| |
| |||||||
Log-Analyse und Auswertung: ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.09.2014, 20:25
| #1 |
| |  ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen Hallo liebe Helfer, Mein Avira schlägt in letzter Zeit oft Alarm und ist offenbar nicht fähig, die Viren restlos zu entfernen. Zuletzt kam ein Sicherheitshinweis als ich eine Datei im Papierkorb gesucht habe und zwar war 'adware/MultiPlug.aob' am werkeln... Jetzt muss ich endlich mal dagegen angehen und da ich nicht alles noch schlimmer machen will, hoffe ich auf Unterstützung. Vielen lieben Dank schon vorab, Sundaytrain FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Administrator (administrator) on WOLF-PC on 17-09-2014 19:59:46
Running from C:\Users\Administrator\Downloads
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1298320 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [] => [X]
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {1f43a026-c5cd-11e0-9ce5-6cf049925e28} - G:\pushinst.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {82215e22-5988-11e0-8644-000272cc02ec} - K:\Setupx.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {cc98b0c0-f97a-11e0-be2d-806e6f6e6963} - G:\Autorun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=088A001C4AF2CBDF&affID=121563&tt=150713_9127&tsp=4944
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x60FB5BE5B7ECCB01
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=088A001C4AF2CBDF&affID=121563&tt=150713_9127&tsp=4944
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=088A001C4AF2CBDF&affID=121563&tt=150713_9127&tsp=4944
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=088A001C4AF2CBDF&affID=121563&tt=150713_9127&tsp=4944
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
BHO: CescrtHlpr Object -> {64182481-4F71-486b-A045-B233BD0DA8FC} -> C:\Program Files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: DealPly -> {EF7BD87A-8024-11E2-F316-F3E56188709B} -> C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
Toolbar: HKLM - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\user.js
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\ADelta.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
FF Extension: Avira Browser Safety - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\abs@avira.com [2014-09-05]
FF Extension: PCCSyncFactory - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{D7919E63-B02E-1153-9E5F-DE727E353E59} [2013-12-19]
FF Extension: Heart Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\ffextension@weheartit.com.xpi [2012-05-10]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10]
FF HKLM\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF Extension: Java String Helper - C:\Users\Administrator\AppData\Roaming\11001 [2012-03-19]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-04-17]
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox\firefox.exe
Chrome:
=======
CHR CustomProfile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DealPly Shopping) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma [2013-05-01]
CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoods.crx [2010-11-24]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-18] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-04] (Avira GmbH)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-17 19:59 - 2014-09-17 20:01 - 00013240 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:59 - 2014-09-17 19:59 - 00000000 ____D () C:\FRST
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-13 16:42 - 2014-09-13 16:43 - 00000000 ____D () C:\Program Files\Firefox
2014-09-11 14:37 - 2014-09-11 14:57 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 15:22 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 15:22 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 15:22 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 15:22 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 15:22 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 15:22 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 15:22 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 15:22 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 15:22 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 15:22 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 15:22 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 15:22 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 15:22 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 15:22 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 15:22 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:22 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 15:22 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 15:22 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 15:22 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 15:22 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 15:22 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 15:22 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 15:22 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 15:22 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 12:30 - 2014-09-09 14:12 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-05 11:43 - 2014-09-08 14:11 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-08-29 19:04 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 19:04 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-23 20:53 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 20:53 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 20:53 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 20:53 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 20:52 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 20:52 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 14:42 - 2014-08-20 14:42 - 00144288 _____ () C:\Windows\Minidump\082014-20872-01.dmp
2014-08-19 16:35 - 2014-09-05 20:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-17 20:01 - 2014-09-17 19:59 - 00013240 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:59 - 2014-09-17 19:59 - 00000000 ____D () C:\FRST
2014-09-17 19:58 - 2011-03-27 20:07 - 01065720 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-09-17 19:55 - 2011-10-23 20:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-09-17 19:54 - 2011-08-13 18:42 - 00162981 _____ () C:\Windows\setupact.log
2014-09-17 19:54 - 2011-08-13 18:41 - 00219088 _____ () C:\Windows\PFRO.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:53 - 2011-03-28 21:25 - 00000000 ____D () C:\Users\Administrator
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:43 - 2011-08-14 15:23 - 00000000 ____D () C:\Program Files\Electronic Arts
2014-09-17 19:42 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-17 19:34 - 2011-08-14 15:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-17 18:55 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 18:55 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 15:42 - 2012-04-27 13:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-14 17:11 - 2011-03-27 20:35 - 01480602 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 16:43 - 2014-09-13 16:42 - 00000000 ____D () C:\Program Files\Firefox
2014-09-11 16:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 14:57 - 2014-09-11 14:37 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:35 - 2013-08-08 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 14:34 - 2014-08-10 16:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 14:34 - 2013-04-05 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-11 14:34 - 2013-04-05 14:35 - 00000000 ____D () C:\Program Files\Avira
2014-09-10 15:23 - 2011-03-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 15:06 - 2011-03-28 23:09 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 14:12 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-09 12:30 - 2014-06-16 12:39 - 00000000 ____D () C:\Users\Administrator\Desktop\gut
2014-09-08 14:11 - 2014-09-05 11:43 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-09-05 20:09 - 2014-08-19 16:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-08-30 14:09 - 2009-07-14 06:33 - 02416904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 13:56 - 2012-06-21 16:41 - 00000000 ____D () C:\Windows\system32\Adobe
2014-08-24 14:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-23 03:46 - 2014-08-29 19:04 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-29 19:04 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 14:42 - 2014-08-20 14:42 - 00144288 _____ () C:\Windows\Minidump\082014-20872-01.dmp
2014-08-20 14:42 - 2011-08-13 19:18 - 211386464 _____ () C:\Windows\MEMORY.DMP
2014-08-20 14:42 - 2011-08-13 19:18 - 00000000 ____D () C:\Windows\Minidump
2014-08-19 19:39 - 2014-09-10 15:22 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 17:11 - 2011-10-12 11:54 - 00000000 ____D () C:\Users\Administrator\.gimp-2.6
2014-08-19 00:26 - 2014-09-10 15:22 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-10 15:22 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 23:57 - 2014-09-10 15:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 23:57 - 2014-09-10 15:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 23:46 - 2014-09-10 15:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 23:45 - 2014-09-10 15:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 23:44 - 2014-09-10 15:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-10 15:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-10 15:22 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 23:39 - 2014-09-10 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 23:39 - 2014-09-10 15:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 23:37 - 2014-09-10 15:22 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 23:36 - 2014-09-10 15:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 23:36 - 2014-09-10 15:22 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:35 - 2014-09-10 15:22 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 23:30 - 2014-09-10 15:22 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:27 - 2014-09-10 15:22 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:22 - 2014-09-10 15:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-10 15:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:17 - 2014-09-10 15:22 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:17 - 2014-09-10 15:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:15 - 2014-09-10 15:22 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:09 - 2014-09-10 15:22 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:08 - 2014-09-10 15:22 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:08 - 2014-09-10 15:22 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:07 - 2014-09-10 15:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 22:46 - 2014-09-10 15:22 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 22:38 - 2014-09-10 15:22 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:36 - 2014-09-10 15:22 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 16:04 - 2012-05-10 15:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-18 16:04 - 2012-05-08 15:18 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-18 16:04 - 2011-08-30 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.pad
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\SIntf16.dll
C:\Users\Administrator\AppData\Local\Temp\SIntf32.dll
C:\Users\Administrator\AppData\Local\Temp\SIntfNT.dll
C:\Users\Administrator\AppData\Local\Temp\tbuTor.dll
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-08-27 22:41
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Administrator at 2014-09-17 20:01:43
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
µTorrent (HKLM\...\uTorrent) (Version: 3.0.0 - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Audacity 2.0 (HKLM\...\Audacity_is1) (Version: - Audacity Team)
Avira (HKLM\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Black and White (HKLM\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version: - )
CameraHelperMsi (Version: 13.25.1010.0 - Logitech) Hidden
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
DealPly (remove only) (HKLM\...\DealPly) (Version: 4.8.6.1 - DealPly Technologies Ltd.) <==== ATTENTION
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.26.89 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facemoods Toolbar (HKLM\...\facemoods) (Version: - ) <==== ATTENTION
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Free YouTube to MP3 Converter version 3.12.5.628 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.5.628 - DVDVideoSoft Ltd.)
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.240 - Oracle)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech QuickCam-Treiberpaket (HKLM\...\lvdrivers_11.70) (Version: - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.20.1166.0 - Logitech) Hidden
LWS Gallery (Version: 13.20.1166.0 - Logitech) Hidden
LWS Help_main (Version: 13.25.1016.0 - Logitech) Hidden
LWS Launcher (Version: 13.20.1166.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.20.1176.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.25.1010.0 - Logitech) Hidden
LWS Twitter (Version: 13.20.1166.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.10.1216.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.25.1005.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.20.1168.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.20.1166.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.20.1166.0 - Logitech) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{0D951CBB-743C-4A68-8C85-97D89A61D7CD}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (Designelemente) (HKLM\...\MX.{F6BDBD1F-A884-4510-8A9F-3DC6E5EBDFE3}) (Version: 1.0.1.0 - MAGIX AG)
MAGIX Video deluxe 2014 (Designelemente) (Version: 1.0.1.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (Fotoshow Maker-Stile 1) (HKLM\...\MX.{828C109A-ABB5-4CDD-9927-349C79FC35DD}) (Version: 1.0.1.0 - MAGIX AG)
MAGIX Video deluxe 2014 (Fotoshow Maker-Stile 1) (Version: 1.0.1.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (HKLM\...\MX.{EA62B22F-AB0A-406B-80A9-8036D3CE3446}) (Version: 13.0.0.30 - MAGIX AG)
MAGIX Video deluxe 2014 (Titeleffekte) (HKLM\...\MX.{31D344AE-405C-44CC-B24B-BD080192F0BA}) (Version: 1.0.1.0 - MAGIX AG)
MAGIX Video deluxe 2014 (Titeleffekte) (Version: 1.0.1.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (Überblendeffekte) (HKLM\...\MX.{441E384F-5B2B-4DF6-936D-27B384B7AC60}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 (Überblendeffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (Version: 13.0.0.30 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 1.61.0.1400 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.61.0.1400 - Malwarebytes Corporation)
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.1 (HKLM\...\Microsoft IntelliType Pro 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{be6b5eee-db60-4e8a-a1de-fa0fa06bc4ac}) (Version: - Nero AG)
Nero Burning ROM Help (Version: 9.4.17.100 - Nero AG) Hidden
Nero BurnRights (Version: 3.4.11.100 - Nero AG) Hidden
Nero BurnRights Help (Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.11.100 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (Version: 9.4.17.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.11.100 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Recode Help (Version: 4.4.31.0 - Nero AG) Hidden
Nero Rescue Agent (Version: 2.4.12.100 - Nero AG) Hidden
Nero RescueAgent Help (Version: 2.4.4.100 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.12.100 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.12.100 - Nero AG) Hidden
Nero WaveEditor (Version: 5.4.32.0 - Nero AG) Hidden
NeroBurningROM (Version: 9.4.17.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.17.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 3.0.0.290 - Nokia)
Nokia Ovi Suite (Version: 3.0.0.290 - Nokia) Hidden
NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Ovi Desktop Sync Engine (Version: 1.5.161.0 - Nokia) Hidden
OviMPlatform (Version: 2.7.44.2 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}) (Version: 10.50.2.0 - Nokia)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF-XChange Viewer (HKLM\...\{615666DE-89E6-4F92-8ED8-E424CC8E5B09}) (Version: 2.5.194.0 - Tracker Software Products Ltd.)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QCad 2.0.5.0 (remove only) (HKLM\...\QCad 2.0.5.0) (Version: - )
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version: - Atari)
Shape Collage (HKLM\...\ShapeCollage) (Version: - Shape Collage Inc.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TuneUp Utilities 2011 (HKLM\...\TuneUp Utilities 2011) (Version: 10.0.4000.60 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4000.60 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4000.60 - TuneUp Software) Hidden
UltraStar 0.8.4 (HKLM\...\UltraStar) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
Update_DealPly (HKCU\...\DealPly) (Version: - ) <==== ATTENTION
VLC media player 1.1.8 (HKLM\...\VLC media player) (Version: 1.1.8 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-08-2014 23:47:46 Windows Update
23-08-2014 18:52:32 Windows Update
29-08-2014 17:30:11 Windows Update
10-09-2014 13:05:32 Windows Update
17-09-2014 17:35:02 Removed Windows Movie Maker 2.6
17-09-2014 17:40:25 Removed Apple Software Update
17-09-2014 17:41:59 Removed Apple Application Support
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2011-04-07 18:24 - 00000028 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {193D2E29-A9DA-4E30-8494-97DBF4247539} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29] (Sun Microsystems, Inc.)
Task: {7A52D4F8-4236-4D15-A7F2-B2D991126706} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION
Task: {9D8E7FD1-54BA-4211-8B29-88EAC8278914} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-18] (Adobe Systems Incorporated)
Task: {C583A00C-AC53-40F4-A48B-A16F758DA53A} - System32\Tasks\DealPly => C:\Users\Administrator\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-05-26] () <==== ATTENTION
Task: {D479A751-1B52-4A7B-B4B4-205419F1D2BC} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2011-03-16] (TuneUp Software)
Task: {FF063F40-C7D7-4DCF-9C51-8CA420EB7A67} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-04-13] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\ADMINI~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job => C:\Program Files\TuneUp Utilities 2011\OneClick.exe
==================== Loaded Modules (whitelisted) =============
2014-08-27 14:57 - 2014-08-27 14:57 - 00245760 _____ () C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-10 16:53 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Administrator\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-13 16:43 - 2014-09-13 16:43 - 03716720 _____ () C:\Program Files\Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LWS => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/17/2014 07:32:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.1.5367, Zeitstempel: 0x541259dd
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.1.5367, Zeitstempel: 0x541225d2
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xc58
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/05/2014 10:00:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Photoshop.exe, Version: 11.0.0.0, Zeitstempel: 0x48d3882e
Name des fehlerhaften Moduls: Save for Web.8BE, Version: 11.0.0.12, Zeitstempel: 0x48d3928d
Ausnahmecode: 0x40000015
Fehleroffset: 0x00337ed5
ID des fehlerhaften Prozesses: 0x7e8
Startzeit der fehlerhaften Anwendung: 0xPhotoshop.exe0
Pfad der fehlerhaften Anwendung: Photoshop.exe1
Pfad des fehlerhaften Moduls: Photoshop.exe2
Berichtskennung: Photoshop.exe3
Error: (08/31/2014 00:06:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x6e8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (08/26/2014 06:59:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000795b
ID des fehlerhaften Prozesses: 0xfd0
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3
Error: (08/10/2014 11:34:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Photoshop.exe, Version: 11.0.0.0, Zeitstempel: 0x48d3882e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6e617254
ID des fehlerhaften Prozesses: 0xd34
Startzeit der fehlerhaften Anwendung: 0xPhotoshop.exe0
Pfad der fehlerhaften Anwendung: Photoshop.exe1
Pfad des fehlerhaften Moduls: Photoshop.exe2
Berichtskennung: Photoshop.exe3
Error: (08/04/2014 05:58:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 12.0.6600.1000, Zeitstempel: 0x4de50c7e
Name des fehlerhaften Moduls: mso.dll, Version: 12.0.6683.5000, Zeitstempel: 0x51e6dff3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00c59c78
ID des fehlerhaften Prozesses: 0x380
Startzeit der fehlerhaften Anwendung: 0xPOWERPNT.EXE0
Pfad der fehlerhaften Anwendung: POWERPNT.EXE1
Pfad des fehlerhaften Moduls: POWERPNT.EXE2
Berichtskennung: POWERPNT.EXE3
Error: (07/20/2014 11:16:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Videodeluxe.exe, Version 13.0.0.30 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 16a0
Startzeit: 01cfa45fbd9db740
Endzeit: 49
Anwendungspfad: C:\Program Files\MAGIX\Video deluxe 2014\Videodeluxe.exe
Berichts-ID:
Error: (07/20/2014 11:15:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Videodeluxe.exe, Version 13.0.0.30 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 6ec
Startzeit: 01cfa45f78ece080
Endzeit: 41
Anwendungspfad: C:\Program Files\MAGIX\Video deluxe 2014\Videodeluxe.exe
Berichts-ID:
Error: (07/20/2014 11:13:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Videodeluxe.exe, Version 13.0.0.30 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1660
Startzeit: 01cfa45c2c569520
Endzeit: 0
Anwendungspfad: C:\Program Files\MAGIX\Video deluxe 2014\Videodeluxe.exe
Berichts-ID:
Error: (07/20/2014 09:13:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Videodeluxe.exe, Version 13.0.0.30 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 91c
Startzeit: 01cfa44e44592920
Endzeit: 63
Anwendungspfad: C:\Program Files\MAGIX\Video deluxe 2014\Videodeluxe.exe
Berichts-ID:
System errors:
=============
Error: (09/17/2014 07:54:44 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (09/17/2014 07:54:44 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/17/2014 06:50:09 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (09/17/2014 06:50:09 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/17/2014 09:17:20 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (09/17/2014 09:17:20 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/15/2014 03:42:45 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (09/15/2014 03:42:45 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/14/2014 04:44:53 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (09/14/2014 02:11:48 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Microsoft Office Sessions:
=========================
Error: (02/11/2013 06:17:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2370 seconds with 120 seconds of active time. This session ended with a crash.
Error: (01/19/2013 04:50:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/20/2012 10:10:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 225 seconds with 60 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of memory in use: 63%
Total physical RAM: 2046.55 MB
Available physical RAM: 749.72 MB
Total Pagefile: 4093.11 MB
Available Pagefile: 2385.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.39 GB) (Free:45.13 GB) NTFS
Drive d: (Meins) (Fixed) (Total:146.48 GB) (Free:127.18 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:147.4 GB) (Free:146.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F505F505)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=147.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter MER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-17 21:07:20
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST3500320AS rev.SD15 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kxldqpob.sys
---- System - GMER 2.1 ----
SSDT 8EAE8DE6 ZwCreateSection
SSDT 8EAE8DF0 ZwRequestWaitReplyPort
SSDT 8EAE8DEB ZwSetContextThread
SSDT 8EAE8DF5 ZwSetSecurityObject
SSDT 8EAE8DFA ZwSystemDebugControl
SSDT 8EAE8D87 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83287A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832C1212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 832C858C 4 Bytes [E6, 8D, AE, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 832C88E8 4 Bytes [F0, 8D, AE, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 832C892C 4 Bytes [EB, 8D, AE, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 832C89A8 4 Bytes [F5, 8D, AE, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 832C89FC 4 Bytes [FA, 8D, AE, 8E]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F43A000, 0x2D5378, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtCreateFile 777A5608 5 Bytes JMP 6450FC70 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtFlushBuffersFile 777A5998 5 Bytes JMP 644E942A C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtQueryFullAttributesFile 777A6028 5 Bytes JMP 6450F6B0 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtReadFile 777A62F8 5 Bytes JMP 644E9520 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtReadFileScatter 777A6308 5 Bytes JMP 64E099A8 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtWriteFile 777A6AA8 5 Bytes JMP 64510710 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtWriteFileGather 777A6AB8 5 Bytes JMP 64E09957 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!LdrLoadDll 777C22AE 5 Bytes JMP 69C31F42 C:\Program Files\Firefox\mozglue.dll
.text C:\Program Files\Firefox\firefox.exe[2644] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 76CA94E6 7 Bytes JMP 64D77A24 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] kernel32.dll!QueryPerformanceCounter + 13 76CAC4E5 7 Bytes JMP 64D77A47 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] kernel32.dll!LoadAppInitDlls + 355 76CAF5A6 7 Bytes JMP 6450C5A7 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] USER32.dll!GetWindowInfo 76DE4B5E 5 Bytes JMP 64C7ECB7 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] GDI32.dll!GetViewportOrgEx + 26C 76F6884B 7 Bytes JMP 64D779A5 C:\Program Files\Firefox\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272cc02ec
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272cc02ec@fce55754c1cd 0xB5 0x85 0x77 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x63 0x08 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF1 0x98 0x8F 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x77 0x9F 0xB1 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272cc02ec (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272cc02ec@fce55754c1cd 0xB5 0x85 0x77 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x63 0x08 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF1 0x98 0x8F 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x77 0x9F 0xB1 0xEB ...
---- EOF - GMER 2.1 ----
Avirafunde Code:
ATTFilter Exportierte Ereignisse:
10.09.2014 15:21 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Administrator\AppData\Local\Temp\7725.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Rotbrow.K' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
10.09.2014 15:21 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Administrator\AppData\Local\Temp\5B97.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BProtector.C' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
17.09.2014 19:20 [Echtzeit-Scanner] Malware gefunden
In der Datei
'D:\$RECYCLE.BIN\S-1-5-21-1242816113-3164560358-2465018757-500\$RG5OXV4.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/MultiPlug.aob' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
10.09.2014 15:09 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Administrator\AppData\Local\Temp\5B97.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BProtector.C' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
10.09.2014 15:09 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Administrator\AppData\Local\Temp\7725.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Rotbrow.K' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
10.09.2014 15:21 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Administrator\AppData\Local\Temp\5B97.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BProtector.C' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
|
Baum-Darstellung