C74BADC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 2FB1D8DA)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 372.6 GB) (Disk ID: E9524FDE)
Partition 1: (Not Active) - (Size=372.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
09.09.2014, 13:21
| #8 |
| /// TB-Ausbilder | BKA Trojaner, Windows fährt im abgesicherten Modus wieder runter So geht es weiter: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
|
09.09.2014, 14:01
| #9 |
| | BKA Trojaner, Windows fährt im abgesicherten Modus wieder runterCode:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 09/09/2014 um 14:26:16
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Administrator - LAPPI-PC
# Gestartet von : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KDX6XW07\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Ordner Gelöscht : C:\Program Files (x86)\Free Video Converter
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sizlsearch_ad_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sizlsearch_ad_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sizlsearch_Setup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sizlsearch_Setup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1_RASMANCS
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16464
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
-\\ Google Chrome v
[ Datei : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [28376 octets] - [20/05/2014 16:33:46]
AdwCleaner[R1].txt - [3675 octets] - [09/09/2014 14:24:33]
AdwCleaner[S0].txt - [24325 octets] - [20/05/2014 16:34:57]
AdwCleaner[S1].txt - [3564 octets] - [09/09/2014 14:26:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3624 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 09.09.2014 Suchlauf-Zeit: 14:29:17 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.09.02 Rootkit Datenbank: v2014.08.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Administrator Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 364241 Verstrichene Zeit: 21 Min, 18 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.WeatherItUp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Weather It Up, In Quarantäne, [8412c6258dee75c1c0fdbb67f70ce41c], Registrierungswerte: 1 PUP.Optional.QuickStart.A, HKU\S-1-5-21-2029294292-1738002600-2468904224-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, In Quarantäne, [ecaa7f6c0a71db5bfc5f47c120e349b7] Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 4 Trojan.FakeMS, C:\ProgramData\9F64B84.dot, In Quarantäne, [6e287c6fe4973df936c3117257aae818], Trojan.Agent.ED, C:\Users\Administrator\AppData\Local\Temp\kfe.dll, In Quarantäne, [1e785b90314ad066ec463c7bbc4523dd], PUP.Optional.OptimumInstaller.A, C:\Users\Administrator\Downloads\evasi0n7-1.0.7-OP.zip, In Quarantäne, [4353e308a2d94aecc6c3a2ba798831cf], PUP.Optional.InstallMonetizer, C:\Users\Administrator\Downloads\Microsoft Office 2013 Professional Plus Serial Key Free Direct Download Link__4367_il4470736.exe, In Quarantäne, [21758c5fa7d49c9ab9f7b681ff0254ac], Physische Sektoren: 0 (No malicious items detected) (end) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Administrator (administrator) on LAPPI-PC on 09-09-2014 14:54:32
Running from C:\Users\Administrator\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Microsoft) C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe
(Huawei Technologies Co., Ltd.) C:\Users\Administrator\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Jeppesen) C:\Program Files (x86)\Jeppesen\JWC\JWC.exe
(KSE - Korndörfer Software Engineering) C:\Program Files\nHancer\nHancerService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8095776 2009-08-31] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3570176 2009-09-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2010-07-12] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\Run: [BrowserMask] => C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101280 2011-06-21] (Microsoft)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {1b2577a0-b82c-11df-a2dd-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {2177d40f-a670-11e0-90a9-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {40729c3e-e5ad-11df-a470-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {4a2e3785-8d8d-11df-9979-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {4a2e3794-8d8d-11df-9979-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {5ea4abcd-93eb-11df-948d-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {a7d03881-23ac-11df-85f5-001e68e1f025} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {a957420b-b798-11df-8457-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {f88caf50-66fc-11e3-90b5-001e68e1f025} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}\n. ATTENTION! ====> ZeroAccess/Alureon?
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MFT VCDS Updater.lnk
ShortcutTarget: MFT VCDS Updater.lnk -> C:\Diagnosetool\VCDS-MFT\VCDS.exe (No File)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk
ShortcutTarget: Ross-Tech VCDS DRV Updater.lnk -> C:\VCDS-Dt\VCDS.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40709AB95DB8CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0594F643-F263-4487-99A2-9960337D6BC2} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=aebfd44b0000000000000017c4412da4&r=486
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-06-19]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-06-19]
FF Extension: ProxTube - Unblock YouTube - C:\Program Files (x86)\Mozilla Firefox\extensions\proxtube_gesperrte_youtube_videos_schauen-1.3.4-fx.xpi [2014-06-19]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=aebfd44b0000000000000017c4412da4"
CHR DefaultSearchProvider: Default -> Search the web (Softonic)
CHR DefaultSearchURL: Default -> hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=aebfd44b0000000000000017c4412da4
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-31]
CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-31]
CHR Extension: (RealDownloader) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-05-29]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-05-31]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-31]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3449856 2009-09-05] (Egis Technology Inc.) [File not signed]
R2 JWC; C:\Program Files (x86)\Jeppesen\JWC\JWC.exe [510512 2012-02-23] (Jeppesen)
R2 nHancer; C:\Program Files\nHancer\nHancerService.exe [39424 2009-10-04] (KSE - Korndörfer Software Engineering) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ai-usb.sys [68608 2012-06-07] (FTDI Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [698376 2008-06-26] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-10-19] (DiBcom S.A.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-06-24] (Nuvoton Technology Corporation)
S3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [82048 2011-08-08] (VSO Software) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 14:54 - 2014-09-09 14:55 - 00000000 ____D () C:\Users\Administrator\Desktop\Neuer Ordner (2)
2014-09-09 14:34 - 2014-09-09 14:54 - 00000000 ____D () C:\FRST
2014-09-09 14:30 - 2014-09-09 14:31 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe
2014-09-09 14:30 - 2014-09-09 14:31 - 91906368 _____ (AVAST Software) C:\Users\Administrator\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-09-09 14:28 - 2014-09-09 14:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 14:28 - 2014-09-09 14:28 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-09 14:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-09 14:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-09 14:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-09 14:23 - 2014-09-09 14:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-09 14:16 - 2014-09-09 14:17 - 00031536 _____ () C:\Users\Administrator\Desktop\Addition.txt
2014-09-09 14:15 - 2014-09-09 14:55 - 00022566 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-09 14:14 - 2014-09-09 14:14 - 02105344 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-09-09 11:48 - 2014-09-09 11:49 - 10289369 _____ () C:\Users\Administrator\Desktop\12911_03_10.mp4
2014-09-09 11:48 - 2014-09-09 11:48 - 12282018 _____ () C:\Users\Administrator\Desktop\00000001s.mp4
2014-09-09 11:47 - 2014-09-09 11:47 - 10105901 _____ () C:\Users\Administrator\Desktop\00000001.mp4
2014-09-09 11:36 - 2014-09-09 11:36 - 06750250 _____ () C:\Users\Administrator\Desktop\07.mp4
2014-09-09 11:36 - 2014-09-09 11:36 - 06144974 _____ () C:\Users\Administrator\Desktop\08.mp4
2014-09-09 11:33 - 2014-09-09 11:34 - 11873033 _____ () C:\Users\Administrator\Desktop\05.wmv
2014-09-09 11:33 - 2014-09-09 11:33 - 12729033 _____ () C:\Users\Administrator\Desktop\04.wmv
2014-09-09 11:32 - 2014-09-09 11:33 - 11889033 _____ () C:\Users\Administrator\Desktop\03.wmv
2014-09-09 11:32 - 2014-09-09 11:32 - 11881033 _____ () C:\Users\Administrator\Desktop\02.wmv
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 14:55 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\Administrator\Desktop\Neuer Ordner (2)
2014-09-09 14:55 - 2014-09-09 14:15 - 00022566 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-09 14:54 - 2014-09-09 14:34 - 00000000 ____D () C:\FRST
2014-09-09 14:52 - 2014-09-09 14:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 14:52 - 2014-08-05 18:45 - 00000408 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job
2014-09-09 14:52 - 2014-08-05 18:34 - 00000728 _____ () C:\Windows\setupact.log
2014-09-09 14:52 - 2014-08-05 18:33 - 00434358 _____ () C:\Windows\PFRO.log
2014-09-09 14:52 - 2012-04-27 19:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 14:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 14:51 - 2010-02-27 15:51 - 01554962 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 14:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SchCache
2014-09-09 14:43 - 2012-04-27 19:58 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 14:34 - 2012-05-31 16:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-09 14:33 - 2011-08-19 21:21 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-09-09 14:33 - 2009-07-14 19:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-09-09 14:33 - 2009-07-14 19:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-09-09 14:33 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-09 14:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 14:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 14:31 - 2014-09-09 14:30 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe
2014-09-09 14:31 - 2014-09-09 14:30 - 91906368 _____ (AVAST Software) C:\Users\Administrator\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-09-09 14:28 - 2014-09-09 14:28 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-09 14:26 - 2014-05-20 16:33 - 00000000 ____D () C:\AdwCleaner
2014-09-09 14:24 - 2012-04-03 10:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 14:23 - 2014-09-09 14:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-09 14:17 - 2014-09-09 14:16 - 00031536 _____ () C:\Users\Administrator\Desktop\Addition.txt
2014-09-09 14:14 - 2014-09-09 14:14 - 02105344 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-09-09 11:49 - 2014-09-09 11:48 - 10289369 _____ () C:\Users\Administrator\Desktop\12911_03_10.mp4
2014-09-09 11:48 - 2014-09-09 11:48 - 12282018 _____ () C:\Users\Administrator\Desktop\00000001s.mp4
2014-09-09 11:47 - 2014-09-09 11:47 - 10105901 _____ () C:\Users\Administrator\Desktop\00000001.mp4
2014-09-09 11:36 - 2014-09-09 11:36 - 06750250 _____ () C:\Users\Administrator\Desktop\07.mp4
2014-09-09 11:36 - 2014-09-09 11:36 - 06144974 _____ () C:\Users\Administrator\Desktop\08.mp4
2014-09-09 11:34 - 2014-09-09 11:33 - 11873033 _____ () C:\Users\Administrator\Desktop\05.wmv
2014-09-09 11:33 - 2014-09-09 11:33 - 12729033 _____ () C:\Users\Administrator\Desktop\04.wmv
2014-09-09 11:33 - 2014-09-09 11:32 - 11889033 _____ () C:\Users\Administrator\Desktop\03.wmv
2014-09-09 11:32 - 2014-09-09 11:32 - 11881033 _____ () C:\Users\Administrator\Desktop\02.wmv
2014-09-09 11:30 - 2010-03-27 13:41 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AD3AB99-145F-4619-B3CA-9EC578688A25}
2014-08-19 17:46 - 2014-08-05 18:45 - 00000402 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Administrator.job
2014-08-19 17:40 - 2012-03-05 14:08 - 00000000 ____D () C:\Users\Administrator\Documents\Bewerbungen
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\diczmoqw.dll
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-05-21 21:02
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Administrator at 2014-09-09 14:57:22
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.56 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.7.1 - Suyin Optronics Corp)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Aerosoft's - Bari X (HKLM-x32\...\{2C34DF17-A9FE-44EE-ABE6-6933F0929300}) (Version: 1.00 - Aerosoft)
Aerosoft's - Frankfurt-Hahn X (HKLM-x32\...\{B0E7EC1F-53EC-4CD4-81B6-0AA25C8C5A9A}) (Version: 1.00 - Aerosoft)
AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 3.6.106 - Abelssoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression (HKLM-x32\...\{A4646CC8-905B-4E6D-A094-4C9FB1621042}) (Version: 1.2.26.429 - ArcSoft)
ATTC BU-Trainingssoftware 2.4 (HKLM-x32\...\ATTC BU-Trainingssoftware_is1) (Version: - ATTC)
AuthenTec TrueSuite (HKLM\...\{E6C44758-FF49-47D1-8182-65E3818ACE23}) (Version: 2.0.0.57 - AuthenTec, Inc.)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Azureus (HKLM-x32\...\Azureus) (Version: 2.5.0.4 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C90B King Air HD SERIES FSX (HKLM-x32\...\C90B King Air HD SERIES FSX) (Version: 1.00.00.00 - Carenado)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
Cessna NAVIII G1000 Trainer v8.20 (HKLM-x32\...\Cessna NAVIII G1000 Trainer v8.20) (Version: v8.20 - GARMIN)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: - Elaborate Bytes)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EXAM 11 (HKLM-x32\...\{809B22DC-A386-4F22-0023-DE0000000001}) (Version: 1.0 - Peters Software)
Faros Freeplay FMGS for A320 (HKLM-x32\...\Faros Freeplay FMGS for A320) (Version: - )
Fingerprint Solution (x32 Version: 6.1.56.0 - Egis Technology Inc.) Hidden
Free Video Converter V 3.0 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.0.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
IvAc v1.1.14 (b186-1) (HKLM-x32\...\IvAc_is1) (Version: - IVAO)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java TopTask (HKCU\...\Java TopTask) (Version: - Deutscher Wetterdienst)
Java(TM) 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Jeppesen Program and Data Installation (HKLM-x32\...\{4173F0BF-2363-4DC3-92A9-446B69DBB134}) (Version: 1.0.0.0 - Jeppesen)
Jeppesen Weather Service (HKLM-x32\...\{3E1D1CE6-FF37-4A5D-9714-D6F48CFD589D}) (Version: 2.4.1.1 - Jeppesen)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
nHancer (HKLM\...\{8ACE41AA-6262-43F7-B3E6-217C50803BBA}) (Version: 2.5.0700 - KSE)
Nuvoton CIR Device Driver (HKLM-x32\...\{2D3858B1-226A-420D-9C9D-B51864E85429}) (Version: 8.60.1000 - Nuvoton Technology Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
PA34 200T SENECA II FSX (HKLM-x32\...\PA34 200T SENECA II FSX) (Version: 1.00.00.00 - Carenado)
PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version: - )
PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.2922 - PMDG Simulations, LLC.)
PPL-Tutor (HKLM-x32\...\{055266AD-172E-4831-9303-DE137E2ADD67}) (Version: 5.2.7 - BPS Lernprogramme)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5928 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM-x32\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SkyTest® AB-Trainingssoftware (HKLM-x32\...\SkyTest® AB-Trainingssoftware 2.5_is1) (Version: - SkyTest)
SkyTest® BU-Trainingssoftware 2.3 (HKLM-x32\...\SkyTest® BU-Trainingssoftware_is1) (Version: - SkyTest)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
The Eye v1.0.8 (b367) (HKLM-x32\...\IvAe_is1) (Version: - International Virtual Aviation Organisation VZW/ASBL)
T-Mobile Internet Manager (HKLM-x32\...\T-Mobile Internet Manager) (Version: 11.301.05.00.108 - Huawei Technologies Co.,Ltd)
TOPCAT 2.70 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.70 - FlightSimSoft.com Inh. Christian Grill)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VATroute 0.0.1.021 (HKLM-x32\...\VATroute) (Version: 0.0.1.021 - Dirk Trinkaus, Henning Hülsebusch)
VCDS PCI 12.12 (HKLM-x32\...\VCDS PCI) (Version: PCI 12.12 - PCI Diagnosetechnik GmbH & Co. KG)
VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.4 - Vuze Inc.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Searchqu Toolbar (HKLM-x32\...\Searchqu 414 MediaBar) (Version: 3.0.0.115676 - Bandoo Media Inc) <==== ATTENTION
Windows-Treiberpaket - Auto-Intern USB-Treiber (03/30/2010 2.06.02) (HKLM\...\42B17F23052FF114E91E57E2287CCEEDF216888D) (Version: 03/30/2010 2.06.02 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern USB-Treiber (05/21/2009 2.04.18) (HKLM\...\947671B77E4C5263102586E2E437A3673CC2795F) (Version: 05/21/2009 2.04.18 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (02/17/2009 2.04.18) (HKLM\...\0F5C7B3CFC52532DF1B4197D18B194DE5AD05130) (Version: 02/17/2009 2.04.18 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (03/30/2010 2.06.02) (HKLM\...\5EFB68C2F0CD0DB3442B0733C6FAB545A71A88FF) (Version: 03/30/2010 2.06.02 - Auto-Intern)
Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2029294292-1738002600-2468904224-500_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}\n. No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2012-06-02 15:41 - 00000895 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.google-analytics.com
127.0.0.1 google-analytics.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {411399AA-AA3B-47AA-956B-2057D462B555} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {4313BCD4-D384-4411-8762-03E8FC6196B2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {5530645A-19FF-4572-BCB3-64CDD19DAA0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {55D53F81-CCE1-4E5F-BADF-8C5417060BDE} - System32\Tasks\RNUpgradeHelperLogonPrompt_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {5B1C4DFA-3655-495C-B62F-F9EF24D02FE4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {5DA462E7-89DF-4AD5-A58E-533F8242C152} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {60F94F13-4FFE-4BE4-AE3C-AC5485B41A07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {81F25E03-31FE-4221-914C-A6EC959BD251} - System32\Tasks\ReclaimerUpdateFiles_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {9E34BF45-D26D-455C-B294-90B72965A6D4} - System32\Tasks\RealCreateProcessScheduledTask1558013S-1-5-21-2029294292-1738002600-2468904224-500 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-09-26] (RealNetworks, Inc.)
Task: {A1D4D485-D884-49AF-890B-40D5DDF3D170} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {BC55D489-A4C4-4C10-A120-7063CDA4107E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-30] (Adobe Systems Incorporated)
Task: {C19F09DA-DE61-4249-A3AD-026D8ECCF8B3} - System32\Tasks\RNUpgradeHelperResumePrompt_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {C83B0A70-701D-4387-B543-6B3E76EA92E9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {D4B6EFDA-946C-4EF7-94C5-A544B3000E70} - System32\Tasks\ReclaimerUpdateXML_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {F397BB9E-E06C-471A-914B-E6E76F7EFC5E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2008-05-26 19:24 - 2008-05-26 19:24 - 00103424 _____ () C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64.DLL
2010-03-03 17:51 - 2008-07-29 20:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2012-06-02 15:37 - 2011-06-21 12:07 - 00037792 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbCommons.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 06362528 _____ () C:\Program Files (x86)\AntiBrowserSpy\Commons.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00173984 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbBrowserLibs.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00018336 _____ () C:\Program Files (x86)\AntiBrowserSpy\VersionInfo.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00018848 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbSettingsKeeper.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00012704 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbProcessManager.dll
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00012800 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_system-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00045056 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_date_time-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00699904 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_regex-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00046592 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_thread-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00053760 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_iostreams-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00065024 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_zlib-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00130048 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_filesystem-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:47 - 00084480 _____ () C:\Program Files (x86)\Jeppesen\JWC\plugins\JVNavData.dll
2014-03-27 20:56 - 2012-02-23 16:48 - 00231936 _____ () C:\Program Files (x86)\Jeppesen\JWC\plugins\JWCConnect.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00108032 _____ () C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
2011-06-06 02:26 - 2011-06-06 02:26 - 00101376 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 02263552 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00046592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00067072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00210944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 02157568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00046592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00033792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00090112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00231424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00039424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00034304 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00078848 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00031232 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00108032 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 01104896 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libtaglib_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00338944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liblua_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 01137664 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00046592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00033792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00194048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 11496448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00037376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00034304 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00237568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 01290752 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00265216 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 01712128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00130048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 01763328 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00045568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00033280 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00039424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00309760 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00368640 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00035840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00258048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 08103424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00640512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00048640 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00039936 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00325632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00046080 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00135680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00073728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00040448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00052224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00032768 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00038400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00032768 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00031744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00031232 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00061440 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00031232 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00057856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00178176 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00065536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00128000 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00032768 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00030720 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00032256 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00033792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00032256 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmono_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00031232 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00041472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00031744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/09/2014 00:06:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.
Details:
Could not query the status of the EventSystem service.
System Error:
Der Computer wird heruntergefahren.
.
Error: (09/09/2014 11:23:04 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/19/2014 05:40:10 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/08/2014 06:14:34 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/05/2014 06:41:51 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/05/2014 06:39:13 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (07/30/2014 00:09:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: lappi-PC)
Description: Produkt: Microsoft Office XP Professional mit FrontPage - Update "{4757E865-0292-4E04-940D-9C51052A5DD6}" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (07/30/2014 00:09:17 PM) (Source: MsiInstaller) (EventID: 11706) (User: lappi-PC)
Description: Produkt: Microsoft Office XP Professional mit FrontPage -- Fehler 1706. Setup kann die benötigten Dateien nicht finden. Überprüfen Sie Ihre Verbindung mit dem Netzwerk oder dem CD-ROM-Laufwerk. Um mehr über mögliche Lösungen für dieses Problem zu erfahren, sehen sie bitte nach in C:\Program Files (x86)\Microsoft Office\Office10\1031\SETUP.HLP.
Error: (07/30/2014 11:18:52 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (06/19/2014 06:34:50 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
System errors:
=============
Error: (09/09/2014 02:52:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891
Error: (09/09/2014 02:52:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (09/09/2014 02:52:37 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (09/09/2014 02:52:35 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (09/09/2014 02:52:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060
Error: (09/09/2014 02:28:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891
Error: (09/09/2014 02:28:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (09/09/2014 02:27:50 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (09/09/2014 02:27:48 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (09/09/2014 02:27:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060
Microsoft Office Sessions:
=========================
Error: (09/09/2014 00:06:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.
System Error:
Der Computer wird heruntergefahren.
Error: (09/09/2014 11:23:04 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/19/2014 05:40:10 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/08/2014 06:14:34 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/05/2014 06:41:51 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (08/05/2014 06:39:13 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (07/30/2014 00:09:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: lappi-PC)
Description: Microsoft Office XP Professional mit FrontPage{4757E865-0292-4E04-940D-9C51052A5DD6}1603(NULL)(NULL)(NULL)
Error: (07/30/2014 00:09:17 PM) (Source: MsiInstaller) (EventID: 11706) (User: lappi-PC)
Description: Produkt: Microsoft Office XP Professional mit FrontPage -- Fehler 1706. Setup kann die benötigten Dateien nicht finden. Überprüfen Sie Ihre Verbindung mit dem Netzwerk oder dem CD-ROM-Laufwerk. Um mehr über mögliche Lösungen für dieses Problem zu erfahren, sehen sie bitte nach in C:\Program Files (x86)\Microsoft Office\Office10\1031\SETUP.HLP.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/30/2014 11:18:52 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
Error: (06/19/2014 06:34:50 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
==================== Memory info ===========================
Processor: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-80
Percentage of memory in use: 34%
Total physical RAM: 3838.43 MB
Available physical RAM: 2503.54 MB
Total Pagefile: 7675.04 MB
Available Pagefile: 6139 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:2.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:298.09 GB) (Free:138.52 GB) NTFS
Drive e: (DATA) (Fixed) (Total:144.04 GB) (Free:142.92 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2C74BADC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 2FB1D8DA)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
09.09.2014, 17:23
| #10 |
| /// TB-Ausbilder | BKA Trojaner, Windows fährt im abgesicherten Modus wieder runter Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}\n. ATTENTION! ====> ZeroAccess/Alureon?
SearchScopes: HKCU - {0594F643-F263-4487-99A2-9960337D6BC2} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=aebfd44b0000000000000017c4412da4&r=486
FF NetworkProxy: "type", 0
CHR RestoreOnStartup: Default -> "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=aebfd44b0000000000000017c4412da4"
CHR DefaultSearchProvider: Default -> Search the web (Softonic)
CHR DefaultSearchURL: Default -> hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=aebfd44b0000000000000017c4412da4
CHR DefaultSuggestURL: Default ->
CustomCLSID: HKU\S-1-5-21-2029294292-1738002600-2468904224-500_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}\n. No File
C:\Windows\system32\Drivers\etc\hosts
Hosts:
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Schritt 5
Bitte poste mit deiner nächsten Antwort
|
|
10.09.2014, 21:07
| #11 |
| | BKA Trojaner, Windows fährt im abgesicherten Modus wieder runterCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e0eea3416f673c4cb74a0f43bf1c2e25
# engine=20085
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-10 01:50:20
# local_time=2014-09-10 03:50:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# scanned=461626
# found=72
# cleaned=0
# scan_time=16912
sh=41DFB3342BBA2384B5FE9DE3AD2BF58D6F0F4E52 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Backup\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default\prefs_09_09_2014_14_26_18.js"
sh=8A45D13F62AEE161DA16BBF8725E061DD9CA2E00 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Backup\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default\prefs_20_05_2014_16_35_03.js"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=D2BC806A05A53DE0B69451EE2457CBAAB005F812 ft=1 fh=c71c0011240d44a4 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=08241F4AF87D458B55B701FF9760C627C4A4BE5D ft=1 fh=c71c00113f80be9f vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=A8B6642986C14994DCDD0AD231A2A972F0DAE16B ft=1 fh=c71c0011202d025d vn="möglicherweise Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=7CDFAC0B98D11269B85E9792C2A8691FAE147599 ft=1 fh=9b79fa80baa436d8 vn="Variante von Win64/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=865DADC923E300F431CFDE193EF8A3E8AA452914 ft=1 fh=f69724dd4d671843 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=189FC4DEFBF3AF52775F7A922789A0CA6A8FF6F8 ft=1 fh=4ed2a41f68ba7620 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=B81BAAC9D35824000ADB556418067A9220C40F01 ft=1 fh=23a12d968d390125 vn="möglicherweise Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe.vir"
sh=5618448E0195BA9251A1A0A5132CE2612037D630 ft=1 fh=ccf0f11a65c989b1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll.vir"
sh=9069C1AE362702A5CFD0947D07C49791244CF7E1 ft=1 fh=b2a7890de2375dad vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll.vir"
sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir"
sh=D1D45BF92DB3501B24B0195DA19E4E58E20B97C5 ft=1 fh=bfb89c830daa5320 vn="Variante von Win32/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Smartbar\Application\Smartbar.exe.unused.vir"
sh=614FB8504A31105AFE874B9A8EF79F59AB4E2E50 ft=1 fh=46e1d3343be79645 vn="Variante von Win32/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.unused.vir"
sh=1311043DAA15AE126E8A038ABECA268CDD8BDE0B ft=1 fh=687528ab86916dc0 vn="Variante von Win32/Amonetize.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\SwvUpdater\Updater.exe.vir"
sh=4480D743016FFAF83A881489DE3F07374EDAB81F ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default\user.js.vir"
sh=97C98A20388FD894B92FD8325545966CA945BCFB ft=1 fh=6121d07ea56d1649 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Roaming\OpenCandy\1479C787F70148D683941BAF4ABF31DB\Setupsft_chr_p1v7.exe.vir"
sh=079B025C4704D1D26F6B4AC4D1729C5DF4A3D489 ft=1 fh=c71c001104e3a0de vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Roaming\SupTab\SupTab.dll.vir"
sh=985AE5B998513B7D9C2749DF15CAE7C04C3BDC9E ft=1 fh=2f9831d32275f6eb vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=FABAA7D9480F1762368A56E56D67D584F581ED1E ft=1 fh=52a1e6f733c29de8 vn="Variante von Win32/Kryptik.CKTX Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\48B46F9.cpp.xBAD"
sh=7E49EB4153EFD5E491CB26D8FAEE9F4D4317B18F ft=0 fh=0000000000000000 vn="LNK/Agent.AZ Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk.xBAD"
sh=37B2BE0533290A280C8C8B5E9D080FE081D14394 ft=1 fh=822626138d571f66 vn="Variante von Win32/Kryptik.BDQK Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\Administrator\AppData\Roaming\Xuiwi\xila.exe"
sh=EFA6A2122D6DAC6A6CF31CF3362591E93478F5D4 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default\prefs-1.js"
sh=7C19FB8904F17C142F8D7FEAE4D788B7FBA567B2 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default\prefs-2.js"
sh=1CEEF28B0F9D0CE5D9581DA378A4C847D51F4D96 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default\prefs.js"
sh=AC853A52D0576ED0E68374D89C11D122B57FB9A5 ft=1 fh=957cfc91d27798e6 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\Desktop\ATTC\Condor\Attachments_2011_12_17\SoftonicDownloader_fuer_koyote-free-video-converter.exe"
sh=D146AF98EB5CE7A3ECBFF8163EEF002458A1F442 ft=1 fh=129807a7e8f58340 vn="Win32/HackKMS.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Administrator\Documents\Microsoft Office Professional Plus 2010 x64 GER VL Edition\mini-KMS_Activator_v1.1_Office.2010.VL.ENG.exe"
sh=AB10F7CE92F162313C6889FE4DE1C32925956CFB ft=0 fh=0000000000000000 vn="Win32/HackKMS.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Administrator\Documents\Microsoft Office Professional Plus 2010 x64 GER VL Edition\MS_O.PP2010Deutsch.rar"
sh=75E3233E4183BE45DBC44573BA4F1E9F7C66E708 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\8f2f9d.msi"
sh=4ED49476C636F50AB387B8664091179FB98509B7 ft=1 fh=f6ae96ce96075ea2 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files\AskBarDis\bar\bin\askBar.dll"
sh=005AE2DB4A675E2FEE10D097FD6CCB64DF973ABD ft=1 fh=7d67ab6b1f24bdc3 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files\AskBarDis\bar\bin\askPopStp.dll"
sh=7656D5F758E34C32F3DD56A42CC72AE039213550 ft=1 fh=c71c0011f2d7cf26 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Program Files\MediaCoder\OpenCandy\OCSetupHlp.dll"
sh=75CB0C928D6DE7065E9F19755DC37889F66467EA ft=1 fh=84e54232dcf33e6d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
sh=665A0A5EBC50D6AA200E772FB4283B4AD70E8995 ft=1 fh=a49bab710682b497 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgAIMAuto.dll"
sh=407D451BDD1722C622DE960A346EEBA6CB7A39F4 ft=1 fh=3bc7c66c99584495 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgAIMMessengerAdapter.dll"
sh=23370EEB088CF4E08DCC0ECEC217FE814402FD8A ft=1 fh=52fc3e6245a82cc9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgArchive.dll"
sh=949CF14DD153F77DEA9592DCFB76B6B3F02D74B6 ft=1 fh=d6c64f72516fae11 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgcommon.dll"
sh=A914E5E669560B4F37E594C45C83DEAD3D565505 ft=1 fh=ff876e8889a6fe2f vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgcommunication.dll"
sh=3CEE94E37B0B6A2316D2A7ED589028DEC1A2B563 ft=1 fh=5af655c57ad1bfcd vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgconfig.dll"
sh=194C450ECCBFBB83F5599B0B8CA980D45821FBCD ft=1 fh=de479bd3cb943ebd vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgFlashPlayer.dll"
sh=9A0A1220FA0C0284B3967F7CA00B89F21230EAE5 ft=1 fh=0fe79d918086dc0c vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mghooking.dll"
sh=A4700DD391C137F038332EBA0A491C29DA77EDA4 ft=1 fh=f763e96ac94a7a99 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgIEPlayer.dll"
sh=C0868A108FC8A5A67AB6BC5D066FD118B18B644B ft=1 fh=511507783c68a156 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mglogger.dll"
sh=2EC21A43EE8B744A2E667D657DB82AA94508097C ft=1 fh=c35ddd3d6ec16da1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgMediaPlayer.dll"
sh=752C152F26E2707996EED3E3AEE78B3F2078C681 ft=1 fh=a6ef3e85f192ac39 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgMsnAuto.dll"
sh=EFEC08BDCE46C68FC329D53D687651CE5C2ED84A ft=1 fh=62ca91ee42cf63d9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll"
sh=99F341EF5BD64E9F35D4AB948CC5BB802F1B83EE ft=1 fh=f4a67db824065a31 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgsimcommon.dll"
sh=881CF89065A475757232D9CFE45F675BD8B23396 ft=1 fh=132a7067e303c0e7 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgSweetIM.dll"
sh=F77D8FA078E8761B5E128D3A2D3C0BBA86E1B01B ft=1 fh=5b72cddc383af78f vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgUpdateSupport.dll"
sh=FA5A67D7CE3BA1016A2F853434EC57508387DD26 ft=1 fh=0c384461c7e038c1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgxml_wrapper.dll"
sh=BEF1B645222E890337830443E20971106908B400 ft=1 fh=18b616e6da7d4fdc vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgYahooAuto.dll"
sh=F78F085893FAC635CF9FD9F0552AA163966331EA ft=1 fh=4619d0fd2bdcdc95 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll"
sh=361E14E55FAFE371491C4F7A1076AA38ACE0E4E0 ft=1 fh=3bc3e34b6ac1da1c vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Messenger\SweetIM.exe"
sh=6AC1A1E40B265D52C83ADBE0CCA7FD77A2F5CFFB ft=1 fh=1f3c5f539820f653 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe"
sh=0C801A5EB49A358D3C80752D4381419CD5E936BA ft=1 fh=808b4342930ca7c9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
sh=311FF5005B36BEDF12A653B66E4743E73A5807EB ft=1 fh=5c81eb10d6192181 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
sh=7DD3A8B1FE392838C81F4AE136CDE5B3FA5A6354 ft=1 fh=7978f015e61f52a9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
sh=6D7E76E0B14217F0B6BDE0F69F6256ECEB854D74 ft=1 fh=f313411dfae0c3ce vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll"
sh=A0E17B4AC2E02F20396A9EF0F2F3AFEBB1F4DE49 ft=1 fh=3f204d24ec0cc5c3 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
sh=550FAD18726170DDCCCFD2B6D56D3AB73C4D8FB7 ft=1 fh=aebef00a1fd0c9d4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
sh=73F330E2C2D2331CB83B0E2E3B301A0B0D6C2A44 ft=1 fh=bb1fa2c3598d4c05 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
sh=B1519970A4878FEFDD338F4AE40BC2EBC4F174AE ft=1 fh=81aee4e4a23d81c1 vn="Variante von Win32/Keygen.DS potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\ich2\AppData\Local\Temp\MagicISO_01C9A6750AE56CD0\nero8x.exe"
sh=7656D5F758E34C32F3DD56A42CC72AE039213550 ft=1 fh=c71c0011f2d7cf26 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\ich2\AppData\Local\Temp\OpenCandy\OCSetupHlp.dll"
sh=B1519970A4878FEFDD338F4AE40BC2EBC4F174AE ft=1 fh=81aee4e4a23d81c1 vn="Variante von Win32/Keygen.DS potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\ich2\Lokale Einstellungen\Temp\MagicISO_01C9A6750AE56CD0\nero8x.exe"
sh=7656D5F758E34C32F3DD56A42CC72AE039213550 ft=1 fh=c71c0011f2d7cf26 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\ich2\Lokale Einstellungen\Temp\OpenCandy\OCSetupHlp.dll"
sh=D76CBDA13A8B0C007AEEC14727C2AA4037A800FA ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\Installer\ec5335.msi"
sh=8E53DE3382104533C71B185D7F016577DB0C56C2 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Windows\Installer\ec533c.msi"
sh=2BEC3A89EB5BF0BED90AD0923C7D12D44AEB3111 ft=1 fh=169012abcb12da52 vn="Win32/SuspLibLoad.B Trojaner" ac=I fn="C:\Windows.old\Windows\System32\flt1chk4.dll"
sh=2C0C72BFC9F50402CC04329DD2A754C51024DFF9 ft=1 fh=81f95d10216b62c8 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\avira_free_antivirus_de.exe"
sh=DC1FE696A24E0072BA7221FCB0DAFEDB9B3560B4 ft=1 fh=5aa7e24d05d642d5 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="D:\ccsetup315.exe"
sh=40D97D4EBE2200B2FD59517CB26AC6170A443242 ft=1 fh=7a2d6e24ca50fa97 vn="Variante von Win32/Keygen.BT potenziell unsichere Anwendung" ac=I fn="D:\CYGNUS\AutoCAD-2008-keygen.exe"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Administrator (administrator) on LAPPI-PC on 10-09-2014 17:33:14
Running from C:\Users\Administrator\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Microsoft) C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe
(Huawei Technologies Co., Ltd.) C:\Users\Administrator\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(KSE - Korndörfer Software Engineering) C:\Program Files\nHancer\nHancerService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8095776 2009-08-31] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3570176 2009-09-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2010-07-12] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\Run: [BrowserMask] => C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101280 2011-06-21] (Microsoft)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {1b2577a0-b82c-11df-a2dd-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {2177d40f-a670-11e0-90a9-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {40729c3e-e5ad-11df-a470-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {4a2e3785-8d8d-11df-9979-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {4a2e3794-8d8d-11df-9979-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {5ea4abcd-93eb-11df-948d-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {a7d03881-23ac-11df-85f5-001e68e1f025} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {a957420b-b798-11df-8457-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {f88caf50-66fc-11e3-90b5-001e68e1f025} - G:\HTC_Sync_Manager_PC.exe
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MFT VCDS Updater.lnk
ShortcutTarget: MFT VCDS Updater.lnk -> C:\Diagnosetool\VCDS-MFT\VCDS.exe (No File)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk
ShortcutTarget: Ross-Tech VCDS DRV Updater.lnk -> C:\VCDS-Dt\VCDS.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40709AB95DB8CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-06-19]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-06-19]
FF Extension: ProxTube - Unblock YouTube - C:\Program Files (x86)\Mozilla Firefox\extensions\proxtube_gesperrte_youtube_videos_schauen-1.3.4-fx.xpi [2014-06-19]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-31]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-31]
CHR Extension: (RealDownloader) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-05-29]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-05-31]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-31]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3449856 2009-09-05] (Egis Technology Inc.) [File not signed]
R2 nHancer; C:\Program Files\nHancer\nHancerService.exe [39424 2009-10-04] (KSE - Korndörfer Software Engineering) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ai-usb.sys [68608 2012-06-07] (FTDI Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [698376 2008-06-26] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-10-19] (DiBcom S.A.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-06-24] (Nuvoton Technology Corporation)
S3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [82048 2011-08-08] (VSO Software) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 17:35 - 2014-09-10 17:35 - 00000000 ____D () C:\Users\Administrator\Desktop\Neuer Ordner (3)
2014-09-10 17:33 - 2014-09-10 17:34 - 00018741 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-10 17:33 - 2014-09-10 17:33 - 00000000 ____D () C:\Users\Administrator\Desktop\FRST-OlderVersion
2014-09-10 17:27 - 2014-09-10 17:27 - 00854417 _____ () C:\Users\Administrator\Desktop\SecurityCheck.exe
2014-09-10 11:06 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-10 11:06 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-10 11:06 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-10 11:06 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-10 11:05 - 2014-09-10 11:05 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_deu.exe
2014-09-10 11:05 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-10 11:05 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-10 11:05 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-10 11:05 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-10 11:05 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-10 11:05 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-10 11:04 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-10 11:04 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-10 11:04 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-10 11:04 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-10 11:01 - 2014-09-10 11:03 - 00000975 _____ () C:\zoek-results.log
2014-09-10 10:59 - 2014-09-10 10:59 - 00000000 ____D () C:\zoek_backup
2014-09-10 10:59 - 2014-09-09 07:43 - 01421585 _____ () C:\Users\Administrator\Desktop\zoek.scr
2014-09-10 10:59 - 2014-09-09 07:43 - 01421585 _____ () C:\Users\Administrator\Desktop\zoek.com
2014-09-10 10:59 - 2014-09-09 07:36 - 01290240 _____ () C:\Users\Administrator\Desktop\zoek.exe
2014-09-09 15:22 - 2014-09-10 10:57 - 00000168 _____ () C:\Windows\setupact.log
2014-09-09 15:22 - 2014-09-09 15:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-09 15:21 - 2014-09-10 10:57 - 00019038 _____ () C:\Windows\PFRO.log
2014-09-09 14:54 - 2014-09-09 14:58 - 00000000 ____D () C:\Users\Administrator\Desktop\Neuer Ordner (2)
2014-09-09 14:34 - 2014-09-10 17:33 - 00000000 ____D () C:\FRST
2014-09-09 14:30 - 2014-09-09 14:31 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe
2014-09-09 14:30 - 2014-09-09 14:31 - 91906368 _____ (AVAST Software) C:\Users\Administrator\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-09-09 14:28 - 2014-09-09 14:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 14:28 - 2014-09-09 14:28 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-09 14:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-09 14:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-09 14:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-09 14:14 - 2014-09-10 17:33 - 02105856 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 17:35 - 2014-09-10 17:35 - 00000000 ____D () C:\Users\Administrator\Desktop\Neuer Ordner (3)
2014-09-10 17:34 - 2014-09-10 17:33 - 00018741 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-10 17:33 - 2014-09-10 17:33 - 00000000 ____D () C:\Users\Administrator\Desktop\FRST-OlderVersion
2014-09-10 17:33 - 2014-09-09 14:34 - 00000000 ____D () C:\FRST
2014-09-10 17:33 - 2014-09-09 14:14 - 02105856 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-09-10 17:27 - 2014-09-10 17:27 - 00854417 _____ () C:\Users\Administrator\Desktop\SecurityCheck.exe
2014-09-10 17:24 - 2012-04-03 10:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-10 16:43 - 2012-04-27 19:58 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 16:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 12:29 - 2010-02-27 15:51 - 01138874 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 12:12 - 2010-03-27 13:41 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AD3AB99-145F-4619-B3CA-9EC578688A25}
2014-09-10 11:43 - 2012-04-27 19:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 11:25 - 2012-04-03 10:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 11:24 - 2012-04-03 10:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 11:24 - 2011-07-22 09:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 11:07 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 11:07 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 11:05 - 2014-09-10 11:05 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_deu.exe
2014-09-10 11:03 - 2014-09-10 11:01 - 00000975 _____ () C:\zoek-results.log
2014-09-10 10:59 - 2014-09-10 10:59 - 00000000 ____D () C:\zoek_backup
2014-09-10 10:57 - 2014-09-09 15:22 - 00000168 _____ () C:\Windows\setupact.log
2014-09-10 10:57 - 2014-09-09 15:21 - 00019038 _____ () C:\Windows\PFRO.log
2014-09-10 10:57 - 2014-08-05 18:45 - 00000408 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job
2014-09-10 10:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 15:53 - 2012-02-08 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft
2014-09-09 15:53 - 2010-03-03 17:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-09 15:49 - 2011-02-04 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations
2014-09-09 15:48 - 2014-03-27 20:54 - 00000000 ____D () C:\ProgramData\Jeppesen
2014-09-09 15:48 - 2014-03-27 20:54 - 00000000 ____D () C:\Program Files (x86)\Jeppesen
2014-09-09 15:22 - 2014-09-09 15:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-09 15:22 - 2009-07-14 06:45 - 00289432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-09 15:20 - 2010-02-27 17:49 - 00064312 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-09 15:10 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-09 14:58 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\Administrator\Desktop\Neuer Ordner (2)
2014-09-09 14:58 - 2009-07-14 19:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-09-09 14:58 - 2009-07-14 19:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-09-09 14:58 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-09 14:52 - 2014-09-09 14:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 14:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SchCache
2014-09-09 14:34 - 2012-05-31 16:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-09 14:33 - 2011-08-19 21:21 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-09-09 14:31 - 2014-09-09 14:30 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe
2014-09-09 14:31 - 2014-09-09 14:30 - 91906368 _____ (AVAST Software) C:\Users\Administrator\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-09-09 14:28 - 2014-09-09 14:28 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-09 14:26 - 2014-05-20 16:33 - 00000000 ____D () C:\AdwCleaner
2014-09-09 07:43 - 2014-09-10 10:59 - 01421585 _____ () C:\Users\Administrator\Desktop\zoek.scr
2014-09-09 07:43 - 2014-09-10 10:59 - 01421585 _____ () C:\Users\Administrator\Desktop\zoek.com
2014-09-09 07:36 - 2014-09-10 10:59 - 01290240 _____ () C:\Users\Administrator\Desktop\zoek.exe
2014-08-19 17:46 - 2014-08-05 18:45 - 00000402 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Administrator.job
2014-08-19 17:40 - 2012-03-05 14:08 - 00000000 ____D () C:\Users\Administrator\Documents\Bewerbungen
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 10-September-2014
Tool run by Administrator on 10.09.2014 at 11:01:31,12.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Administrator\Desktop\zoek.scr [Scan all users] [Script inserted]
==== System Restore Info ======================
10.09.2014 11:02:39 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Reset Google Chrome ======================
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on 10.09.2014 at 11:03:55,79 ======================
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AntiBrowserSpy
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 13.0.0.214 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AntiBrowserSpy
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 13.0.0.214 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Administrator at 2014-09-10 17:35:25
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.56 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.7.1 - Suyin Optronics Corp)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 3.6.106 - Abelssoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression (HKLM-x32\...\{A4646CC8-905B-4E6D-A094-4C9FB1621042}) (Version: 1.2.26.429 - ArcSoft)
ATTC BU-Trainingssoftware 2.4 (HKLM-x32\...\ATTC BU-Trainingssoftware_is1) (Version: - ATTC)
AuthenTec TrueSuite (HKLM\...\{E6C44758-FF49-47D1-8182-65E3818ACE23}) (Version: 2.0.0.57 - AuthenTec, Inc.)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Azureus (HKLM-x32\...\Azureus) (Version: 2.5.0.4 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C90B King Air HD SERIES FSX (HKLM-x32\...\C90B King Air HD SERIES FSX) (Version: 1.00.00.00 - Carenado)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
Cessna NAVIII G1000 Trainer v8.20 (HKLM-x32\...\Cessna NAVIII G1000 Trainer v8.20) (Version: v8.20 - GARMIN)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: - Elaborate Bytes)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EXAM 11 (HKLM-x32\...\{809B22DC-A386-4F22-0023-DE0000000001}) (Version: 1.0 - Peters Software)
Faros Freeplay FMGS for A320 (HKLM-x32\...\Faros Freeplay FMGS for A320) (Version: - )
Fingerprint Solution (x32 Version: 6.1.56.0 - Egis Technology Inc.) Hidden
Free Video Converter V 3.0 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.0.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
IvAc v1.1.14 (b186-1) (HKLM-x32\...\IvAc_is1) (Version: - IVAO)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java TopTask (HKCU\...\Java TopTask) (Version: - Deutscher Wetterdienst)
Java(TM) 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
nHancer (HKLM\...\{8ACE41AA-6262-43F7-B3E6-217C50803BBA}) (Version: 2.5.0700 - KSE)
Nuvoton CIR Device Driver (HKLM-x32\...\{2D3858B1-226A-420D-9C9D-B51864E85429}) (Version: 8.60.1000 - Nuvoton Technology Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version: - )
PPL-Tutor (HKLM-x32\...\{055266AD-172E-4831-9303-DE137E2ADD67}) (Version: 5.2.7 - BPS Lernprogramme)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5928 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM-x32\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SkyTest® AB-Trainingssoftware (HKLM-x32\...\SkyTest® AB-Trainingssoftware 2.5_is1) (Version: - SkyTest)
SkyTest® BU-Trainingssoftware 2.3 (HKLM-x32\...\SkyTest® BU-Trainingssoftware_is1) (Version: - SkyTest)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
The Eye v1.0.8 (b367) (HKLM-x32\...\IvAe_is1) (Version: - International Virtual Aviation Organisation VZW/ASBL)
T-Mobile Internet Manager (HKLM-x32\...\T-Mobile Internet Manager) (Version: 11.301.05.00.108 - Huawei Technologies Co.,Ltd)
TOPCAT 2.70 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.70 - FlightSimSoft.com Inh. Christian Grill)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VATroute 0.0.1.021 (HKLM-x32\...\VATroute) (Version: 0.0.1.021 - Dirk Trinkaus, Henning Hülsebusch)
VCDS PCI 12.12 (HKLM-x32\...\VCDS PCI) (Version: PCI 12.12 - PCI Diagnosetechnik GmbH & Co. KG)
VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Searchqu Toolbar (HKLM-x32\...\Searchqu 414 MediaBar) (Version: 3.0.0.115676 - Bandoo Media Inc) <==== ATTENTION
Windows-Treiberpaket - Auto-Intern USB-Treiber (03/30/2010 2.06.02) (HKLM\...\42B17F23052FF114E91E57E2287CCEEDF216888D) (Version: 03/30/2010 2.06.02 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern USB-Treiber (05/21/2009 2.04.18) (HKLM\...\947671B77E4C5263102586E2E437A3673CC2795F) (Version: 05/21/2009 2.04.18 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (02/17/2009 2.04.18) (HKLM\...\0F5C7B3CFC52532DF1B4197D18B194DE5AD05130) (Version: 02/17/2009 2.04.18 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (03/30/2010 2.06.02) (HKLM\...\5EFB68C2F0CD0DB3442B0733C6FAB545A71A88FF) (Version: 03/30/2010 2.06.02 - Auto-Intern)
Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-09-10 10:55 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {411399AA-AA3B-47AA-956B-2057D462B555} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {4313BCD4-D384-4411-8762-03E8FC6196B2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {5530645A-19FF-4572-BCB3-64CDD19DAA0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {55D53F81-CCE1-4E5F-BADF-8C5417060BDE} - System32\Tasks\RNUpgradeHelperLogonPrompt_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {5B1C4DFA-3655-495C-B62F-F9EF24D02FE4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {5DA462E7-89DF-4AD5-A58E-533F8242C152} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {60F94F13-4FFE-4BE4-AE3C-AC5485B41A07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {81F25E03-31FE-4221-914C-A6EC959BD251} - System32\Tasks\ReclaimerUpdateFiles_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {9E34BF45-D26D-455C-B294-90B72965A6D4} - System32\Tasks\RealCreateProcessScheduledTask1558013S-1-5-21-2029294292-1738002600-2468904224-500 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-09-26] (RealNetworks, Inc.)
Task: {A1D4D485-D884-49AF-890B-40D5DDF3D170} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {BC55D489-A4C4-4C10-A120-7063CDA4107E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {C19F09DA-DE61-4249-A3AD-026D8ECCF8B3} - System32\Tasks\RNUpgradeHelperResumePrompt_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {C83B0A70-701D-4387-B543-6B3E76EA92E9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {D4B6EFDA-946C-4EF7-94C5-A544B3000E70} - System32\Tasks\ReclaimerUpdateXML_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {F397BB9E-E06C-471A-914B-E6E76F7EFC5E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2008-05-26 19:24 - 2008-05-26 19:24 - 00103424 _____ () C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64.DLL
2010-03-03 17:51 - 2008-07-29 20:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2012-06-02 15:37 - 2011-06-21 12:07 - 00037792 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbCommons.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 06362528 _____ () C:\Program Files (x86)\AntiBrowserSpy\Commons.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00173984 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbBrowserLibs.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00018336 _____ () C:\Program Files (x86)\AntiBrowserSpy\VersionInfo.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00018848 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbSettingsKeeper.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00012704 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbProcessManager.dll
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/10/2014 05:26:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/10/2014 04:12:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/10/2014 04:11:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/10/2014 04:11:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/10/2014 04:10:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/10/2014 11:05:35 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/10/2014 11:05:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/10/2014 11:05:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/09/2014 00:06:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.
Details:
Could not query the status of the EventSystem service.
System Error:
Der Computer wird heruntergefahren.
.
Error: (09/09/2014 11:23:04 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
System errors:
=============
Error: (09/10/2014 04:24:37 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (09/10/2014 10:58:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891
Error: (09/10/2014 10:58:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (09/10/2014 10:57:48 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (09/10/2014 10:57:46 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (09/10/2014 10:57:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060
Error: (09/10/2014 10:55:54 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (09/10/2014 10:55:48 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (09/10/2014 10:50:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891
Error: (09/10/2014 10:50:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891
Microsoft Office Sessions:
=========================
Error: (09/10/2014 05:26:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (09/10/2014 04:12:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\administrator\Desktop\esetsmartinstaller_deu.exe
Error: (09/10/2014 04:11:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\administrator\Desktop\esetsmartinstaller_deu.exe
Error: (09/10/2014 04:11:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe
Error: (09/10/2014 04:10:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (09/10/2014 11:05:35 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Administrator\Desktop\esetsmartinstaller_deu.exe
Error: (09/10/2014 11:05:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Administrator\Desktop\esetsmartinstaller_deu.exe
Error: (09/10/2014 11:05:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Administrator\Desktop\esetsmartinstaller_deu.exe
Error: (09/09/2014 00:06:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.
System Error:
Der Computer wird heruntergefahren.
Error: (09/09/2014 11:23:04 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e
==================== Memory info ===========================
Processor: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-80
Percentage of memory in use: 41%
Total physical RAM: 3838.43 MB
Available physical RAM: 2228.95 MB
Total Pagefile: 7675.04 MB
Available Pagefile: 6034.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:19.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:298.09 GB) (Free:9.54 GB) NTFS
Drive e: (DATA) (Fixed) (Total:144.04 GB) (Free:143.41 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2C74BADC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 2FB1D8DA)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
--- --- --- Hallo, ich kann AVAST nicht installieren weil Base Filering engine nicht läuft. Die Windowsfirewall läßt sich auch nicht einschalten. Gibt es da einen Trick? |
|
11.09.2014, 11:13
| #12 |
| /// TB-Ausbilder | BKA Trojaner, Windows fährt im abgesicherten Modus wieder runter Servus, ok, wir schauen nach den Windows-Diensten.  Den Ordner C:\Windows.old (von einer früheren Windows-Installation) löschen, wenn du ihn nicht mehr benötigst, da ist noch Adware drauf . Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default\prefs.js
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default\prefs-*.js
C:\Users\Administrator\Desktop\ATTC\Condor\Attachments_2011_12_17\SoftonicDownloader_fuer_koyote-free-video-converter.exe
C:\Windows\Installer\8f2f9d.msi
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. Bitte poste mit deiner nächsten Antwort
|
|
11.09.2014, 12:11
| #13 |
| | BKA Trojaner, Windows fährt im abgesicherten Modus wieder runterCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Administrator at 2014-09-11 13:04:17 Run:3
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default\prefs.js
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default\prefs-*.js
C:\Users\Administrator\Desktop\ATTC\Condor\Attachments_2011_12_17\SoftonicDownloader_fuer_koyote-free-video-converter.exe
C:\Windows\Installer\8f2f9d.msi
EmptyTemp:
end
*****************
Processes closed successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default\prefs.js => Moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default\prefs-*.js => Moved successfully.
C:\Users\Administrator\Desktop\ATTC\Condor\Attachments_2011_12_17\SoftonicDownloader_fuer_koyote-free-video-converter.exe => Moved successfully.
C:\Windows\Installer\8f2f9d.msi => Moved successfully.
EmptyTemp: => Removed 463 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter Farbar Service Scanner Version: 21-07-2014
Ran by Administrator (administrator) on 11-09-2014 at 13:09:17
Running from "C:\Users\Administrator\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.
Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.
Other Services:
==============
Checking Start type iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
|
|
12.09.2014, 10:01
| #14 |
| /// TB-Ausbilder | BKA Trojaner, Windows fährt im abgesicherten Modus wieder runter Servus, wir reparieren jetzt ein paar Windows-Dienste und kontrollieren dann nochmal: Schritt 1 Downloade dir bitte ESET services repair und speichere es auf den Desktop.
Schritt 2 FSS erneut ausführen und die Logdatei posten. Bitte poste mit deiner nächsten Antwort
|
|
12.09.2014, 10:19
| #15 |
| | BKA Trojaner, Windows fährt im abgesicherten Modus wieder runterCode:
ATTFilter Log Opened: 2014-09-12 @ 11:13:46
11:13:46 - -----------------
11:13:46 - | Begin Logging |
11:13:46 - -----------------
11:13:46 - Fix started on a WIN_7 X64 computer
11:13:46 - Prep in progress. Please Wait.
11:13:47 - Prep complete
11:13:47 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> failed with: Das System kann die angegebene Datei nicht finden.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: Das System kann die angegebene Datei nicht finden.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: Das System kann die angegebene Datei nicht finden.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: Das System kann die angegebene Datei nicht finden.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: Das System kann die angegebene Datei nicht finden.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
SetACL finished successfully.
11:13:49 - Services Repair Complete.
11:13:54 - Reboot Initiated
Code:
ATTFilter Farbar Service Scanner Version: 21-07-2014
Ran by Administrator (administrator) on 12-09-2014 at 11:17:56
Running from "C:\Users\Administrator\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
|
|
Linear-Darstellung
