| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Videos ruckeln besonders in FirefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.10.2014, 17:52
| #1 |
 |  Videos ruckeln besonders in Firefox Hallo, mein Problem dreht sich um den Browser Mozilla Firefox (Version 33.0). Das Problem tritt insbesondere bei HD-Videos (aber auch bei niedrigerer Qualität) auf, obwohl die Bandbreite dafür locker ausreichen sollte. Die Aktualität der Flashplayer von Adobe und Shockwave habe ich bereits überprüft. Auch der Treiber meiner Grafikkarte ist aktuell. Wenn ich Chrome benutze, ist es etwas besser, aber nicht perfekt flüssig. Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:41 on 15/10/2014
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2014 01
Ran by Phillip (administrator) on 11RP11 on 15-10-2014 17:49:34
Running from C:\Users\Phillip\Downloads
Loaded Profiles: Phillip & postgres (Available profiles: Phillip & postgres)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\DCService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\ATK Hotkey\HControlUser.exe
(LG Electronics) C:\Program Files\LG Software\LG OSD\HotKey.exe
() C:\Program Files\ATK Hotkey\LOSD.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-07] (Synaptics, Inc.)
HKLM\...\Run: [HControlUser] => C:\Program Files\ATK Hotkey\HcontrolUser.exe [98304 2008-07-03] ()
HKLM\...\Run: [KeybdUtility] => C:\Program Files\LG Software\LG OSD\HotKey.exe [3026944 2008-09-04] (LG Electronics)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-21] (Intel Corporation)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [69120 2009-04-11] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2804224 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000\...\MountPoints2: {3504ca00-f1a7-11e1-97bc-001e101f1f81} - G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000\...\MountPoints2: {7c390bdf-c705-11dd-b618-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000\...\MountPoints2: {ae1da385-f146-11e1-9079-00216b0c781a} - G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000\...\MountPoints2: {ae1da3b9-f146-11e1-9079-001e101f21c1} - G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1000\...\MountPoints2: {cbba1285-f04b-11e1-96d5-abf4987c20bb} - E:\SETUP.EXE /AUTORUN
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007\...\MountPoints2: {3504ca00-f1a7-11e1-97bc-001e101f1f81} - G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007\...\MountPoints2: {7c390bdf-c705-11dd-b618-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007\...\MountPoints2: {ae1da385-f146-11e1-9079-00216b0c781a} - G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007\...\MountPoints2: {ae1da3b9-f146-11e1-9079-001e101f21c1} - G:\AutoRun.exe
HKU\S-1-5-21-2386538302-2959011679-2223950070-1007\...\MountPoints2: {cbba1285-f04b-11e1-96d5-abf4987c20bb} - E:\SETUP.EXE /AUTORUN
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lge.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///F:/viewer/ORDcmViewCD.ocx
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default
FF NetworkProxy: "http", "195.142.122.62"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 -> C:\PROGRA~1\MOZILL~1\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Phillip\AppData\Roaming\mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: DownloadHelper - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\admin@proxy-listen.de.xpi [2013-10-04]
FF Extension: Hide My Ass Proxy Extension - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\extension@hidemyass.com.xpi [2013-07-29]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-06-11]
FF Extension: LeechBlock - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-05-28]
FF Extension: Adblock Plus - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-21]
FF Extension: DownThemAll! - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-11-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-22]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\q1t70ujh.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-14]
CHR Extension: (Google Drive) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-14]
CHR Extension: (Google-Suche) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-14]
CHR Extension: (Avira Browser Safety) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-14]
CHR Extension: (AdBlock) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-25]
CHR Extension: (Google Mail) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-14]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed]
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395200 2012-10-19] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [779200 2012-10-15] (Eastman Kodak Company)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R2 postgresql-8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2012-12-10] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2012-12-10] (Cisco Systems, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-26] (Avira Operations GmbH & Co. KG)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-08-12] (REALiX(tm))
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-19] (ITE Tech. Inc. )
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-15] (ATK0100)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed]
S3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [124928 2008-08-07] (Realtek Corporation ) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1807744 2008-04-02] ()
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [646392 2012-08-27] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [81192 2008-03-26] (CyberLink)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIV.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-15 17:49 - 2014-10-15 17:53 - 00019529 _____ () C:\Users\Phillip\Downloads\FRST.txt
2014-10-15 17:49 - 2014-10-15 17:50 - 00000000 ____D () C:\FRST
2014-10-15 17:48 - 2014-10-15 17:48 - 01054912 _____ (Adobe) C:\Users\Phillip\Downloads\install_flashplayer15x32au_mssd_aaa_aih.exe
2014-10-15 17:42 - 2014-10-15 17:42 - 00380416 _____ () C:\Users\Phillip\Downloads\Gmer-19357.exe
2014-10-15 17:41 - 2014-10-15 17:42 - 01102336 _____ (Farbar) C:\Users\Phillip\Downloads\FRST.exe
2014-10-15 17:41 - 2014-10-15 17:42 - 00000636 _____ () C:\Users\Phillip\Downloads\defogger_disable.log
2014-10-15 17:41 - 2014-10-15 17:42 - 00000020 _____ () C:\Users\Phillip\defogger_reenable
2014-10-15 15:06 - 2014-10-15 15:12 - 00050477 _____ () C:\Users\Phillip\Downloads\Defogger.exe
2014-10-15 14:50 - 2014-10-15 14:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-13 16:48 - 2014-10-13 16:48 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-30 10:46 - 2014-09-30 10:46 - 00000000 ____D () C:\Users\Phillip\AppData\Local\PDF24
2014-09-30 10:45 - 2014-09-30 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-09-30 10:45 - 2014-09-30 10:45 - 00000000 ____D () C:\Program Files\PDF24
2014-09-30 10:42 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-09-30 10:42 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-09-30 10:41 - 2014-09-30 10:41 - 01101648 _____ () C:\Users\Phillip\Downloads\PDF24 Creator - CHIP-Installer.exe
2014-09-30 10:39 - 2014-09-30 10:39 - 00000000 ____D () C:\Users\Phillip\.pdfsam
2014-09-26 08:25 - 2014-09-09 08:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 18:07 - 2014-09-23 18:43 - 176351867 _____ () C:\Users\Phillip\Downloads\Rulez.NOF.21st.Sept.2014.HDTV Ptt (1).mp4
2014-09-23 18:00 - 2014-09-23 18:01 - 05007509 _____ () C:\Users\Phillip\Downloads\Rulez.NOF.21st.Sept.2014.HDTV.720p (1)-001.mkv.part
2014-09-20 12:59 - 2014-09-20 12:59 - 06958304 _____ (Microsoft Corporation) C:\Users\Phillip\Downloads\Silverlight.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-15 17:51 - 2008-12-10 23:49 - 01502136 _____ () C:\Windows\WindowsUpdate.log
2014-10-15 17:45 - 2014-02-25 11:05 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-15 17:44 - 2012-10-16 10:05 - 00000000 ____D () C:\ProgramData\Kodak
2014-10-15 17:44 - 2012-08-21 23:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-15 17:44 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 17:44 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-15 17:44 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-15 17:43 - 2008-10-08 20:25 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-10-15 17:43 - 2006-11-02 15:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-15 17:41 - 2009-03-06 20:15 - 00000000 ____D () C:\Users\Phillip
2014-10-15 16:56 - 2014-02-25 11:05 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-15 16:44 - 2012-08-22 20:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-14 22:45 - 2012-08-23 11:33 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\HoldemManager
2014-10-14 20:49 - 2012-08-22 20:52 - 00000000 ____D () C:\Users\Phillip\AppData\Local\PokerStars.EU
2014-10-14 16:02 - 2013-08-05 23:39 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 16:01 - 2013-08-05 23:39 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-13 18:25 - 2012-08-23 15:00 - 00001786 ____H () C:\Users\Phillip\Documents\Default.rdp
2014-10-13 16:48 - 2014-08-08 10:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-13 16:48 - 2013-08-05 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-13 16:48 - 2013-08-05 23:39 - 00000000 ____D () C:\Program Files\Avira
2014-10-01 21:06 - 2013-10-11 17:14 - 00000885 _____ () C:\Users\Public\Desktop\HoldemManager2.lnk
2014-10-01 21:06 - 2013-05-10 08:13 - 00000000 ____D () C:\Program Files\Holdem Manager 2
2014-09-26 08:45 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-09-26 08:29 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-23 22:24 - 2012-10-15 19:34 - 00000000 ____D () C:\Users\Phillip\WWE
2014-09-23 21:44 - 2012-08-22 20:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-23 21:44 - 2012-08-22 20:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 10:49 - 2012-08-23 16:45 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-18 11:16 - 2013-02-20 21:02 - 00000000 ____D () C:\Users\Phillip\Documents\Nathi
2014-09-16 13:25 - 2012-11-25 20:30 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\Phillip\AppData\Local\Temp\avgnt.exe
C:\Users\Phillip\AppData\Local\Temp\_unps.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-15 17:51
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-10-2014 01
Ran by Phillip at 2014-10-15 17:54:57
Running from C:\Users\Phillip\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
888poker (HKLM\...\888poker) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Elements (HKLM\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Adobe SVG Viewer (HKLM\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (Version: 5.7.5.30 - Your Company Name) Hidden
aioscnnr (Version: 7.6.11.10 - Your Company Name) Hidden
AMD Catalyst Install Manager (HKLM\...\{0BD03BF6-3A66-EC7F-5155-28A8D6C69409}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0042 - ATK)
Avira (HKLM\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Betfair.com Poker (HKCU\...\Betfair.com Poker) (Version: - )
Betfred Poker (HKCU\...\Betfred Poker) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2008.0724.2347.40767 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2008.1114.1449.26465 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0724.2347.40767 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0724.2347.40767 - ATI) Hidden
CCC Help Turkish (Version: 2008.0724.2346.40767 - ATI) Hidden
ccc-utility (Version: 2008.0724.2347.40767 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
center (Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Cliqz (HKLM\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
concept/design onlineTV 8 (HKLM\...\{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1) (Version: 8.5.0.2 - concept/design GmbH)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1622 - CyberLink Corp.)
CyberLink YouCam (Version: 1.0.1622 - CyberLink Corp.) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
essentials (Version: 6.0.14.0 - Eastman Kodak Company) Hidden
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - )
Flatcast Viewer Plugin 5.3.0.784 (HKLM\...\Flatcast Viewer 5.3_is1) (Version: - 1 mal 1 Software GmbH)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.46.0.WIN.FullTilt.COM - )
Full Tilt Poker.Eu (HKLM\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 4.55.4.WIN.FullTilt.EU - )
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Holdem Manager (HKLM\...\HoldemManager) (Version: - )
Holdem Manager 2 (HKLM\...\HoldemManager2) (Version: - )
HWiNFO32 Version 4.42 (HKLM\...\HWiNFO32_is1) (Version: 4.42 - Martin Malík - REALiX)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
ITECIR (HKLM\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.13.0.114 - LogMeIn, Inc.)
Kodak AIO Printer (Version: 7.0.3.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.6.12.20 - Eastman Kodak Company)
Leawo PowerPoint to Video Pro version 2.6.0.68 (HKLM\...\{5D5CB188-F9B1-4103-B2AD-07FB33068377}_is1) (Version: 2.6.0.68 - Leawo Software)
LG Fan Mode Tile for Windows Mobility Center (HKLM\...\LGFanModeTile) (Version: - LG Electronics Inc.)
LG Intelligent Update (HKLM\...\{81717D01-32F6-449C-85E1-41AFD678E545}) (Version: 4.00.0923.01 - LG Electronics Inc.)
LG Magnifier (HKLM\...\{9672CAD2-F310-42D6-9147-E4A4B6ED8395}) (Version: 8.05.1901 - LG Electronics Inc.)
LG OSD (HKLM\...\{13831772-9872-4E79-B39B-5E38D7855512}) (Version: 8.06.2715 - LG Electronics Inc.)
LG Smart Indicator (HKLM\...\{DABD50F7-0001-0002-0003-ABCDEFABCDEF}) (Version: 1.28.0711 - LG Electronics Inc.)
LG Smart Recovery (HKLM\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1824 - LG Electronics Inc)
LG Smart Recovery (Version: 5.5.1824 - LG Electronics Inc) Hidden
LG TouchPad Tile for Windows Mobility Center (HKLM\...\LGTouchPadTile) (Version: - LG Electronics Inc.)
LG Webcam (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.41000.3 - Sonix)
Media Player Codec Pack 4.2.2 (HKLM\...\Media Player - Codec Pack) (Version: 4.2.2 - Media Player Codec Pack)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ Run Time Lib Setup (HKLM\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 11.302.09.04.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 33.0 (x86 de) (HKLM\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NetSpeedMonitor 2.5.4.0 x86 (HKLM\...\{86501894-E722-4385-A792-B7C2F28FAE7B}) (Version: 2.5.4.0 - Florian Gilles)
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
partypoker (HKLM\...\PartyPoker) (Version: - PartyGaming)
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.1 - Frank Heindörfer, Philip Chinery)
Poker at bet365 (HKCU\...\bet365poker) (Version: - )
PokerRanger (HKLM\...\PokerRanger) (Version: - Michael A. Voelkel)
PokerStars.eu (HKLM\...\PokerStars.eu) (Version: - PokerStars.eu)
PokerStars.fr (HKLM\...\PokerStars.fr) (Version: - PokerStars.fr)
PokerStrategy.com Equilab - Omaha (HKLM\...\{38B746B5-44EE-4FFA-B987-581B5CF4A097}) (Version: 1.1.4.0 - PokerStrategy.com)
PokerStrategy.com Equilab (HKLM\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PokerStrategy.com SideKick (HKCU\...\5e9f0bf649a2dbca) (Version: 2.0.1217.2 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
PowerXpressHybrid (Version: 1.00.0000 - ATI) Hidden
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.01 - )
Skins (Version: 2008.0724.2347.40767 - ATI) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Sun ODF Plugin for Microsoft Office 3.2 (HKLM\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
TableScan Turbo v1.0.11 (HKLM\...\{0B82D6C6-9ECC-4710-97AB-5CE482E72852}_is1) (Version: - Zandry, LLC)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Vista Codec Package (HKLM\...\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}) (Version: 6.4.3 - Shark007)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
William Hill Poker (HKCU\...\William Hill Poker) (Version: - )
Wondershare Dr.Fone für iOS(Build 4.6.0.29) (HKLM\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.6.0.29 - Wondershare Software Co.,Ltd.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Phillip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{0F130AC8-CDF1-4DAA-AA9B-7B4083F49EA4}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\PtContainerUI.dll (Playtech Ltd)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{492042A2-4432-44A1-9A39-85B2D3C0119E}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\PtContainerUI.dll (Playtech Ltd)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{876FA801-2B5E-4201-9E6B-2EF2C05A5C6B}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\WidgetbarAPI.dll (Playtech)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{89425F5E-A2BD-44CD-9E4F-F1498522F0E5}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\WidgetbarManagerUI.dll (Playtech Ltd)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{9642D229-6B2E-49FD-B6BB-43B37BD97B6B}\localserver32 -> C:\Poker\Betfair.com Poker\widgetbar\PTContainerOle.exe (Playtech Ltd)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{F6F8856F-374D-4397-BB1C-80AB57E60529}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\WidgetbarAPI.dll (Playtech)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\postgres.11RP11\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{0F130AC8-CDF1-4DAA-AA9B-7B4083F49EA4}\InprocServer32 -> C:\Poker\Titan Poker\widgetbar\PtContainerUI.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{492042A2-4432-44A1-9A39-85B2D3C0119E}\InprocServer32 -> C:\Poker\Titan Poker\widgetbar\PtContainerUI.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{876FA801-2B5E-4201-9E6B-2EF2C05A5C6B}\InprocServer32 -> C:\Poker\Titan Poker\widgetbar\WidgetbarAPI.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{89425F5E-A2BD-44CD-9E4F-F1498522F0E5}\InprocServer32 -> C:\Poker\Titan Poker\widgetbar\WidgetbarManagerUI.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{9642D229-6B2E-49FD-B6BB-43B37BD97B6B}\localserver32 -> "C:\Poker\Titan Poker\widgetbar\PTContainerOle.exe" No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{F6F8856F-374D-4397-BB1C-80AB57E60529}\InprocServer32 -> C:\Poker\Titan Poker\widgetbar\WidgetbarAPI.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\postgres.11RP11\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\postgres.11RP11\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\postgres.11RP11\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File
CustomCLSID: HKU\S-1-5-21-2386538302-2959011679-2223950070-1007_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\postgres.11RP11\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll No File
==================== Restore Points =========================
04-10-2014 21:14:25 Windows Update
05-10-2014 20:45:07 Windows Update
07-10-2014 06:09:19 Windows Update
08-10-2014 17:09:40 Windows Update
09-10-2014 17:32:39 Windows Update
10-10-2014 09:43:13 Windows Update
12-10-2014 19:32:50 Windows Update
13-10-2014 08:46:39 Windows Update
14-10-2014 07:56:35 Windows Update
14-10-2014 16:51:05 Windows Update
15-10-2014 13:39:33 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1404ADD9-F9AB-4906-A809-EBB4452DEAA0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-25] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {259D57CF-929C-4A59-AB24-28BFBBC1DFA5} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {35913868-F007-4AF5-A3B4-F9E31E85FA0D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {70E48828-A9A6-466D-B106-2A026A4895C0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {AB8176F3-D715-4B43-8F81-B499C340B52A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-25] (Google Inc.)
Task: {CAC3A15F-B4AB-48E8-AE36-AC54C21D27E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-10-08 20:48 - 2007-10-03 06:53 - 00094208 ____R () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2012-10-31 20:43 - 2010-06-17 22:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-08 13:48 - 2010-05-08 13:48 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2012-08-26 14:59 - 2012-08-16 12:25 - 00172032 _____ () C:\Program Files\PostgreSQL\8.4\bin\LIBPQ.dll
2012-08-26 15:03 - 2012-08-14 15:19 - 00999424 _____ () C:\Program Files\PostgreSQL\8.4\bin\libxml2.dll
2008-10-08 20:39 - 2008-07-25 09:09 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-09-02 11:16 - 2013-09-02 11:16 - 00043520 _____ () C:\Windows\system32\CmdLineExt03.dll
2008-10-08 20:48 - 2004-05-28 03:13 - 00057344 ____R () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-10-08 20:48 - 2008-07-16 20:06 - 00086016 _____ () C:\Program Files\ATK Hotkey\PegaVol.dll
2008-10-08 20:48 - 2007-11-05 04:48 - 00106496 ____R () C:\Program Files\ATK Hotkey\MsgTranAgt.exe
2008-10-08 20:48 - 2008-07-03 11:29 - 00098304 ____R () C:\Program Files\ATK Hotkey\HControlUser.exe
2008-10-08 20:48 - 2007-11-13 00:41 - 00106496 ____R () C:\Program Files\ATK Hotkey\MsgTran.dll
2008-10-08 20:48 - 2008-06-06 00:40 - 00102400 ____R () C:\Program Files\ATK Hotkey\LOSD.exe
2008-10-08 20:48 - 2008-05-10 03:55 - 02555904 ____R () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-10-08 20:48 - 2008-01-23 19:51 - 00151552 ____R () C:\Program Files\ATK Hotkey\WDC.exe
2014-10-15 14:50 - 2014-10-15 14:50 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk => C:\Windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Phillip^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Phillip^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools => "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LG Intelligent Update => "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
MSCONFIG\startupreg: LG Magnifier => %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe
MSCONFIG\startupreg: LGSR => "%ProgramFiles%\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" "%ProgramFiles%\LG Software\LG Smart Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
========================= Accounts: ==========================
Administrator (S-1-5-21-2386538302-2959011679-2223950070-500 - Administrator - Disabled)
Gast (S-1-5-21-2386538302-2959011679-2223950070-501 - Limited - Disabled)
Phillip (S-1-5-21-2386538302-2959011679-2223950070-1000 - Administrator - Enabled) => C:\Users\Phillip
postgres (S-1-5-21-2386538302-2959011679-2223950070-1007 - Limited - Enabled) => C:\Users\postgres.11RP11
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/15/2014 05:45:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/15/2014 05:42:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung SynTPEnh.exe, Version 10.1.8.0, Zeitstempel 0x47589ff7, fehlerhaftes Modul SynTPEnh.exe, Version 10.1.8.0, Zeitstempel 0x47589ff7, Ausnahmecode 0xc0000409, Fehleroffset 0x0002975c,
Prozess-ID 0xf0c, Anwendungsstartzeit SynTPEnh.exe0.
Error: (10/15/2014 02:35:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 07:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 03:57:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 03:44:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 09:53:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 04:43:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 00:35:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 10:43:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (10/15/2014 05:58:33 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (10/15/2014 05:45:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent
Error: (10/15/2014 02:51:17 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (10/15/2014 02:42:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update
Error: (10/15/2014 02:39:18 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: Das Gerät "HL-DT-ST DVDRAM GSA-T50N" (IDE\CdRomHL-DT-ST_DVDRAM_GSA-T50N________________RR07____\4&2d86b49&0&0.1.0) wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error: (10/15/2014 02:35:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent
Error: (10/14/2014 07:33:00 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (10/14/2014 06:52:43 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Der Transaktionsressourcen-Manager auf Volume "\Device\HarddiskVolumeShadowCopy14" konnte aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (10/14/2014 03:59:34 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (10/14/2014 03:44:32 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Microsoft Office Sessions:
=========================
Error: (10/15/2014 05:45:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/15/2014 05:42:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SynTPEnh.exe10.1.8.047589ff7SynTPEnh.exe10.1.8.047589ff7c00004090002975cf0c01cfe8745f6d0c8c
Error: (10/15/2014 02:35:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 07:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 03:57:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 03:44:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/14/2014 09:53:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 04:43:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 00:35:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/13/2014 10:43:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 50%
Total physical RAM: 3070.22 MB
Available physical RAM: 1528.09 MB
Total Pagefile: 8974.47 MB
Available Pagefile: 6067.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.91 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:150 GB) (Free:10.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:139.59 GB) (Free:22.18 GB) NTFS
Drive f: (MANAGER12) (CDROM) (Total:6.87 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 0E790E78)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=12)
Partition 2: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=139.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=7 GB) - (Type=12)
==================== End Of Log ============================
GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-15 18:43:20
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000 298,09GB
Running: bgxczuhg.exe; Driver: C:\Users\Phillip\AppData\Local\Temp\pwldqpoc.sys
---- System - GMER 2.1 ----
SSDT 8D681D5E ZwCreateSection
SSDT 8D681D68 ZwRequestWaitReplyPort
SSDT 8D681D63 ZwSetContextThread
SSDT 8D681D6D ZwSetSecurityObject
SSDT 8D681D72 ZwSystemDebugControl
SSDT 8D681CFF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 830FC860 4 Bytes [5E, 1D, 68, 8D]
.text ntkrnlpa.exe!KeSetEvent + 539 830FCB84 4 Bytes [68, 1D, 68, 8D]
.text ntkrnlpa.exe!KeSetEvent + 56D 830FCBB8 4 Bytes [63, 1D, 68, 8D]
.text ntkrnlpa.exe!KeSetEvent + 5D1 830FCC1C 4 Bytes [6D, 1D, 68, 8D]
.text ntkrnlpa.exe!KeSetEvent + 619 830FCC64 4 Bytes [72, 1D, 68, 8D]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FC0D000, 0x20F676, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015affd3028
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x96 0x6F 0x7A 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB2 0xE5 0xA1 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x46 0x83 0x0C 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015affd3028 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x96 0x6F 0x7A 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB2 0xE5 0xA1 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x46 0x83 0x0C 0x7F ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Ich hoffe, ich habe nichts vergessen und verbleibe mit den besten Grüßen. |
| Themen zu Videos ruckeln besonders in Firefox |
| 4d36e972-e325-11ce-bfc1-08002be10318, adware, antivir, antivirus, avira, bonjour, branding, browser, converter, cpu, desktop, device driver, dvdvideosoft ltd., firefox, flash player, home, mozilla, mp3, problem, realtek, registry, required, rundll, scan, security, shark, software, svchost.exe, system, windows |
Baum-Darstellung