BKA Trojaner, Windows fährt im abgesicherten Modus wieder runter

Hirthflieger · 09.09.2014, 12:49

Hallo,

ich habe mir auf meienm Windows 7 den BKA Trojaner mit dem Merkelbild eingefangen. Der Rechner fährt leider auch im abgesicherten Modus wieder runter. Ich habe die von FRST die Datei erstellen lassen.
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by SYSTEM on MININT-JJVIMHG on 09-09-2014 13:35:02
Running from I:\
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8095776 2009-08-31] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3570176 2009-09-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2010-07-12] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{d45cd161-b482-47af-506b-450c5f535931}\n. ATTENTION! ====> ZeroAccess?
HKU\Administrator\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Administrator\...\Run: [BrowserMask] => C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101280 2011-06-21] (Microsoft)
HKU\Administrator\...\Run: [Giupmoal] => C:\Users\Administrator\AppData\Roaming\Xuiwi\xila.exe [241664 2011-09-25] (Acronis)
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MFT VCDS Updater.lnk
ShortcutTarget: MFT VCDS Updater.lnk -> C:\Diagnosetool\VCDS-MFT\VCDS.exe (No File)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\48B46F9.cpp ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk
ShortcutTarget: Ross-Tech VCDS DRV Updater.lnk -> C:\VCDS-Dt\VCDS.exe (No File)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3449856 2009-09-05] (Egis Technology Inc.)
S2 JWC; C:\Program Files (x86)\Jeppesen\JWC\JWC.exe [510512 2012-02-23] (Jeppesen)
S2 nHancer; C:\Program Files\nHancer\nHancerService.exe [39424 2009-10-04] (KSE - Korndörfer Software Engineering)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 Winmgmt; C:\ProgramData\9F64B84.dot [332532 2014-09-09] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
S3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
S3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ai-usb.sys [68608 2012-06-07] (FTDI Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [698376 2008-06-26] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-10-19] (DiBcom S.A.)
S3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-06-24] (Nuvoton Technology Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 13:34 - 2014-09-09 13:35 - 00000000 ____D () C:\FRST
2014-09-09 10:48 - 2014-09-09 10:48 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\9F64B84.dot
2014-09-09 10:46 - 2014-09-09 10:46 - 00135168 _____ () C:\ProgramData\48B46F9.cpp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 13:35 - 2014-09-09 13:34 - 00000000 ____D () C:\FRST
2014-09-09 12:30 - 2012-04-27 18:58 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 12:30 - 2012-04-03 09:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 11:23 - 2014-08-05 17:45 - 00000408 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job
2014-09-09 11:23 - 2012-04-27 18:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 11:23 - 2010-02-27 14:51 - 01547481 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 11:19 - 2014-08-05 17:34 - 00000560 _____ () C:\Windows\setupact.log
2014-09-09 11:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 11:09 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 11:09 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 10:48 - 2014-09-09 10:48 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\9F64B84.dot
2014-09-09 10:46 - 2014-09-09 10:46 - 00135168 _____ () C:\ProgramData\48B46F9.cpp
2014-09-09 10:30 - 2010-03-27 12:41 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AD3AB99-145F-4619-B3CA-9EC578688A25}
2014-08-19 16:46 - 2014-08-05 17:45 - 00000402 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Administrator.job
2014-08-19 16:40 - 2012-03-05 13:08 - 00000000 ____D () C:\Users\Administrator\Documents\Bewerbungen

ZeroAccess:
C:\Windows\Installer\{d45cd161-b482-47af-506b-450c5f535931}
C:\Windows\Installer\{d45cd161-b482-47af-506b-450c5f535931}\@

ZeroAccess:
C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}
C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}\@

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\diczmoqw.dll
C:\Users\Administrator\AppData\Local\Temp\kfe.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3838.43 MB
Available physical RAM: 3231.06 MB
Total Pagefile: 3836.57 MB
Available Pagefile: 3218.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:2.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DATA) (Fixed) (Total:144.04 GB) (Free:142.92 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:10 GB) (Free:1.64 GB) NTFS
Drive i: (extern) (Fixed) (Total:372.61 GB) (Free:85.98 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (DATA) (Fixed) (Total:298.09 GB) (Free:138.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2FB1D8DA)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2C74BADC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 372.6 GB) (Disk ID: E9524FDE)
Partition 1: (Not Active) - (Size=372.6 GB) - (Type=07 NTFS)


LastRegBack: 2014-05-21 20:02

==================== End Of Log ============================

--- --- ---

M-K-D-B · 09.09.2014, 12:51

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{d45cd161-b482-47af-506b-450c5f535931}\n. ATTENTION! ====> ZeroAccess?
HKU\Administrator\...\Run: [Giupmoal] => C:\Users\Administrator\AppData\Roaming\Xuiwi\xila.exe [241664 2011-09-25] (Acronis)
C:\Users\Administrator\AppData\Roaming\Xuiwi
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\48B46F9.cpp ()
S2 Winmgmt; C:\ProgramData\9F64B84.dot [332532 2014-09-09] (Microsoft Corporation)
C:\Windows\Installer\{d45cd161-b482-47af-506b-450c5f535931}
C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}
end

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Bitte berichte mir, ob der Rechner danach wieder normal startet (wir sind noch nicht fertig!).

Hirthflieger · 09.09.2014, 13:00

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by SYSTEM on MININT-JJVIMHG on 09-09-2014 13:35:02
Running from I:\
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8095776 2009-08-31] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3570176 2009-09-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2010-07-12] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{d45cd161-b482-47af-506b-450c5f535931}\n. ATTENTION! ====> ZeroAccess?
HKU\Administrator\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Administrator\...\Run: [BrowserMask] => C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101280 2011-06-21] (Microsoft)
HKU\Administrator\...\Run: [Giupmoal] => C:\Users\Administrator\AppData\Roaming\Xuiwi\xila.exe [241664 2011-09-25] (Acronis)
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MFT VCDS Updater.lnk
ShortcutTarget: MFT VCDS Updater.lnk -> C:\Diagnosetool\VCDS-MFT\VCDS.exe (No File)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\48B46F9.cpp ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk
ShortcutTarget: Ross-Tech VCDS DRV Updater.lnk -> C:\VCDS-Dt\VCDS.exe (No File)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3449856 2009-09-05] (Egis Technology Inc.)
S2 JWC; C:\Program Files (x86)\Jeppesen\JWC\JWC.exe [510512 2012-02-23] (Jeppesen)
S2 nHancer; C:\Program Files\nHancer\nHancerService.exe [39424 2009-10-04] (KSE - Korndörfer Software Engineering)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 Winmgmt; C:\ProgramData\9F64B84.dot [332532 2014-09-09] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
S3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
S3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ai-usb.sys [68608 2012-06-07] (FTDI Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [698376 2008-06-26] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-10-19] (DiBcom S.A.)
S3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-06-24] (Nuvoton Technology Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 13:34 - 2014-09-09 13:35 - 00000000 ____D () C:\FRST
2014-09-09 10:48 - 2014-09-09 10:48 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\9F64B84.dot
2014-09-09 10:46 - 2014-09-09 10:46 - 00135168 _____ () C:\ProgramData\48B46F9.cpp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 13:35 - 2014-09-09 13:34 - 00000000 ____D () C:\FRST
2014-09-09 12:30 - 2012-04-27 18:58 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 12:30 - 2012-04-03 09:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 11:23 - 2014-08-05 17:45 - 00000408 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job
2014-09-09 11:23 - 2012-04-27 18:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 11:23 - 2010-02-27 14:51 - 01547481 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 11:19 - 2014-08-05 17:34 - 00000560 _____ () C:\Windows\setupact.log
2014-09-09 11:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 11:09 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 11:09 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 10:48 - 2014-09-09 10:48 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\9F64B84.dot
2014-09-09 10:46 - 2014-09-09 10:46 - 00135168 _____ () C:\ProgramData\48B46F9.cpp
2014-09-09 10:30 - 2010-03-27 12:41 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AD3AB99-145F-4619-B3CA-9EC578688A25}
2014-08-19 16:46 - 2014-08-05 17:45 - 00000402 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Administrator.job
2014-08-19 16:40 - 2012-03-05 13:08 - 00000000 ____D () C:\Users\Administrator\Documents\Bewerbungen

ZeroAccess:
C:\Windows\Installer\{d45cd161-b482-47af-506b-450c5f535931}
C:\Windows\Installer\{d45cd161-b482-47af-506b-450c5f535931}\@

ZeroAccess:
C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}
C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}\@

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\diczmoqw.dll
C:\Users\Administrator\AppData\Local\Temp\kfe.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3838.43 MB
Available physical RAM: 3231.06 MB
Total Pagefile: 3836.57 MB
Available Pagefile: 3218.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:2.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (DATA) (Fixed) (Total:144.04 GB) (Free:142.92 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:10 GB) (Free:1.64 GB) NTFS
Drive i: (extern) (Fixed) (Total:372.61 GB) (Free:85.98 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (DATA) (Fixed) (Total:298.09 GB) (Free:138.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2FB1D8DA)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2C74BADC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 372.6 GB) (Disk ID: E9524FDE)
Partition 1: (Not Active) - (Size=372.6 GB) - (Type=07 NTFS)


LastRegBack: 2014-05-21 20:02

==================== End Of Log ============================

--- --- ---

M-K-D-B · 09.09.2014, 13:03

Servus,

du sollst keinen Scan, sondern einen Fix im Reparaturmodus ausführen.

Hirthflieger · 09.09.2014, 13:13

Hallo,

habe ich gemacht. Windows fährt jetzt auch wieder normal hoch.

Hier noch der Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by SYSTEM at 2014-09-09 14:06:00 Run:1
Running from I:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
start
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{d45cd161-b482-47af-506b-450c5f535931}\n. ATTENTION! ====> ZeroAccess?
HKU\Administrator\...\Run: [Giupmoal] => C:\Users\Administrator\AppData\Roaming\Xuiwi\xila.exe [241664 2011-09-25] (Acronis)
C:\Users\Administrator\AppData\Roaming\Xuiwi
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\48B46F9.cpp ()
S2 Winmgmt; C:\ProgramData\9F64B84.dot [332532 2014-09-09] (Microsoft Corporation)
C:\Windows\Installer\{d45cd161-b482-47af-506b-450c5f535931}
C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}
end
         
*****************

HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\Giupmoal => value deleted successfully.
C:\Users\Administrator\AppData\Roaming\Xuiwi => Moved successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk => Moved successfully.
C:\ProgramData\48B46F9.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\Windows\Installer\{d45cd161-b482-47af-506b-450c5f535931} => Moved successfully.
C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931} => Moved successfully.

==== End of Fixlog ====

M-K-D-B · 09.09.2014, 13:13

Servus,

FRST neu auf den Desktop laden, ausführen und beide Logdateien posten:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hirthflieger · 09.09.2014, 13:18

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Administrator (administrator) on LAPPI-PC on 09-09-2014 14:15:23
Running from C:\Users\Administrator\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Microsoft) C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Huawei Technologies Co., Ltd.) C:\Users\Administrator\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Jeppesen) C:\Program Files (x86)\Jeppesen\JWC\JWC.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(KSE - Korndörfer Software Engineering) C:\Program Files\nHancer\nHancerService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8095776 2009-08-31] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3570176 2009-09-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2010-07-12] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\Run: [BrowserMask] => C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101280 2011-06-21] (Microsoft)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {1b2577a0-b82c-11df-a2dd-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {2177d40f-a670-11e0-90a9-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {40729c3e-e5ad-11df-a470-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {4a2e3785-8d8d-11df-9979-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {4a2e3794-8d8d-11df-9979-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {5ea4abcd-93eb-11df-948d-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {a7d03881-23ac-11df-85f5-001e68e1f025} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {a957420b-b798-11df-8457-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {f88caf50-66fc-11e3-90b5-001e68e1f025} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}\n. ATTENTION! ====> ZeroAccess/Alureon?
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MFT VCDS Updater.lnk
ShortcutTarget: MFT VCDS Updater.lnk -> C:\Diagnosetool\VCDS-MFT\VCDS.exe (No File)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk
ShortcutTarget: Ross-Tech VCDS DRV Updater.lnk -> C:\VCDS-Dt\VCDS.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40709AB95DB8CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0594F643-F263-4487-99A2-9960337D6BC2} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=aebfd44b0000000000000017c4412da4&r=486
SearchScopes: HKCU - {0594F643-F263-4487-99A2-9960337D6BC2} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=aebfd44b0000000000000017c4412da4&r=486
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default
FF NewTab: chrome://quick_start/content/index.html
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-06-19]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-06-19]
FF Extension: ProxTube - Unblock YouTube - C:\Program Files (x86)\Mozilla Firefox\extensions\proxtube_gesperrte_youtube_videos_schauen-1.3.4-fx.xpi [2014-06-19]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=aebfd44b0000000000000017c4412da4"
CHR DefaultSearchProvider: Default -> Search the web (Softonic)
CHR DefaultSearchURL: Default -> hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=aebfd44b0000000000000017c4412da4
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-31]
CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-31]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-11-14]
CHR Extension: (RealDownloader) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-05-29]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-05-31]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-31]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3449856 2009-09-05] (Egis Technology Inc.) [File not signed]
R2 JWC; C:\Program Files (x86)\Jeppesen\JWC\JWC.exe [510512 2012-02-23] (Jeppesen)
R2 nHancer; C:\Program Files\nHancer\nHancerService.exe [39424 2009-10-04] (KSE - Korndörfer Software Engineering) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ai-usb.sys [68608 2012-06-07] (FTDI Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [698376 2008-06-26] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-10-19] (DiBcom S.A.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-06-24] (Nuvoton Technology Corporation)
S3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [82048 2011-08-08] (VSO Software) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 14:34 - 2014-09-09 14:15 - 00000000 ____D () C:\FRST
2014-09-09 14:15 - 2014-09-09 14:16 - 00023352 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-09 14:14 - 2014-09-09 14:14 - 02105344 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-09-09 11:48 - 2014-09-09 11:48 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\9F64B84.dot

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 14:16 - 2014-09-09 14:15 - 00023352 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-09 14:15 - 2014-09-09 14:34 - 00000000 ____D () C:\FRST
2014-09-09 14:14 - 2014-09-09 14:14 - 02105344 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-09-09 14:13 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 14:13 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 14:12 - 2009-07-14 19:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-09-09 14:12 - 2009-07-14 19:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-09-09 14:12 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-09 14:11 - 2010-02-27 15:51 - 01550368 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 14:08 - 2014-08-05 18:45 - 00000408 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job
2014-09-09 14:08 - 2014-08-05 18:34 - 00000616 _____ () C:\Windows\setupact.log
2014-09-09 14:08 - 2012-04-27 19:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 14:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 13:30 - 2012-04-27 19:58 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 13:30 - 2012-04-03 10:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 11:48 - 2014-09-09 11:48 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\9F64B84.dot
2014-09-09 11:30 - 2010-03-27 13:41 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AD3AB99-145F-4619-B3CA-9EC578688A25}
2014-08-19 17:46 - 2014-08-05 18:45 - 00000402 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Administrator.job
2014-08-19 17:40 - 2012-03-05 14:08 - 00000000 ____D () C:\Users\Administrator\Documents\Bewerbungen

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\diczmoqw.dll
C:\Users\Administrator\AppData\Local\Temp\kfe.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-21 21:02

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Administrator at 2014-09-09 14:16:44
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.56 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.7.1 - Suyin Optronics Corp)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Aerosoft's - Bari X (HKLM-x32\...\{2C34DF17-A9FE-44EE-ABE6-6933F0929300}) (Version: 1.00 - Aerosoft)
Aerosoft's - Frankfurt-Hahn X (HKLM-x32\...\{B0E7EC1F-53EC-4CD4-81B6-0AA25C8C5A9A}) (Version: 1.00 - Aerosoft)
AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 3.6.106 - Abelssoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression (HKLM-x32\...\{A4646CC8-905B-4E6D-A094-4C9FB1621042}) (Version: 1.2.26.429 - ArcSoft)
ATTC BU-Trainingssoftware 2.4 (HKLM-x32\...\ATTC BU-Trainingssoftware_is1) (Version:  - ATTC)
AuthenTec TrueSuite (HKLM\...\{E6C44758-FF49-47D1-8182-65E3818ACE23}) (Version: 2.0.0.57 - AuthenTec, Inc.)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Azureus (HKLM-x32\...\Azureus) (Version: 2.5.0.4 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C90B King Air HD SERIES FSX (HKLM-x32\...\C90B King Air HD SERIES FSX) (Version: 1.00.00.00 - Carenado)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
Cessna NAVIII G1000 Trainer v8.20 (HKLM-x32\...\Cessna NAVIII G1000 Trainer v8.20) (Version: v8.20 - GARMIN)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version:  - Elaborate Bytes)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EXAM 11 (HKLM-x32\...\{809B22DC-A386-4F22-0023-DE0000000001}) (Version: 1.0 - Peters Software)
Faros Freeplay FMGS for A320 (HKLM-x32\...\Faros Freeplay FMGS for A320) (Version:  - )
Fingerprint Solution (x32 Version: 6.1.56.0 - Egis Technology Inc.) Hidden
Free Video Converter V 3.0 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.0.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
IvAc v1.1.14 (b186-1) (HKLM-x32\...\IvAc_is1) (Version:  - IVAO)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java TopTask (HKCU\...\Java TopTask) (Version:  - Deutscher Wetterdienst)
Java(TM) 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jeppesen Program and Data Installation (HKLM-x32\...\{4173F0BF-2363-4DC3-92A9-446B69DBB134}) (Version: 1.0.0.0 - Jeppesen)
Jeppesen Weather Service (HKLM-x32\...\{3E1D1CE6-FF37-4A5D-9714-D6F48CFD589D}) (Version: 2.4.1.1 - Jeppesen)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
nHancer (HKLM\...\{8ACE41AA-6262-43F7-B3E6-217C50803BBA}) (Version: 2.5.0700 - KSE)
Nuvoton CIR Device Driver (HKLM-x32\...\{2D3858B1-226A-420D-9C9D-B51864E85429}) (Version: 8.60.1000 - Nuvoton Technology Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
PA34 200T SENECA II FSX (HKLM-x32\...\PA34 200T SENECA II FSX) (Version: 1.00.00.00 - Carenado)
PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version:  - )
PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.2922 - PMDG Simulations, LLC.)
PPL-Tutor (HKLM-x32\...\{055266AD-172E-4831-9303-DE137E2ADD67}) (Version: 5.2.7 - BPS Lernprogramme)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5928 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM-x32\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SkyTest® AB-Trainingssoftware (HKLM-x32\...\SkyTest® AB-Trainingssoftware 2.5_is1) (Version:  - SkyTest)
SkyTest® BU-Trainingssoftware 2.3 (HKLM-x32\...\SkyTest® BU-Trainingssoftware_is1) (Version:  - SkyTest)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
The Eye v1.0.8 (b367) (HKLM-x32\...\IvAe_is1) (Version:  - International Virtual Aviation Organisation VZW/ASBL)
T-Mobile Internet Manager (HKLM-x32\...\T-Mobile Internet Manager) (Version: 11.301.05.00.108 - Huawei Technologies Co.,Ltd)
TOPCAT 2.70 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.70 - FlightSimSoft.com Inh. Christian Grill)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VATroute 0.0.1.021  (HKLM-x32\...\VATroute) (Version: 0.0.1.021 - Dirk Trinkaus, Henning Hülsebusch)
VCDS PCI 12.12 (HKLM-x32\...\VCDS PCI) (Version: PCI 12.12 - PCI Diagnosetechnik GmbH & Co. KG)
VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.4 - Vuze Inc.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Searchqu Toolbar (HKLM-x32\...\Searchqu 414 MediaBar) (Version: 3.0.0.115676 - Bandoo Media Inc) <==== ATTENTION
Windows-Treiberpaket - Auto-Intern USB-Treiber (03/30/2010 2.06.02) (HKLM\...\42B17F23052FF114E91E57E2287CCEEDF216888D) (Version: 03/30/2010 2.06.02 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern USB-Treiber (05/21/2009 2.04.18) (HKLM\...\947671B77E4C5263102586E2E437A3673CC2795F) (Version: 05/21/2009 2.04.18 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (02/17/2009 2.04.18) (HKLM\...\0F5C7B3CFC52532DF1B4197D18B194DE5AD05130) (Version: 02/17/2009 2.04.18 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (03/30/2010 2.06.02) (HKLM\...\5EFB68C2F0CD0DB3442B0733C6FAB545A71A88FF) (Version: 03/30/2010 2.06.02 - Auto-Intern)
Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2029294292-1738002600-2468904224-500_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}\n. No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2012-06-02 15:41 - 00000895 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.google-analytics.com
127.0.0.1 google-analytics.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {411399AA-AA3B-47AA-956B-2057D462B555} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {4313BCD4-D384-4411-8762-03E8FC6196B2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {5530645A-19FF-4572-BCB3-64CDD19DAA0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {55D53F81-CCE1-4E5F-BADF-8C5417060BDE} - System32\Tasks\RNUpgradeHelperLogonPrompt_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {5B1C4DFA-3655-495C-B62F-F9EF24D02FE4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {5DA462E7-89DF-4AD5-A58E-533F8242C152} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {60F94F13-4FFE-4BE4-AE3C-AC5485B41A07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {81F25E03-31FE-4221-914C-A6EC959BD251} - System32\Tasks\ReclaimerUpdateFiles_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {9E34BF45-D26D-455C-B294-90B72965A6D4} - System32\Tasks\RealCreateProcessScheduledTask1558013S-1-5-21-2029294292-1738002600-2468904224-500 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-09-26] (RealNetworks, Inc.)
Task: {A1D4D485-D884-49AF-890B-40D5DDF3D170} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {BC55D489-A4C4-4C10-A120-7063CDA4107E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-30] (Adobe Systems Incorporated)
Task: {C19F09DA-DE61-4249-A3AD-026D8ECCF8B3} - System32\Tasks\RNUpgradeHelperResumePrompt_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {C83B0A70-701D-4387-B543-6B3E76EA92E9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {D4B6EFDA-946C-4EF7-94C5-A544B3000E70} - System32\Tasks\ReclaimerUpdateXML_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {F397BB9E-E06C-471A-914B-E6E76F7EFC5E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2008-05-26 19:24 - 2008-05-26 19:24 - 00103424 _____ () C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64.DLL
2010-03-03 17:51 - 2008-07-29 20:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2012-06-02 15:37 - 2011-06-21 12:07 - 00037792 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbCommons.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 06362528 _____ () C:\Program Files (x86)\AntiBrowserSpy\Commons.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00173984 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbBrowserLibs.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00018336 _____ () C:\Program Files (x86)\AntiBrowserSpy\VersionInfo.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00018848 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbSettingsKeeper.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00012704 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbProcessManager.dll
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00012800 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_system-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00045056 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_date_time-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00699904 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_regex-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00046592 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_thread-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00053760 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_iostreams-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00065024 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_zlib-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00130048 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_filesystem-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:47 - 00084480 _____ () C:\Program Files (x86)\Jeppesen\JWC\plugins\JVNavData.dll
2014-03-27 20:56 - 2012-02-23 16:48 - 00231936 _____ () C:\Program Files (x86)\Jeppesen\JWC\plugins\JWCConnect.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2014 00:06:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.


Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.
.

Error: (09/09/2014 11:23:04 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/19/2014 05:40:10 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/08/2014 06:14:34 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/05/2014 06:41:51 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/05/2014 06:39:13 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (07/30/2014 00:09:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: lappi-PC)
Description: Produkt: Microsoft Office XP Professional mit FrontPage - Update "{4757E865-0292-4E04-940D-9C51052A5DD6}" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/30/2014 00:09:17 PM) (Source: MsiInstaller) (EventID: 11706) (User: lappi-PC)
Description: Produkt: Microsoft Office XP Professional mit FrontPage -- Fehler 1706. Setup kann die benötigten Dateien nicht finden. Überprüfen Sie Ihre Verbindung mit dem Netzwerk oder dem CD-ROM-Laufwerk. Um mehr über mögliche Lösungen für dieses Problem zu erfahren, sehen sie bitte nach in C:\Program Files (x86)\Microsoft Office\Office10\1031\SETUP.HLP.

Error: (07/30/2014 11:18:52 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (06/19/2014 06:34:50 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e


System errors:
=============
Error: (09/09/2014 02:09:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (09/09/2014 02:09:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (09/09/2014 02:08:26 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (09/09/2014 02:08:23 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (09/09/2014 02:08:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (09/09/2014 01:30:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (09/09/2014 00:23:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (09/09/2014 00:23:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (09/09/2014 00:23:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (09/09/2014 00:23:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127


Microsoft Office Sessions:
=========================
Error: (09/09/2014 00:06:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (09/09/2014 11:23:04 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/19/2014 05:40:10 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/08/2014 06:14:34 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/05/2014 06:41:51 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/05/2014 06:39:13 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (07/30/2014 00:09:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: lappi-PC)
Description: Microsoft Office XP Professional mit FrontPage{4757E865-0292-4E04-940D-9C51052A5DD6}1603(NULL)(NULL)(NULL)

Error: (07/30/2014 00:09:17 PM) (Source: MsiInstaller) (EventID: 11706) (User: lappi-PC)
Description: Produkt: Microsoft Office XP Professional mit FrontPage -- Fehler 1706. Setup kann die benötigten Dateien nicht finden. Überprüfen Sie Ihre Verbindung mit dem Netzwerk oder dem CD-ROM-Laufwerk. Um mehr über mögliche Lösungen für dieses Problem zu erfahren, sehen sie bitte nach in C:\Program Files (x86)\Microsoft Office\Office10\1031\SETUP.HLP.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/30/2014 11:18:52 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (06/19/2014 06:34:50 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e


==================== Memory info =========================== 

Processor: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-80
Percentage of memory in use: 32%
Total physical RAM: 3838.43 MB
Available physical RAM: 2573.86 MB
Total Pagefile: 7675.04 MB
Available Pagefile: 6266.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:2.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:298.09 GB) (Free:138.52 GB) NTFS
Drive e: (DATA) (Fixed) (Total:144.04 GB) (Free:142.92 GB) NTFS
Drive g: (extern) (Fixed) (Total:372.61 GB) (Free:86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2C74BADC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 2FB1D8DA)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 372.6 GB) (Disk ID: E9524FDE)
Partition 1: (Not Active) - (Size=372.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B · 09.09.2014, 13:21

So geht es weiter:

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die beiden neuen Logdateien von FRST.

Hirthflieger · 09.09.2014, 14:01

Code:

ATTFilter

# AdwCleaner v3.309 - Bericht erstellt am 09/09/2014 um 14:26:16
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Administrator - LAPPI-PC
# Gestartet von : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KDX6XW07\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Ordner Gelöscht : C:\Program Files (x86)\Free Video Converter
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sizlsearch_ad_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sizlsearch_ad_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sizlsearch_Setup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sizlsearch_Setup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1_RASMANCS
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16464


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v

[ Datei : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [28376 octets] - [20/05/2014 16:33:46]
AdwCleaner[R1].txt - [3675 octets] - [09/09/2014 14:24:33]
AdwCleaner[S0].txt - [24325 octets] - [20/05/2014 16:34:57]
AdwCleaner[S1].txt - [3564 octets] - [09/09/2014 14:26:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3624 octets] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.09.2014
Suchlauf-Zeit: 14:29:17
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.09.02
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Administrator

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 364241
Verstrichene Zeit: 21 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.WeatherItUp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Weather It Up, In Quarantäne, [8412c6258dee75c1c0fdbb67f70ce41c], 

Registrierungswerte: 1
PUP.Optional.QuickStart.A, HKU\S-1-5-21-2029294292-1738002600-2468904224-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, In Quarantäne, [ecaa7f6c0a71db5bfc5f47c120e349b7]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 4
Trojan.FakeMS, C:\ProgramData\9F64B84.dot, In Quarantäne, [6e287c6fe4973df936c3117257aae818], 
Trojan.Agent.ED, C:\Users\Administrator\AppData\Local\Temp\kfe.dll, In Quarantäne, [1e785b90314ad066ec463c7bbc4523dd], 
PUP.Optional.OptimumInstaller.A, C:\Users\Administrator\Downloads\evasi0n7-1.0.7-OP.zip, In Quarantäne, [4353e308a2d94aecc6c3a2ba798831cf], 
PUP.Optional.InstallMonetizer, C:\Users\Administrator\Downloads\Microsoft Office 2013 Professional Plus Serial Key Free Direct Download Link__4367_il4470736.exe, In Quarantäne, [21758c5fa7d49c9ab9f7b681ff0254ac], 

Physische Sektoren: 0
(No malicious items detected)


(end)

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Administrator (administrator) on LAPPI-PC on 09-09-2014 14:54:32
Running from C:\Users\Administrator\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Microsoft) C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe
(Huawei Technologies Co., Ltd.) C:\Users\Administrator\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Jeppesen) C:\Program Files (x86)\Jeppesen\JWC\JWC.exe
(KSE - Korndörfer Software Engineering) C:\Program Files\nHancer\nHancerService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8095776 2009-08-31] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3570176 2009-09-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2010-07-12] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\Run: [BrowserMask] => C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101280 2011-06-21] (Microsoft)
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {1b2577a0-b82c-11df-a2dd-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {2177d40f-a670-11e0-90a9-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {40729c3e-e5ad-11df-a470-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {4a2e3785-8d8d-11df-9979-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {4a2e3794-8d8d-11df-9979-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {5ea4abcd-93eb-11df-948d-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {a7d03881-23ac-11df-85f5-001e68e1f025} - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {a957420b-b798-11df-8457-001e68e1f025} - G:\AutoRun.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...\MountPoints2: {f88caf50-66fc-11e3-90b5-001e68e1f025} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2029294292-1738002600-2468904224-500\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}\n. ATTENTION! ====> ZeroAccess/Alureon?
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MFT VCDS Updater.lnk
ShortcutTarget: MFT VCDS Updater.lnk -> C:\Diagnosetool\VCDS-MFT\VCDS.exe (No File)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk
ShortcutTarget: Ross-Tech VCDS DRV Updater.lnk -> C:\VCDS-Dt\VCDS.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40709AB95DB8CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0594F643-F263-4487-99A2-9960337D6BC2} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=aebfd44b0000000000000017c4412da4&r=486
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p33t7rrp.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-06-19]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-06-19]
FF Extension: ProxTube - Unblock YouTube - C:\Program Files (x86)\Mozilla Firefox\extensions\proxtube_gesperrte_youtube_videos_schauen-1.3.4-fx.xpi [2014-06-19]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=aebfd44b0000000000000017c4412da4"
CHR DefaultSearchProvider: Default -> Search the web (Softonic)
CHR DefaultSearchURL: Default -> hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=aebfd44b0000000000000017c4412da4
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-31]
CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-31]
CHR Extension: (RealDownloader) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-05-29]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-05-31]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-31]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3449856 2009-09-05] (Egis Technology Inc.) [File not signed]
R2 JWC; C:\Program Files (x86)\Jeppesen\JWC\JWC.exe [510512 2012-02-23] (Jeppesen)
R2 nHancer; C:\Program Files\nHancer\nHancerService.exe [39424 2009-10-04] (KSE - Korndörfer Software Engineering) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2006-12-14] (Elaborate Bytes AG)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ai-usb.sys [68608 2012-06-07] (FTDI Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [15656 2008-09-09] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [698376 2008-06-26] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-10-19] (DiBcom S.A.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-06-24] (Nuvoton Technology Corporation)
S3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [82048 2011-08-08] (VSO Software) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 14:54 - 2014-09-09 14:55 - 00000000 ____D () C:\Users\Administrator\Desktop\Neuer Ordner (2)
2014-09-09 14:34 - 2014-09-09 14:54 - 00000000 ____D () C:\FRST
2014-09-09 14:30 - 2014-09-09 14:31 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe
2014-09-09 14:30 - 2014-09-09 14:31 - 91906368 _____ (AVAST Software) C:\Users\Administrator\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-09-09 14:28 - 2014-09-09 14:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 14:28 - 2014-09-09 14:28 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-09 14:28 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-09 14:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-09 14:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-09 14:23 - 2014-09-09 14:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-09 14:16 - 2014-09-09 14:17 - 00031536 _____ () C:\Users\Administrator\Desktop\Addition.txt
2014-09-09 14:15 - 2014-09-09 14:55 - 00022566 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-09 14:14 - 2014-09-09 14:14 - 02105344 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-09-09 11:48 - 2014-09-09 11:49 - 10289369 _____ () C:\Users\Administrator\Desktop\12911_03_10.mp4
2014-09-09 11:48 - 2014-09-09 11:48 - 12282018 _____ () C:\Users\Administrator\Desktop\00000001s.mp4
2014-09-09 11:47 - 2014-09-09 11:47 - 10105901 _____ () C:\Users\Administrator\Desktop\00000001.mp4
2014-09-09 11:36 - 2014-09-09 11:36 - 06750250 _____ () C:\Users\Administrator\Desktop\07.mp4
2014-09-09 11:36 - 2014-09-09 11:36 - 06144974 _____ () C:\Users\Administrator\Desktop\08.mp4
2014-09-09 11:33 - 2014-09-09 11:34 - 11873033 _____ () C:\Users\Administrator\Desktop\05.wmv
2014-09-09 11:33 - 2014-09-09 11:33 - 12729033 _____ () C:\Users\Administrator\Desktop\04.wmv
2014-09-09 11:32 - 2014-09-09 11:33 - 11889033 _____ () C:\Users\Administrator\Desktop\03.wmv
2014-09-09 11:32 - 2014-09-09 11:32 - 11881033 _____ () C:\Users\Administrator\Desktop\02.wmv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 14:55 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\Administrator\Desktop\Neuer Ordner (2)
2014-09-09 14:55 - 2014-09-09 14:15 - 00022566 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-09 14:54 - 2014-09-09 14:34 - 00000000 ____D () C:\FRST
2014-09-09 14:52 - 2014-09-09 14:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 14:52 - 2014-08-05 18:45 - 00000408 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job
2014-09-09 14:52 - 2014-08-05 18:34 - 00000728 _____ () C:\Windows\setupact.log
2014-09-09 14:52 - 2014-08-05 18:33 - 00434358 _____ () C:\Windows\PFRO.log
2014-09-09 14:52 - 2012-04-27 19:58 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 14:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 14:51 - 2010-02-27 15:51 - 01554962 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 14:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SchCache
2014-09-09 14:43 - 2012-04-27 19:58 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 14:34 - 2012-05-31 16:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-09 14:33 - 2011-08-19 21:21 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-09-09 14:33 - 2009-07-14 19:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-09-09 14:33 - 2009-07-14 19:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-09-09 14:33 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-09 14:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 14:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 14:31 - 2014-09-09 14:30 - 91906368 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_9_0_2021.exe
2014-09-09 14:31 - 2014-09-09 14:30 - 91906368 _____ (AVAST Software) C:\Users\Administrator\Downloads\avast_free_antivirus_setup_9_0_2021.exe
2014-09-09 14:28 - 2014-09-09 14:28 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-09 14:26 - 2014-05-20 16:33 - 00000000 ____D () C:\AdwCleaner
2014-09-09 14:24 - 2012-04-03 10:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 14:23 - 2014-09-09 14:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-09 14:17 - 2014-09-09 14:16 - 00031536 _____ () C:\Users\Administrator\Desktop\Addition.txt
2014-09-09 14:14 - 2014-09-09 14:14 - 02105344 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-09-09 11:49 - 2014-09-09 11:48 - 10289369 _____ () C:\Users\Administrator\Desktop\12911_03_10.mp4
2014-09-09 11:48 - 2014-09-09 11:48 - 12282018 _____ () C:\Users\Administrator\Desktop\00000001s.mp4
2014-09-09 11:47 - 2014-09-09 11:47 - 10105901 _____ () C:\Users\Administrator\Desktop\00000001.mp4
2014-09-09 11:36 - 2014-09-09 11:36 - 06750250 _____ () C:\Users\Administrator\Desktop\07.mp4
2014-09-09 11:36 - 2014-09-09 11:36 - 06144974 _____ () C:\Users\Administrator\Desktop\08.mp4
2014-09-09 11:34 - 2014-09-09 11:33 - 11873033 _____ () C:\Users\Administrator\Desktop\05.wmv
2014-09-09 11:33 - 2014-09-09 11:33 - 12729033 _____ () C:\Users\Administrator\Desktop\04.wmv
2014-09-09 11:33 - 2014-09-09 11:32 - 11889033 _____ () C:\Users\Administrator\Desktop\03.wmv
2014-09-09 11:32 - 2014-09-09 11:32 - 11881033 _____ () C:\Users\Administrator\Desktop\02.wmv
2014-09-09 11:30 - 2010-03-27 13:41 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AD3AB99-145F-4619-B3CA-9EC578688A25}
2014-08-19 17:46 - 2014-08-05 18:45 - 00000402 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Administrator.job
2014-08-19 17:40 - 2012-03-05 14:08 - 00000000 ____D () C:\Users\Administrator\Documents\Bewerbungen

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\diczmoqw.dll
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-21 21:02

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Administrator at 2014-09-09 14:57:22
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.56 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.7.1 - Suyin Optronics Corp)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Aerosoft's - Bari X (HKLM-x32\...\{2C34DF17-A9FE-44EE-ABE6-6933F0929300}) (Version: 1.00 - Aerosoft)
Aerosoft's - Frankfurt-Hahn X (HKLM-x32\...\{B0E7EC1F-53EC-4CD4-81B6-0AA25C8C5A9A}) (Version: 1.00 - Aerosoft)
AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 3.6.106 - Abelssoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression (HKLM-x32\...\{A4646CC8-905B-4E6D-A094-4C9FB1621042}) (Version: 1.2.26.429 - ArcSoft)
ATTC BU-Trainingssoftware 2.4 (HKLM-x32\...\ATTC BU-Trainingssoftware_is1) (Version:  - ATTC)
AuthenTec TrueSuite (HKLM\...\{E6C44758-FF49-47D1-8182-65E3818ACE23}) (Version: 2.0.0.57 - AuthenTec, Inc.)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Azureus (HKLM-x32\...\Azureus) (Version: 2.5.0.4 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C90B King Air HD SERIES FSX (HKLM-x32\...\C90B King Air HD SERIES FSX) (Version: 1.00.00.00 - Carenado)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
Cessna NAVIII G1000 Trainer v8.20 (HKLM-x32\...\Cessna NAVIII G1000 Trainer v8.20) (Version: v8.20 - GARMIN)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version:  - Elaborate Bytes)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EXAM 11 (HKLM-x32\...\{809B22DC-A386-4F22-0023-DE0000000001}) (Version: 1.0 - Peters Software)
Faros Freeplay FMGS for A320 (HKLM-x32\...\Faros Freeplay FMGS for A320) (Version:  - )
Fingerprint Solution (x32 Version: 6.1.56.0 - Egis Technology Inc.) Hidden
Free Video Converter V 3.0 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.0.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
IvAc v1.1.14 (b186-1) (HKLM-x32\...\IvAc_is1) (Version:  - IVAO)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java TopTask (HKCU\...\Java TopTask) (Version:  - Deutscher Wetterdienst)
Java(TM) 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Jeppesen Program and Data Installation (HKLM-x32\...\{4173F0BF-2363-4DC3-92A9-446B69DBB134}) (Version: 1.0.0.0 - Jeppesen)
Jeppesen Weather Service (HKLM-x32\...\{3E1D1CE6-FF37-4A5D-9714-D6F48CFD589D}) (Version: 2.4.1.1 - Jeppesen)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
nHancer (HKLM\...\{8ACE41AA-6262-43F7-B3E6-217C50803BBA}) (Version: 2.5.0700 - KSE)
Nuvoton CIR Device Driver (HKLM-x32\...\{2D3858B1-226A-420D-9C9D-B51864E85429}) (Version: 8.60.1000 - Nuvoton Technology Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
PA34 200T SENECA II FSX (HKLM-x32\...\PA34 200T SENECA II FSX) (Version: 1.00.00.00 - Carenado)
PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version:  - )
PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.2922 - PMDG Simulations, LLC.)
PPL-Tutor (HKLM-x32\...\{055266AD-172E-4831-9303-DE137E2ADD67}) (Version: 5.2.7 - BPS Lernprogramme)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5928 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM-x32\...\{6D172D0A-B9F1-4046-AFAB-8599288545BF}) (Version: 5.34.55.3 - Apple Inc.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SkyTest® AB-Trainingssoftware (HKLM-x32\...\SkyTest® AB-Trainingssoftware 2.5_is1) (Version:  - SkyTest)
SkyTest® BU-Trainingssoftware 2.3 (HKLM-x32\...\SkyTest® BU-Trainingssoftware_is1) (Version:  - SkyTest)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
The Eye v1.0.8 (b367) (HKLM-x32\...\IvAe_is1) (Version:  - International Virtual Aviation Organisation VZW/ASBL)
T-Mobile Internet Manager (HKLM-x32\...\T-Mobile Internet Manager) (Version: 11.301.05.00.108 - Huawei Technologies Co.,Ltd)
TOPCAT 2.70 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.70 - FlightSimSoft.com Inh. Christian Grill)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VATroute 0.0.1.021  (HKLM-x32\...\VATroute) (Version: 0.0.1.021 - Dirk Trinkaus, Henning Hülsebusch)
VCDS PCI 12.12 (HKLM-x32\...\VCDS PCI) (Version: PCI 12.12 - PCI Diagnosetechnik GmbH & Co. KG)
VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.4 - Vuze Inc.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Searchqu Toolbar (HKLM-x32\...\Searchqu 414 MediaBar) (Version: 3.0.0.115676 - Bandoo Media Inc) <==== ATTENTION
Windows-Treiberpaket - Auto-Intern USB-Treiber (03/30/2010 2.06.02) (HKLM\...\42B17F23052FF114E91E57E2287CCEEDF216888D) (Version: 03/30/2010 2.06.02 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern USB-Treiber (05/21/2009 2.04.18) (HKLM\...\947671B77E4C5263102586E2E437A3673CC2795F) (Version: 05/21/2009 2.04.18 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (02/17/2009 2.04.18) (HKLM\...\0F5C7B3CFC52532DF1B4197D18B194DE5AD05130) (Version: 02/17/2009 2.04.18 - Auto-Intern)
Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (03/30/2010 2.06.02) (HKLM\...\5EFB68C2F0CD0DB3442B0733C6FAB545A71A88FF) (Version: 03/30/2010 2.06.02 - Auto-Intern)
Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2029294292-1738002600-2468904224-500_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Administrator\AppData\Local\{d45cd161-b482-47af-506b-450c5f535931}\n. No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2012-06-02 15:41 - 00000895 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.google-analytics.com
127.0.0.1 google-analytics.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {411399AA-AA3B-47AA-956B-2057D462B555} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {4313BCD4-D384-4411-8762-03E8FC6196B2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {5530645A-19FF-4572-BCB3-64CDD19DAA0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {55D53F81-CCE1-4E5F-BADF-8C5417060BDE} - System32\Tasks\RNUpgradeHelperLogonPrompt_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {5B1C4DFA-3655-495C-B62F-F9EF24D02FE4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {5DA462E7-89DF-4AD5-A58E-533F8242C152} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {60F94F13-4FFE-4BE4-AE3C-AC5485B41A07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {81F25E03-31FE-4221-914C-A6EC959BD251} - System32\Tasks\ReclaimerUpdateFiles_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {9E34BF45-D26D-455C-B294-90B72965A6D4} - System32\Tasks\RealCreateProcessScheduledTask1558013S-1-5-21-2029294292-1738002600-2468904224-500 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-09-26] (RealNetworks, Inc.)
Task: {A1D4D485-D884-49AF-890B-40D5DDF3D170} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2029294292-1738002600-2468904224-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {BC55D489-A4C4-4C10-A120-7063CDA4107E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-30] (Adobe Systems Incorporated)
Task: {C19F09DA-DE61-4249-A3AD-026D8ECCF8B3} - System32\Tasks\RNUpgradeHelperResumePrompt_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {C83B0A70-701D-4387-B543-6B3E76EA92E9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2029294292-1738002600-2468904224-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {D4B6EFDA-946C-4EF7-94C5-A544B3000E70} - System32\Tasks\ReclaimerUpdateXML_Administrator => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-07-30] (RealNetworks, Inc.)
Task: {F397BB9E-E06C-471A-914B-E6E76F7EFC5E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job => C:\Users\Administrator\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2008-05-26 19:24 - 2008-05-26 19:24 - 00103424 _____ () C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64.DLL
2010-03-03 17:51 - 2008-07-29 20:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2012-06-02 15:37 - 2011-06-21 12:07 - 00037792 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbCommons.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 06362528 _____ () C:\Program Files (x86)\AntiBrowserSpy\Commons.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00173984 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbBrowserLibs.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00018336 _____ () C:\Program Files (x86)\AntiBrowserSpy\VersionInfo.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00018848 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbSettingsKeeper.dll
2012-06-02 15:37 - 2011-06-21 12:07 - 00012704 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbProcessManager.dll
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00012800 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_system-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00045056 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_date_time-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00699904 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_regex-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00046592 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_thread-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00053760 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_iostreams-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00065024 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_zlib-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:42 - 00130048 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_filesystem-vc90-mt-1_46_1.dll
2014-03-27 20:56 - 2012-02-23 16:47 - 00084480 _____ () C:\Program Files (x86)\Jeppesen\JWC\plugins\JVNavData.dll
2014-03-27 20:56 - 2012-02-23 16:48 - 00231936 _____ () C:\Program Files (x86)\Jeppesen\JWC\plugins\JWCConnect.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00108032 _____ () C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
2011-06-06 02:26 - 2011-06-06 02:26 - 00101376 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 02263552 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00046592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00067072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00210944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 02157568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00046592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00033792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00090112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00231424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00039424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00034304 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00078848 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00031232 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00108032 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 01104896 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libtaglib_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00338944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liblua_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 01137664 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00046592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00033792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00194048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 11496448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00037376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00034304 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00237568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 01290752 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00265216 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 01712128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00130048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 01763328 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00045568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00033280 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00039424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00309760 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00368640 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00035840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00258048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 08103424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00640512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00048640 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00039936 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00325632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00046080 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00135680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00073728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00040448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00052224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00032768 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00038400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00032768 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00031744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00031232 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00061440 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00031232 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00057856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00178176 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00065536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00128000 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00032768 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00030720 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00032256 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00033792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00032256 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmono_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00031232 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00041472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00031744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
2011-06-06 02:26 - 2011-06-06 02:26 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2014 00:06:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.


Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.
.

Error: (09/09/2014 11:23:04 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/19/2014 05:40:10 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/08/2014 06:14:34 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/05/2014 06:41:51 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/05/2014 06:39:13 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (07/30/2014 00:09:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: lappi-PC)
Description: Produkt: Microsoft Office XP Professional mit FrontPage - Update "{4757E865-0292-4E04-940D-9C51052A5DD6}" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/30/2014 00:09:17 PM) (Source: MsiInstaller) (EventID: 11706) (User: lappi-PC)
Description: Produkt: Microsoft Office XP Professional mit FrontPage -- Fehler 1706. Setup kann die benötigten Dateien nicht finden. Überprüfen Sie Ihre Verbindung mit dem Netzwerk oder dem CD-ROM-Laufwerk. Um mehr über mögliche Lösungen für dieses Problem zu erfahren, sehen sie bitte nach in C:\Program Files (x86)\Microsoft Office\Office10\1031\SETUP.HLP.

Error: (07/30/2014 11:18:52 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (06/19/2014 06:34:50 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e


System errors:
=============
Error: (09/09/2014 02:52:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (09/09/2014 02:52:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (09/09/2014 02:52:37 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (09/09/2014 02:52:35 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (09/09/2014 02:52:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (09/09/2014 02:28:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147024891

Error: (09/09/2014 02:28:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147024891

Error: (09/09/2014 02:27:50 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (09/09/2014 02:27:48 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (09/09/2014 02:27:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060


Microsoft Office Sessions:
=========================
Error: (09/09/2014 00:06:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (09/09/2014 11:23:04 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/19/2014 05:40:10 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/08/2014 06:14:34 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/05/2014 06:41:51 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (08/05/2014 06:39:13 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (07/30/2014 00:09:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: lappi-PC)
Description: Microsoft Office XP Professional mit FrontPage{4757E865-0292-4E04-940D-9C51052A5DD6}1603(NULL)(NULL)(NULL)

Error: (07/30/2014 00:09:17 PM) (Source: MsiInstaller) (EventID: 11706) (User: lappi-PC)
Description: Produkt: Microsoft Office XP Professional mit FrontPage -- Fehler 1706. Setup kann die benötigten Dateien nicht finden. Überprüfen Sie Ihre Verbindung mit dem Netzwerk oder dem CD-ROM-Laufwerk. Um mehr über mögliche Lösungen für dieses Problem zu erfahren, sehen sie bitte nach in C:\Program Files (x86)\Microsoft Office\Office10\1031\SETUP.HLP.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/30/2014 11:18:52 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e

Error: (06/19/2014 06:34:50 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x8007007e


==================== Memory info =========================== 

Processor: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-80
Percentage of memory in use: 34%
Total physical RAM: 3838.43 MB
Available physical RAM: 2503.54 MB
Total Pagefile: 7675.04 MB
Available Pagefile: 6139 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:2.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:298.09 GB) (Free:138.52 GB) NTFS
Drive e: (DATA) (Fixed) (Total:144.04 GB) (Free:142.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2C74BADC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 2FB1D8DA)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

09.09.2014, 13:03	#4
M-K-D-B /// TB-Ausbilder	BKA Trojaner, Windows fährt im abgesicherten Modus wieder runter Servus, du sollst keinen Scan, sondern einen Fix im Reparaturmodus ausführen.

BKA Trojaner, Windows fährt im abgesicherten Modus wieder runter

Plagegeister aller Art und deren Bekämpfung: BKA Trojaner, Windows fährt im abgesicherten Modus wieder runter