|
Plagegeister aller Art und deren Bekämpfung: Hokku zip datei geöffnetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.01.2015, 14:54 | #1 |
| Hokku zip datei geöffnet Hallo Icg habe diese zip datei geöffnet weil ich dachte, dass es eine mail von einem Buchkunden war. jetzt habe ich ein problem.. mein pc ist extrem langsam udn die meine words docs haben die endung igmkfe udn und sind somit auch nicht mehr zu öffnen.. Wer kann mir da helfen? |
21.01.2015, 15:01 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Hokku zip datei geöffnet Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
21.01.2015, 15:39 | #3 |
| Hokku zip datei geöffnet [
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015 Ran by Detlef (administrator) on DETLEF-PC on 21-01-2015 14:20:16 Running from C:\Users\Detlef\Desktop Loaded Profiles: Detlef (Available profiles: Detlef) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst- tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (brother Industries Ltd) C:\Windows\System32\BRSVC01A.EXE (brother Industries Ltd) C:\Windows\System32\BRSS01A.EXE () C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe () C:\Windows\vsnpstd.exe (Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Deutsche Telekom AG) C:\Users\Detlef\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared \OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [snpstd] => C:\windows\vsnpstd.exe [339968 2005-10-11] () HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11 -05] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess? HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Run: [GrooveMonitor] => C:\Program Files \Microsoft Office\Office14\GROOVEMN.EXE [945856 2013-03-06] (Microsoft Corporation) HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Run: [MobileConnect.EXE] => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Run: [Skype] => C:\Program Files\Skype \Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\RunOnce: [Adobe Speed Launcher] => 1421846506 HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: G - G:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {23e26850-3b47-11e3-b836- 806e6f6e6963} - F:\StartVMCLite.exe HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {23e26877-3b47-11e3-b836- 1c7508558a7c} - F:\StartVMCLite.exe HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {23e26879-3b47-11e3-b836- 1c7508558a7c} - F:\StartVMCLite.exe HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {56b507d1-9257-11e4-bac8- 1c7508558a7c} - F:\AutoRun.exe HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {56b507e0-9257-11e4-bac8- 1c7508558a7c} - F:\AutoRun.exe HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {56b507f5-9257-11e4-bac8- 1c7508558a7c} - F:\AutoRun.exe HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {94e536d0-1f17-11e1-b18f- 1c7508558a7c} - G:\.\Autorun.exe AUTORUN=1 HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {f6b3ba49-3c1b-11e3-b86b- 1c7508558a7c} - F:\StartVMCLite.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan \3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Detlef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup \Mediencenter.lnk ShortcutTarget: Mediencenter.lnk -> C:\Users\Detlef\AppData\Roaming\Telekom\MediencenterSync \Mediencenter.exe (Deutsche Telekom AG) Startup: C:\Users\Detlef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office \Office14\GROOVE.EXE (Microsoft Corporation) Startup: C:\Users\Detlef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup \ZooskMessenger.lnk ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files\ZooskMessenger\ZooskMessenger.exe (No File) ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\Detlef\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\Detlef\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\Detlef\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users \Detlef\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users \Detlef\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users \Detlef\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users \Detlef\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.) BootExecute: autocheck autochk * sdnclean.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\Software\Microsoft\Internet Explorer \Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\Software\Microsoft\Internet Explorer \Main,Search Page = hxxp://feed.snap.do/? publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=f5792497-8cc1-4b00-959b- 53c2efb2a1f8&searchtype=ds&q={searchTerms} HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\Software\Microsoft\Internet Explorer \Main,Search Bar = hxxp://feed.snap.do/? publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=f5792497-8cc1-4b00-959b- 53c2efb2a1f8&searchtype=ds&q={searchTerms} HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\Software\Microsoft\Internet Explorer \Main,Start Page Redirect Cache = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=f5792497-8cc1 -4b00-959b-53c2efb2a1f8&searchtype=ds&q={searchTerms} SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/? publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=f5792497-8cc1-4b00-959b- 53c2efb2a1f8&searchtype=ds&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q= {searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000 -> DefaultScope {014DB5FA-EAFB- 4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms} &src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000 -> 5AE8CA116EF64D60B04ADA2FE346DA22 URL = hxxp://search.conduit.com/Results.aspx? ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPBA03A731-858F-4639-824C- D98F0A857BBF&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000 -> {006ee092-9658-4fd6-bd8e- a21a348e59f5} URL = hxxp://feed.snap.do/? publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=f5792497-8cc1-4b00-959b- 53c2efb2a1f8&searchtype=ds&q={searchTerms} SearchScopes: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000 -> {014DB5FA-EAFB-4592-A95B- F44D3EE87FA9} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE- SearchBox SearchScopes: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000 -> {0633EE93-D776-472f-A0FF- E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000 -> {6552C7DD-90A4-4387-B795- F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files \Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files \Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C: \Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files \Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files \Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23- windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17- windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23- windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23- windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files \Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars \Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 FireFox: ======== FF ProfilePath: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin \npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin \plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files \Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight \5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default \searchplugins\bingp.xml FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default \searchplugins\conduit-search.xml FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default \searchplugins\icqplugin-1.xml FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default \searchplugins\icqplugin-2.xml FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default \searchplugins\icqplugin-3.xml FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default \searchplugins\icqplugin-4.xml FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default \searchplugins\icqplugin-5.xml FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default \searchplugins\icqplugin.xml FF Extension: DownloadHelper - C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles \94l106t1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06] FF Extension: Session Manager - C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles \94l106t1.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-03-23] FF Extension: Adblock Plus - C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles \94l106t1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D- BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Firefox\Extensions: [{e4f94d1e-2f53- 401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e- 8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885- 681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BRA_Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-08-04] () [File not signed] R2 Brother XP spl Service; C:\windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 KMService; C:\windows\system32\srvany.exe [8192 2011-03-23] () [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation) R2 SAService; C:\windows\system32\SAsrv.exe [445496 2010-03-25] (Conexant Systems, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S2 Wajam Internet Enhancer Service; C:\Program Files\Wajam\Wajam Internet Enhancer \WajamInternetEnhancerService.exe [X] <==== ATTENTION ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation) S2 BrPar; C:\windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed] R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [54800 2010-11-27] () S3 IwUSB; C:\windows\System32\Drivers\IwUSB.sys [20645 2012-01-21] (Thesycon GmbH, Germany) [File not signed] R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation) R1 MpKsl1c5e0a74; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D00FC982- AF32-4593-9865-309557D1A75B}\MpKsl1c5e0a74.sys [39464 2015-01-21] (Microsoft Corporation) S1 MpKsl278c1984; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D00FC982- AF32-4593-9865-309557D1A75B}\MpKsl278c1984.sys [39464 2015-01-21] () [File not signed] S3 snpstd; C:\windows\System32\DRIVERS\snpstd.sys [390784 2006-05-03] () S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed] R3 usbsmi; C:\windows\System32\DRIVERS\SMIksdrv.sys [171776 2009-10-16] (SMI) S3 wdmirror; C:\windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider) R2 WinFLdrv; C:\windows\System32\WinFLdrv.sys [17984 2011-03-23] () S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink) U3 BcmSqlStartupSvc; No ImagePath S3 ewsercd; system32\DRIVERS\ewsercd.sys [X] S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X] U2 IAStorDataMgrSvc; No ImagePath U2 IviRegMgr; No ImagePath S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X] U2 RichVideo; No ImagePath S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] U3 SQLWriter; No ImagePath S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 14:20 - 2015-01-21 14:28 - 00022148 _____ () C:\Users\Detlef\Desktop\FRST.txt 2015-01-21 14:00 - 2015-01-21 14:08 - 00040208 _____ () C:\Users\Detlef\Desktop\Addition.txt 2015-01-21 13:36 - 2015-01-21 14:21 - 00000000 ____D () C:\FRST 2015-01-21 13:35 - 2015-01-21 13:35 - 01118208 _____ (Farbar) C:\Users\Detlef\Desktop\FRST.exe 2015-01-21 13:26 - 2015-01-21 13:26 - 02359350 _____ () C:\Users\Public\Documents\Decrypt All Files igmkvfe.bmp 2015-01-21 13:26 - 2015-01-21 13:26 - 00001512 _____ () C:\Users\Public\Documents\Decrypt All Files igmkvfe.txt 2015-01-21 13:04 - 2015-01-21 13:04 - 00000144 _____ () C:\AtmApInit.TXT.igmkvfe 2015-01-21 12:58 - 2015-01-21 14:02 - 00768198 _____ () C:\ProgramData\lnsmahk.html 2015-01-16 19:32 - 2015-01-21 13:38 - 00000000 ____D () C:\Users\Detlef\Desktop\auto - Kopie 2015-01-16 13:40 - 2015-01-21 12:59 - 00014752 _____ () C:\Users\Detlef\Desktop\LLDetlef engl1a.DOC.igmkvfe 2015-01-16 13:40 - 2015-01-16 13:40 - 00014592 _____ () C:\Users\Detlef\Desktop\LLDetlef engl1.DOC.igmkvfe 2015-01-12 12:39 - 2015-01-16 19:52 - 00081968 _____ () C:\Users\Detlef\Desktop\x5.PDF.igmkvfe 2015-01-12 12:39 - 2015-01-12 12:39 - 00042624 _____ () C:\Users\Detlef\Desktop \e22603_6095465_invoice_2014.12.01.PDF.igmkvfe 2015-01-08 18:02 - 2015-01-08 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-08 18:02 - 2015-01-08 18:02 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-01-02 15:06 - 2015-01-02 15:06 - 00001051 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk 2015-01-02 15:06 - 2015-01-02 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner 2015-01-02 15:06 - 2009-06-22 20:01 - 00112128 _____ (Huawei Technologies Co., Ltd.) C:\windows \system32\Drivers\ewusbnet.sys 2015-01-02 15:06 - 2009-06-22 19:38 - 00102912 _____ (Huawei Technologies Co., Ltd.) C:\windows \system32\Drivers\ewusbmdm.sys 2015-01-02 15:06 - 2009-06-22 19:26 - 00100736 _____ (Huawei Technologies Co., Ltd.) C:\windows \system32\Drivers\ewusbdev.sys 2015-01-02 15:06 - 2007-08-09 04:06 - 00023424 _____ (Huawei Tech. Co., Ltd.) C:\windows \system32\Drivers\ewdcsc.sys 2015-01-02 15:05 - 2015-01-02 15:07 - 00000000 ____D () C:\Program Files\Mobile Partner 2015-01-02 14:03 - 2015-01-21 13:38 - 00000000 ____D () C:\Users\Detlef\Desktop\auto 2014-12-26 09:45 - 2014-12-26 09:45 - 00420357 _____ () C:\Users\Detlef\Desktop\3528 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 14:25 - 2010-11-27 02:34 - 02689195 _____ () C:\windows\WindowsUpdate.log 2015-01-21 14:23 - 2011-01-31 13:12 - 00000000 ____D () C:\Users\Detlef\AppData\Roaming\Skype 2015-01-21 13:58 - 2012-05-14 07:20 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-01-21 13:43 - 2011-04-09 10:48 - 00396800 ___SH () C:\Users\Detlef\Documents\Thumbs.db 2015-01-21 13:41 - 2009-07-14 04:34 - 00009920 ____H () C:\windows\system32\7B296FB0-376B-497e- B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-21 13:41 - 2009-07-14 04:34 - 00009920 ____H () C:\windows\system32\7B296FB0-376B-497e- B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-21 13:39 - 2014-12-10 19:37 - 00000000 ___RD () C:\Users\Detlef\Mediencenter 2015-01-21 13:38 - 2012-08-17 18:39 - 00000000 ___RD () C:\Users\Detlef\Dropbox 2015-01-21 13:35 - 2014-12-02 21:56 - 00000000 ____D () C:\Users\Detlef\Desktop\englisch 2015-01-21 13:35 - 2014-11-02 17:38 - 00000000 ____D () C:\Users\Detlef\Desktop\buch 2015-01-21 13:30 - 2012-08-27 17:53 - 00000000 ____D () C:\Users\Detlef\AppData\Roaming \MyPhoneExplorer 2015-01-21 13:22 - 2012-08-17 18:36 - 00000000 ____D () C:\Users\Detlef\AppData\Roaming\Dropbox 2015-01-21 13:21 - 2011-01-28 12:46 - 00000000 ____D () C:\Users\Detlef\AppData\Local \VirtualStore 2015-01-21 13:03 - 2009-07-14 04:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-01-21 13:03 - 2009-07-14 04:39 - 00185380 _____ () C:\windows\setupact.log 2015-01-21 13:00 - 2013-10-22 18:18 - 00000000 ____D () C:\ProgramData\Vodafone 2015-01-21 12:56 - 2014-01-13 14:54 - 00000000 ____D () C:\ProgramData\InternetUpdater 2015-01-21 12:56 - 2014-01-13 10:35 - 00000000 ____D () C:\ProgramData\lpggpWn3 2015-01-21 12:54 - 2011-03-23 14:23 - 00000000 ____D () C:\Program Files\Winamp 2015-01-21 12:54 - 2011-03-23 13:00 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-21 12:53 - 2013-04-03 12:13 - 00000000 ____D () C:\Program Files\Trillian 2015-01-21 12:53 - 2013-02-21 17:46 - 00000000 ___RD () C:\Program Files\Skype 2015-01-21 12:52 - 2014-01-08 19:15 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center 2015-01-21 12:51 - 2012-05-26 09:51 - 00000000 ____D () C:\Program Files\ICQ6Toolbar 2015-01-21 12:51 - 2012-04-16 05:51 - 00000000 ____D () C:\Program Files\Free WMA to MP3 Converter 2015-01-21 12:51 - 2011-03-23 15:17 - 00000000 ____D () C:\Program Files\Folder Lock 6 2015-01-21 12:51 - 2011-03-23 13:54 - 00000000 ____D () C:\Program Files\IrfanView 2015-01-21 12:50 - 2013-06-05 12:03 - 00000000 ____D () C:\Program Files\ConvertHelper 2015-01-21 12:50 - 2012-04-15 18:25 - 00000000 ____D () C:\Program Files\Audiograbber 2015-01-21 12:50 - 2011-02-07 10:33 - 00000000 ____D () C:\Program Files\Biet-O-Matic 2015-01-21 12:18 - 2011-03-21 11:41 - 00000000 ____D () C:\Users\Detlef\AppData\Local\Deployment 2015-01-21 11:16 - 2014-08-30 07:46 - 00000330 _____ () C:\Users\Detlef\Desktop\QuickSoftware - 1 .appref-ms 2015-01-21 11:16 - 2012-06-07 08:17 - 00000000 ____D () C:\Users\Detlef\AppData\Roaming \Microsoft\Windows\Start Menu\Programs\QuickBooker 2015-01-18 21:56 - 2012-05-14 07:20 - 00701616 _____ (Adobe Systems Incorporated) C:\windows \system32\FlashPlayerApp.exe 2015-01-18 21:56 - 2011-06-21 07:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows \system32\FlashPlayerCPLApp.cpl 2015-01-18 21:22 - 2013-11-11 14:14 - 00954208 _____ () C:\Users\Public\Documents\am- hard.TXT.igmkvfe 2015-01-18 21:17 - 2013-11-11 14:13 - 00955600 _____ () C:\Users\Public\Documents\am- soft.TXT.igmkvfe 2015-01-18 21:13 - 2013-11-11 14:13 - 01183040 _____ () C:\Users\Public\Documents \zvab.TXT.igmkvfe 2015-01-18 21:00 - 2014-06-10 13:24 - 00016576 _____ () C:\Users\Public\Documents\Bücher-Keller- Klein22.DOCX.igmkvfe 2015-01-18 20:57 - 2014-06-10 13:24 - 00018480 _____ () C:\Users\Public\Documents\Bücher- Wohnung22.DOCX.igmkvfe 2015-01-18 20:50 - 2014-06-10 13:24 - 00017712 _____ () C:\Users\Public\Documents\Bücher-Keller- Gross22.DOCX.igmkvfe 2015-01-16 16:20 - 2014-10-29 14:28 - 00000000 ____D () C:\Users\Detlef\AppData\Local\CrashDumps 2015-01-16 12:08 - 2014-01-21 13:29 - 00006176 _____ () C:\Users\Public\Documents\Re- Hik.XLS.igmkvfe 2015-01-16 11:48 - 2014-12-11 17:36 - 00614752 _____ () C:\Users\Public\Documents \zvab1.TXT.igmkvfe 2015-01-16 11:43 - 2014-12-20 20:30 - 00493712 _____ () C:\Users\Public\Documents\am- hard1.TXT.igmkvfe 2015-01-16 11:41 - 2014-12-20 20:30 - 00493616 _____ () C:\Users\Public\Documents\am- soft1.TXT.igmkvfe 2015-01-16 11:35 - 2014-10-29 10:09 - 00645920 _____ () C:\Users\Public\Documents \booklooker1.TXT.igmkvfe 2015-01-16 11:29 - 2013-11-13 13:57 - 00969776 _____ () C:\Users\Public\Documents \booklooker.TXT.igmkvfe 2015-01-12 12:03 - 2014-06-10 13:24 - 00018736 _____ () C:\Users\Public\Documents\Bücher- Wohnung21.DOCX.igmkvfe 2015-01-11 20:29 - 2014-06-10 13:24 - 00017632 _____ () C:\Users\Public\Documents\Bücher-Keller- Klein21.DOCX.igmkvfe 2015-01-11 20:29 - 2014-06-10 13:24 - 00017104 _____ () C:\Users\Public\Documents\Bücher-Keller- Gross21.DOCX.igmkvfe 2015-01-08 19:52 - 2009-07-14 04:52 - 00000000 ____D () C:\windows\system32\FxsTmp 2015-01-08 18:02 - 2011-01-31 13:09 - 00000000 ____D () C:\ProgramData\Skype 2015-01-05 13:08 - 2014-06-10 13:24 - 00015904 _____ () C:\Users\Public\Documents\Bücher-Keller- Gross20.DOCX.igmkvfe 2015-01-05 13:06 - 2014-06-10 13:24 - 00019184 _____ () C:\Users\Public\Documents\Bücher- Wohnung20.DOCX.igmkvfe 2015-01-05 12:57 - 2014-06-10 13:24 - 00015888 _____ () C:\Users\Public\Documents\Bücher-Keller- Klein20.DOCX.igmkvfe 2015-01-04 10:33 - 2010-10-24 11:50 - 01621084 _____ () C:\windows\system32\PerfStringBackup.INI 2015-01-02 20:50 - 2009-07-14 02:37 - 00000000 ____D () C:\windows\system32\NDF 2014-12-29 08:31 - 2014-06-10 13:24 - 00015344 _____ () C:\Users\Public\Documents\Bücher-Keller- Gross19.DOCX.igmkvfe 2014-12-29 08:31 - 2014-06-10 13:24 - 00014624 _____ () C:\Users\Public\Documents\Bücher-Keller- Klein19.DOCX.igmkvfe 2014-12-27 10:48 - 2014-06-10 13:24 - 00017808 _____ () C:\Users\Public\Documents\Bücher- Wohnung19.DOCX.igmkvfe ==================== Files in the root of some directories ======= 2011-04-02 16:59 - 2014-08-09 20:13 - 0011264 _____ () C:\Users\Detlef\AppData\Local\DCBC2A71- 70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-03-23 13:51 - 2011-03-23 13:51 - 0000008 __RSH () C:\ProgramData\5D7FEE4581.sys 2011-03-23 13:51 - 2011-03-23 15:37 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys 2015-01-21 12:58 - 2015-01-21 14:02 - 0768198 _____ () C:\ProgramData\lnsmahk.html ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2331039535-1181406896-2111325039-1000\$2b7307da3415a37f89d2f64300b1dc7a ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$2b7307da3415a37f89d2f64300b1dc7a Some content of TEMP: ==================== C:\Users\Detlef\AppData\Local\Temp\6157999.exe C:\Users\Detlef\AppData\Local\Temp\DataCard_Setup.exe C:\Users\Detlef\AppData\Local\Temp\jptfujf.exe C:\Users\Detlef\AppData\Local\Temp\mfc80.dll C:\Users\Detlef\AppData\Local\Temp\mfc80u.dll C:\Users\Detlef\AppData\Local\Temp\mfcm80.dll C:\Users\Detlef\AppData\Local\Temp\mfcm80u.dll C:\Users\Detlef\AppData\Local\Temp\msvcm80.dll C:\Users\Detlef\AppData\Local\Temp\msvcp80.dll C:\Users\Detlef\AppData\Local\Temp\msvcr80.dll C:\Users\Detlef\AppData\Local\Temp\nsd8AC8.exe C:\Users\Detlef\AppData\Local\Temp\nst3EF7.exe C:\Users\Detlef\AppData\Local\Temp\nst4168.exe C:\Users\Detlef\AppData\Local\Temp\nsxF5C7.exe C:\Users\Detlef\AppData\Local\Temp\nsy8838.exe C:\Users\Detlef\AppData\Local\Temp\OSU.exe C:\Users\Detlef\AppData\Local\Temp\ResetDevice.exe C:\Users\Detlef\AppData\Local\Temp\SkypeSetup.exe C:\Users\Detlef\AppData\Local\Temp\Uninstaller.exe C:\Users\Detlef\AppData\Local\Temp\UninstallerGer.dll C:\Users\Detlef\AppData\Local\Temp\WtgDriverInstallX.dll C:\Users\Detlef\AppData\Local\Temp\WTGXMLUtil.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-16 16:38 ==================== End Of Log ============================ --- --- --- ] [/Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015 Ran by Detlef at 2015-01-21 14:30:02 Running from C:\Users\Detlef\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ) Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG) Biet-O-Matic v2.14.8 (HKLM\...\Biet-O-Matic v2.14.8) (Version: Biet-O-Matic v2.14.8 - BOM Development Team) BRAdmin Professional 3 (HKLM\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.40.0006 - Brother) Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - ) Brother HL-5140 (HKLM\...\Brother HL-5140) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant) ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) Corel WinDVD 2010 (HKLM\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.4.251 - Corel Inc.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Dropbox) (Version: 1.4.12 - Dropbox, Inc.) ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen) Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.3.1.5 - Lenovo) FileParade Bundle (HKLM\...\FileParade Bundle) (Version: 1.0.0.0 - FileParade Bundle) <==== ATTENTION! FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time) Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.) Free YouTube Download version 3.1.22.319 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.22.319 - DVDVideoSoft Ltd.) GMX SMS-Manager (HKLM\...\com.unitedinternet.ums.sms-mms-manager) (Version: 3.3 - 1 und 1 Internet AG) GMX SMS-Manager (Version: 3.3 - 1 und 1 Internet AG) Hidden High-Definition Video Playback 10 (Version: 7.0.11000.25.1 - Nero AG) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Internet Updater (HKLM\...\InternetUpdater) (Version: 2.6.52 - Parallel Lines Development, LLC) <==== ATTENTION IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.28 - Irfan Skiljan) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle) Java(TM) 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017F0}) (Version: 6.0.170 - Sun Microsystems, Inc.) Java(TM) 6 Update 23 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle) JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - ) Lenovo EasyCamera (HKLM\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.8.0.12 - Silicon Motion) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Mediencenter 3.9.1055.64 (HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Access Runtime (German) 2007 (HKLM\...\{90120000-001C-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619- BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07 -8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6- DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F- 21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06- BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9- 88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.145.0 - Microsoft Corporation) Mobile Partner (HKLM\...\Mobile Partner) (Version: 11.302.06.03.545 - Huawei Technologies Co.,Ltd) Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger) Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG) Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11600 - Nero AG) Personal ID (HKLM\...\{F722209B-739E-40E4-ADB1-062BD032A0DB}) (Version: 1.8.5 - coolspot AG) QuickSoftware - 1 (HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\f1b2d6b2417860b8) (Version: 1.1.14.4 - QuickBooker) QuickSoftware (HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\f1b1726c417a164f) (Version: 1.1.0.5 - QuickBooker) Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA- 06DFEED9A476}) (Version: 7.18.322.2010 - Realtek) Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011- 0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Snagit 12 (HKLM\...\{affb3620-aa43-4653-a34d-19705d4e9f07}) (Version: 12.1.1.1747 - TechSmith Corporation) Snagit 12 (Version: 12.1.1 - TechSmith Corporation) Hidden SpeedCommander 13 (HKLM\...\SpeedCommander 13) (Version: 13.30.6200 - SWE Sven Ritter) TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.14484 - TeamViewer) Trillian (HKLM\...\Trillian) (Version: - Cerulean Studios, LLC) Updater (HKLM\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION VLC media player 1.1.5 (HKLM\...\VLC media player) (Version: 1.1.5 - VideoLAN) Winamp (HKLM\...\Winamp) (Version: 5.58 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D- 5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07- EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{005A3A96-BAC4- 4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Detlef\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{039B2CA5-3B41- 4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{11CD84A3-A5E0- 43CB-B3DF-92C623C0E0E0}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{22756E83-8EBC- 4B16-A4A4-0AA73BE497B1}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{268502F4-815D- 4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Telekom \MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{2A235D7E-0358- 40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{42481700-CF3C- 4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{528EE335-5034- 4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Telekom \MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{56C94D6A-7370- 4885-A04E-7097FE4E0BAF}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{6066ADF0-9EB0- 43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Telekom \MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{672CDBDB-0270- 4EB9-83EC-216377522D21}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{77BC4082-DB5F- 439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Telekom \MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{841BFDCA-6A9A- 4EBC-BC7E-194AA5DCE428}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{94330D48-EB33- 49BB-87F1-AD8C0352C010}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{D0D38C6E-BF64- 4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{F7CA46A9-ACA5- 45A6-967E-03FF5A282D01}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{FB314ED9-A251- 47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Dropbox\bin \DropboxExt.14.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{FB314EDA-A251- 47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Dropbox\bin \DropboxExt.14.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{FB314EDB-A251- 47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Dropbox\bin \DropboxExt.14.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{FB314EDC-A251- 47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Dropbox\bin \DropboxExt.14.dll (Dropbox, Inc.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0647F01A-4C83-4EC4-88F8-D7429C48415A} - System32\Tasks \Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center \ipoint.exe [2013-09-04] (Microsoft Corporation) Task: {0AD9F653-C766-483A-A9C3-E73115086DCD} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe Task: {0B8E33BA-7174-4D80-85A5-4F66CB6B3D2B} - System32\Tasks\cewvuae => C:\Users\Detlef\AppData \Local\Temp\jptfujf.exe [2015-01-21] () <==== ATTENTION Task: {126F1A39-D466-4B99-8218-AD1EA1292593} - System32\Tasks\{48BAE31D-34D3-4EFA-9386- 8DCA5297DF7A} => Firefox.exe hxxp://www.skype.com/go/downloading? source=lightinstaller&ver=5.1.0.104.259&LastError=12002 Task: {24D1EAE2-E0F1-4683-9C1C-4F98288E6028} - System32\Tasks\{81633AD6-2EEF-49DB-9B77- 5B073711CF0A} => pcalua.exe -a "C:\Users\Detlef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IJRD2N5\SpyHunter-Installer.exe" -d C:\Users\Detlef\Desktop Task: {2770E9C3-2D2C-42E6-9DFC-8B5E43853CFE} - System32\Tasks\{02AEEFF2-2CF3-4F94-B473- AADB735D3FAB} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall? page=tsProgressBar Task: {3F7E3D86-5752-4978-BE34-3C4663BD7BAD} - System32\Tasks \Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-09-04] (Microsoft) Task: {5021DFB7-6C07-44C0-927F-8A0A3E9248AF} - System32\Tasks\{6B54D27E-3BF0-46DB-A242- DC36F611144B} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall? page=tsProgressBar Task: {662AFEC8-4B9F-4EC8-9220-6836C63BC3FE} - System32\Tasks\OfficeSoftwareProtectionPlatform \SvcRestartTask => Sc.exe start osppsvc Task: {69B57400-D34E-423C-B3DD-C3085EEF8BF1} - System32\Tasks\AutoPico Daily Restart => C: \Program Files\KMSpico\AutoPico.exe [2014-03-02] () Task: {759E1509-912E-4A42-8AEB-1CD8471BF64F} - System32\Tasks\Adobe Flash Player Updater => C: \windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-18] (Adobe Systems Incorporated) Task: {933B3E73-2CEE-4C5F-BABD-D35AA51C72C3} - System32\Tasks\TechSmith Updater => C:\Program Files\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-05-30] (TechSmith Corporation) Task: {C1A94141-1EF2-4D74-9FE4-2906FB82A20E} - System32\Tasks\{CD21D1D2-1473-4BB2-B346- 3D2D5D9DFA26} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall? page=tsPlugin&installinfo=google-toolbar:notoffered;notincluded,google- chrome:notoffered;disabled Task: {CC2113E6-B439-42CC-972A-03EC20D32F8B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft Corporation) Task: {D1FB4358-F26E-4936-B579-422C0783C2D3} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft Corporation) Task: {DEB9D4AF-E448-4171-BC6A-8D36144E67CA} - System32\Tasks\{B4532431-5C67-4575-8E5A- DCAC9B5FC9E6} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain Task: {E1E2153A-7355-4960-9E45-C3AFA85F9580} - System32\Tasks\{CBFB3CFD-7ECE-4673-8570- 5A000A556DA3} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {FCFEC977-6078-453B-8017-FCC8CA15C592} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-09-04] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash \FlashPlayerUpdateService.exe Task: C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files \Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files \Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: C:\windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe ==================== Loaded Modules (whitelisted) ============= 2011-02-01 11:25 - 2010-08-04 16:38 - 00065536 _____ () C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe 2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2011-03-23 13:00 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll 2005-10-11 18:54 - 2005-10-11 18:54 - 00339968 _____ () C:\Windows\vsnpstd.exe 2010-11-27 02:46 - 2008-12-20 03:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll 2010-11-27 02:46 - 2008-12-20 03:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll 2010-11-27 02:44 - 2009-06-05 16:36 - 00217088 _____ () C:\windows\system32\370prop.ax 2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf 2013-02-14 13:46 - 2013-02-14 13:46 - 01044048 _____ () C:\Program Files\Microsoft Office \Office14\ADDINS\UmOutlookAddin.dll 2013-12-20 21:44 - 2013-12-20 21:44 - 03559024 _____ () C:\Program Files\Mozilla Firefox \mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk => C:\windows\pss\Launcher.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Detlef^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GMX-SMS-Manager.lnk => C:\windows\pss\GMX-SMS-Manager.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader \Reader_sl.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: Facebook Update => "C:\Users\Detlef\AppData\Local\Facebook\Update \FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: Personal ID => C:\COOLSP~1\PERSON~1\PID.EXE MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" MSCONFIG\startupreg: VeriFaceManager => C:\Program Files\Lenovo\VeriFace\PManage.exe ========================= Accounts: ========================== Administrator (S-1-5-21-2331039535-1181406896-2111325039-500 - Administrator - Disabled) Detlef (S-1-5-21-2331039535-1181406896-2111325039-1000 - Administrator - Enabled) => C:\Users \Detlef Gast (S-1-5-21-2331039535-1181406896-2111325039-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2331039535-1181406896-2111325039-1004 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: MpKsl278c1984 Description: MpKsl278c1984 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: MpKsl278c1984 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (01/21/2015 01:07:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: GROOVE.EXE, Version: 14.0.7011.1000, Zeitstempel: 0x513a7cc7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb10c6 Ausnahmecode: 0xe0000002 Fehleroffset: 0x0000812f ID des fehlerhaften Prozesses: 0x1638 Startzeit der fehlerhaften Anwendung: 0xGROOVE.EXE0 Pfad der fehlerhaften Anwendung: GROOVE.EXE1 Pfad des fehlerhaften Moduls: GROOVE.EXE2 Berichtskennung: GROOVE.EXE3 Error: (01/21/2015 01:07:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: GROOVE.EXE, Version: 14.0.7011.1000, Zeitstempel: 0x513a7cc7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb10c6 Ausnahmecode: 0xe0000002 Fehleroffset: 0x0000812f ID des fehlerhaften Prozesses: 0xb08 Startzeit der fehlerhaften Anwendung: 0xGROOVE.EXE0 Pfad der fehlerhaften Anwendung: GROOVE.EXE1 Pfad des fehlerhaften Moduls: GROOVE.EXE2 Berichtskennung: GROOVE.EXE3 Error: (01/21/2015 11:10:03 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT-AUTORITÄT) Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\. Error: (01/21/2015 11:10:03 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT-AUTORITÄT) Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\. Error: (01/18/2015 08:30:55 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: Die Sicherung war nicht erfolgreich. Fehler: "Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)" Error: (01/16/2015 04:44:05 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common- Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type=" win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common- Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type=" win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/16/2015 04:42:11 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32", version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32", version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/16/2015 04:19:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Mediencenter.exe, Version: 3.9.1055.64, Zeitstempel: 0x5399a4be Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x040de2f3 ID des fehlerhaften Prozesses: 0xe20 Startzeit der fehlerhaften Anwendung: 0xMediencenter.exe0 Pfad der fehlerhaften Anwendung: Mediencenter.exe1 Pfad des fehlerhaften Moduls: Mediencenter.exe2 Berichtskennung: Mediencenter.exe3 Error: (01/16/2015 04:19:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Mediencenter.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException Stapel: bei DTAG.Mediencenter.Client.Services.NamedPipes.NpServiceHost.Close() bei DTAG.Mediencenter.Client.Controller.ApplicationController.CloseInterProcessCommunication() bei DTAG.Mediencenter.Client.Controller.ApplicationController.GoOffline(Boolean) bei DTAG.Mediencenter.Client.Controller.ApplicationController +<>c__DisplayClassb.<HandleConnectionError>b__a() bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.DispatcherOperation.InvokeImpl() bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) bei System.Threading.ExecutionContext.runTryCode(System.Object) bei System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object) bei System.Threading.ExecutionContext.RunInternal (System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) bei System.Windows.Threading.DispatcherOperation.Invoke() bei System.Windows.Threading.Dispatcher.ProcessQueue() bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.InvokeImpl (System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) bei System.Windows.Application.RunDispatcher(System.Object) bei System.Windows.Application.RunInternal(System.Windows.Window) bei System.Windows.Application.Run(System.Windows.Window) bei DTAG.Mediencenter.Client.App.Main() Error: (01/16/2015 01:12:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm OUTLOOK.EXE, Version 14.0.7109.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter- Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 15a8 Startzeit: 01d0317cc2ddbb24 Endzeit: 120 Anwendungspfad: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE Berichts-ID: 5c832353-9d81-11e4-aa40-1c7508558a7c System errors: ============= Error: (01/21/2015 02:25:02 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.191.2526.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.4.0304.00 Quellpfad: 4.4.0304.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (01/21/2015 02:01:49 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623} Error: (01/21/2015 02:01:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/21/2015 02:01:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Volumeschattenkopie erreicht. Error: (01/21/2015 01:04:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Wajam Internet Enhancer Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/21/2015 01:04:00 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143. Error: (01/21/2015 01:03:53 PM) (Source: Service Control Manager) (EventID: 7002) (User: ) Description: Der Dienst "BrPar" ist von der Gruppe "Parallel arbitrator" abhängig. Kein Mitglied dieser Gruppe wurde jedoch gestartet. Error: (01/21/2015 11:18:03 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.191.2526.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.4.0304.00 Quellpfad: 4.4.0304.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (01/21/2015 11:08:34 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (01/21/2015 11:07:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Wajam Internet Enhancer Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (01/21/2015 01:07:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: GROOVE.EXE14.0.7011.1000513a7cc7KERNELBASE.dll6.1.7601.1822951fb10c6e00000020000812f163801d0357b3 36051f7C:\Program Files\Microsoft Office\Office14\GROOVE.EXEC:\windows \system32\KERNELBASE.dll74ff0eb9-a16e-11e4-aacb-1c7508558a7c Error: (01/21/2015 01:07:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: GROOVE.EXE14.0.7011.1000513a7cc7KERNELBASE.dll6.1.7601.1822951fb10c6e00000020000812fb0801d0357add 630658C:\Program Files\Microsoft Office\Office14\GROOVE.EXEC:\windows \system32\KERNELBASE.dll62bcf920-a16e-11e4-aacb-1c7508558a7c Error: (01/21/2015 11:10:03 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT-AUTORITÄT) Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (01/21/2015 11:10:03 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT-AUTORITÄT) Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (01/18/2015 08:30:55 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005) Error: (01/16/2015 04:44:05 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common- Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type=" win32",version="6.0.0.0"c:\program files\silicon motion\lenovo easycamera\driverpackage \DPInst64.exe Error: (01/16/2015 04:42:11 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v ersion="9.0.21022.8"c:\program files\Trillian\plugins\ingame\ingame_64.exe Error: (01/16/2015 04:19:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Mediencenter.exe3.9.1055.645399a4beunknown0.0.0.000000000c0000005040de2f3e2001d0317c97843010C: \Users\Detlef\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exeunknown7402e87d-9d9b-11e4 -aa40-1c7508558a7c Error: (01/16/2015 04:19:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Mediencenter.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException Stapel: bei DTAG.Mediencenter.Client.Services.NamedPipes.NpServiceHost.Close() bei DTAG.Mediencenter.Client.Controller.ApplicationController.CloseInterProcessCommunication() bei DTAG.Mediencenter.Client.Controller.ApplicationController.GoOffline(Boolean) bei DTAG.Mediencenter.Client.Controller.ApplicationController +<>c__DisplayClassb.<HandleConnectionError>b__a() bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.DispatcherOperation.InvokeImpl() bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) bei System.Threading.ExecutionContext.runTryCode(System.Object) bei System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object) bei System.Threading.ExecutionContext.RunInternal (System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) bei System.Windows.Threading.DispatcherOperation.Invoke() bei System.Windows.Threading.Dispatcher.ProcessQueue() bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.InvokeImpl (System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) bei System.Windows.Application.RunDispatcher(System.Object) bei System.Windows.Application.RunInternal(System.Windows.Window) bei System.Windows.Application.Run(System.Windows.Window) bei DTAG.Mediencenter.Client.App.Main() Error: (01/16/2015 01:12:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: OUTLOOK.EXE14.0.7109.500015a801d0317cc2ddbb24120C:\Program Files\Microsoft Office \Office14\OUTLOOK.EXE5c832353-9d81-11e4-aa40-1c7508558a7c ==================== Memory info =========================== Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz Percentage of memory in use: 86% Total physical RAM: 2008.6 MB Available physical RAM: 263.41 MB Total Pagefile: 4017.2 MB Available Pagefile: 2129.88 MB Total Virtual: 2047.88 MB Available Virtual: 1893.56 MB ==================== Drives ================================ Drive c: (Festplatte) (Fixed) (Total:187.69 GB) (Free:92.83 GB) NTFS Drive d: (Treiber) (Fixed) (Total:30.25 GB) (Free:0 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EFB06E8E) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=187.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=30.2 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12) ==================== End Of Log ============================] Vielen Dank für deine Antwort.. ich hoffe, das war richtig so? |
21.01.2015, 16:02 | #4 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Hokku zip datei geöffnet Mit den Logs so kann ich nicht viel anfangen. Du musst sie richtig posten, in CODE-Tags und ohne Zeilenumbrüche. Aber ich sehe schon zwei Punkte: 1. Illegale Software - MS Office Zitat:
Lesestoff: Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems. 2. Rootkitbefall Zitat:
Lesestoff: Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Hokku zip datei geöffnet |
datei, endung, extrem, extrem langsam, langsam, mail, nicht mehr, zip datei, zip datei geöffnet |