| |
| |||||||
Log-Analyse und Auswertung: W7: Worm.Brontok u.v.m. lässt sich nicht entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.01.2015, 16:02
| #1 |
 |  W7: Worm.Brontok u.v.m. lässt sich nicht entfernen Ich erhielt einen hofflungslos verseuchten Stick eines Bekannten. In jedem Unterverzeichnis befand sich eine EXE-Datei mit dem Namen des Verzeichnis und dem Verzeichnis-Symbol. Das verhieß nichts Gutes. Dann mal seinen Rechner mit MBAM gescannt (ich weiß, ich hinke der Zeit hinterher), das prompt Brontok und diverse andere ungebetene Gäste gefunden hat. Alles mit MBAM gelöscht, neu gestartet, und schwupps waren sie auch schon wieder da. Die zwei Logs sind am Ende beigefügt. Nun, dann muss ich damit jemanden beauftragen, dessen letzte erfolgreiche Bereinigung nicht schon so lange zurückliegt. Et Voilà: FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Ibrahim (administrator) on IBRAHIM-PC on 22-01-2015 15:21:34
Running from C:\Users\Ibrahim\Downloads
Loaded Profiles: Ibrahim (Available profiles: Ibrahim)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Test1234\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Test1234\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Test1234\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273544 2011-05-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-02] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\MountPoints2: {9ad89c64-2cd2-11e3-a830-001f3c568fb7} - E:\AutoRun.exe
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\MountPoints2: {bcdbc4be-3610-11df-8f7d-001f3c568fb7} - E:\Autoplay.exe -auto
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\MountPoints2: {c9330f59-d3c4-11e0-bb4b-001d72c7bb38} - H:\setup.exe AUTORUN=1
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\MountPoints2: {eff93f32-360d-11df-85b3-001f3c568fb7} - F:\LaunchU3.exe -a
Startup: C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
ShortcutTarget: simplicheck.lnk -> C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 - (No Name) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1572363
SearchScopes: HKLM-x32 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1572363
SearchScopes: HKU\.DEFAULT -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> {94F94651-8923-44EA-B578-6B70988C545C} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=f259e586000000000000001f3c568fb7&r=927
SearchScopes: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1572363
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\.DEFAULT -> No Name - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - No File
Toolbar: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> No Name - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - No File
Toolbar: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF user.js: detected! => C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\user.js
FF Extension: Adblock Plus - C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-23]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-19]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-01-22]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2013-12-26]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=f259e586000000000000001f3c568fb7"
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-10]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-05-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-11-11]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-19]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-11-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-03-23] (Macrovision Europe Ltd.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Test1234\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Test1234\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-25] (Symantec Corporation) [File not signed]
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20131231.001\IDSvia64.sys [521944 2013-12-24] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20131231.023\ENG64.SYS [126040 2014-01-01] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20131231.023\EX64.SYS [2099288 2014-01-01] (Symantec Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R3 NSCIRDA; C:\Windows\System32\DRIVERS\nscirda.sys [36352 2008-01-19] (National Semiconductor Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-23] (Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-25] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 tifm21; C:\Windows\System32\drivers\tifm21.sys [314880 2010-03-23] (Texas Instruments)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-22 15:21 - 2015-01-22 15:23 - 00021735 _____ () C:\Users\Ibrahim\Downloads\FRST.txt
2015-01-22 15:21 - 2015-01-22 15:21 - 00000000 ____D () C:\FRST
2015-01-22 15:19 - 2015-01-22 15:20 - 00380416 _____ () C:\Users\Ibrahim\Downloads\7u8ie45g.exe
2015-01-22 15:19 - 2015-01-22 15:19 - 02126848 _____ (Farbar) C:\Users\Ibrahim\Downloads\FRST64.exe
2015-01-22 15:15 - 2015-01-22 15:15 - 00050477 _____ () C:\Users\Ibrahim\Downloads\Defogger.exe
2015-01-22 15:15 - 2015-01-22 15:15 - 00000654 _____ () C:\Users\Ibrahim\Downloads\defogger_disable.log
2015-01-22 15:15 - 2015-01-22 15:15 - 00000216 _____ () C:\Users\Ibrahim\defogger_reenable
2015-01-22 12:40 - 2015-01-22 12:40 - 00000987 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-22 12:10 - 2015-01-22 12:10 - 00029879 _____ () C:\Users\Ibrahim\AppData\Local\Bron.tok.A12.em.bin
2015-01-22 12:02 - 2015-01-22 15:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 12:01 - 2015-01-22 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Test1234
2015-01-22 12:01 - 2015-01-22 12:40 - 00000000 ____D () C:\Program Files (x86)\Test1234
2015-01-22 12:01 - 2015-01-22 12:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-22 12:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-22 12:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-22 12:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-22 11:59 - 2015-01-22 12:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Ibrahim\Downloads\test1234.exe
2015-01-21 18:23 - 2015-01-21 18:23 - 00001293 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2015-01-21 18:23 - 2015-01-21 18:23 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2015-01-21 18:23 - 2015-01-21 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2015-01-21 18:23 - 2015-01-21 18:23 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications
2015-01-21 18:21 - 2015-01-21 18:21 - 00105808 _____ (GreenTree Applications SRL) C:\Users\Ibrahim\Desktop\YTDSetup.exe
2015-01-17 12:04 - 2015-01-17 12:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 18:27 - 2015-01-22 11:53 - 00000000 ____D () C:\Users\Ibrahim\Desktop\Jenseits
2015-01-16 17:12 - 2015-01-16 18:22 - 00006770 _____ () C:\Users\Ibrahim\Desktop\Adressen Daueraufträge.txt
2015-01-16 16:23 - 2015-01-16 16:23 - 00003198 _____ () C:\Windows\System32\Tasks\{7AB8221E-2701-4B62-90E2-E89DB6A52E6B}
2015-01-14 18:07 - 2015-01-14 20:04 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\SendBlaster2
2015-01-14 18:07 - 2015-01-14 18:07 - 00000000 ____D () C:\Users\Ibrahim\Documents\SendBlaster2
2015-01-14 18:05 - 2015-01-14 18:05 - 00002795 _____ () C:\Users\Ibrahim\Desktop\Microsoft Office Outlook 2007.lnk
2015-01-14 18:05 - 2015-01-14 18:05 - 00001914 _____ () C:\Users\Public\Desktop\SendBlaster.lnk
2015-01-14 18:05 - 2015-01-14 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SendBlaster 2
2015-01-14 18:04 - 2015-01-14 18:05 - 00000000 ____D () C:\Program Files (x86)\SendBlaster
2015-01-14 17:36 - 2015-01-14 18:00 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\SendBlaster3
2015-01-14 17:36 - 2015-01-14 17:36 - 00000000 ____D () C:\Users\Ibrahim\Documents\SendBlaster3
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-22 15:22 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 15:22 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 15:21 - 2010-03-23 00:42 - 02096731 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 15:17 - 2014-12-12 01:32 - 00000384 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Ibrahim.job
2015-01-22 15:17 - 2013-06-06 16:27 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-01-22 15:17 - 2013-05-31 16:51 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-01-22 15:17 - 2010-12-14 21:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 15:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 15:16 - 2010-03-23 02:39 - 00173614 _____ () C:\Windows\PFRO.log
2015-01-22 15:16 - 2009-07-14 05:51 - 00137420 _____ () C:\Windows\setupact.log
2015-01-22 15:15 - 2010-03-23 00:52 - 00000000 ____D () C:\Users\Ibrahim
2015-01-22 15:05 - 2010-12-14 21:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 14:28 - 2013-04-26 05:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-22 13:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-22 13:14 - 2009-07-14 19:18 - 00000000 ____D () C:\Windows\ShellNew
2015-01-22 11:22 - 2010-03-23 02:27 - 00000000 ____D () C:\Users\Ibrahim\AppData\Local\Adobe
2015-01-21 17:40 - 2010-03-23 02:18 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\Adobe
2015-01-21 15:59 - 2014-12-12 01:32 - 00002972 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Ibrahim
2015-01-21 15:59 - 2014-12-12 01:32 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Ibrahim.job
2015-01-20 12:02 - 2012-07-04 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-19 23:41 - 2014-12-12 01:32 - 00002976 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Ibrahim
2015-01-19 23:41 - 2014-12-12 01:32 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Ibrahim.job
2015-01-17 11:17 - 2014-11-12 14:42 - 00000000 ____D () C:\Users\Ibrahim\AppData\Local\Loc.Mail.Bron.Tok
2015-01-16 15:50 - 2009-07-14 18:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 15:50 - 2009-07-14 18:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 15:50 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 15:28 - 2013-04-26 05:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 15:28 - 2013-04-26 05:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-16 15:28 - 2011-06-23 15:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 15:13 - 2014-06-14 09:19 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-04 14:42 - 2010-12-14 21:20 - 00000000 ____D () C:\Users\Ibrahim\AppData\Local\Google
2015-01-04 14:40 - 2012-07-04 11:26 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\Mozilla
2015-01-04 14:39 - 2011-05-22 10:16 - 00000000 ____D () C:\Program Files (x86)\Athan
2015-01-04 14:33 - 2010-12-14 21:19 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\Skype
2015-01-04 14:33 - 2010-12-14 21:19 - 00000000 ____D () C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-01-22 12:10 - 2015-01-22 12:10 - 0029879 _____ () C:\Users\Ibrahim\AppData\Local\Bron.tok.A12.em.bin
2010-04-02 15:31 - 2010-04-07 23:42 - 0016384 _____ () C:\Users\Ibrahim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-12 14:42 - 2014-11-12 14:42 - 0000051 _____ () C:\Users\Ibrahim\AppData\Local\Kosong.Bron.Tok.txt
2012-01-06 08:24 - 2012-01-06 08:24 - 0000000 _____ () C:\Users\Ibrahim\AppData\Local\{63000764-7767-4BA9-A44D-8321877C66FF}
2014-07-20 21:59 - 2014-07-20 21:59 - 0000000 _____ () C:\Users\Ibrahim\AppData\Local\{AC08F4B5-C54C-4411-ADBB-D78B3EF9AE29}
2010-12-14 21:21 - 2010-12-14 21:21 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some content of TEMP:
====================
C:\Users\Ibrahim\AppData\Local\Temp\UNINSTALL.EXE
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 17:02
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Ibrahim at 2015-01-22 15:24:11
Running from C:\Users\Ibrahim\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.0.348 - Adobe Systems Incorporated)
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (HKLM-x32\...\Adobe_67a7fb1e97aa14ee9ef0950eb6fd757) (Version: 1.0 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe OnLocation CS3 (HKLM-x32\...\InstallShield_{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}) (Version: 3.0.1095.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adobe Ultra CS3 - MSL Legacy Support (HKLM-x32\...\InstallShield_{995237D9-6E24-45D9-9B06-C13AA62F518B}) (Version: - )
Adobe Ultra CS3 (HKLM-x32\...\InstallShield_{E907A385-B00D-4D03-8B16-B64F10938CE6}) (Version: 3.0.1055.0 - Adobe Systems Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
DriverIdentifier 4.2.6 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH)
FileZilla Client 3.7.1 (HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\FileZilla Client) (Version: 3.7.1 - FileZilla Project)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Free YouTube Download version 3.2.17.1125 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.17.1125 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
MAGIX Screenshare (HKLM-x32\...\MAGIX_{BA816CCA-0FEA-4A68-9AD0-4CF3D2DF40CC}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{36F289DE-F9E6-4AD3-AD37-90CCB61F1638}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe MX Premium Sonderedition (HKLM-x32\...\MAGIX_{9ADAE3A4-87DD-4091-B5E0-24F4B6F08F3A}) (Version: 11.0.5.0 - MAGIX AG)
MAGIX Video deluxe MX Premium Sonderedition (x32 Version: 11.0.5.0 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PicPick (HKLM-x32\...\PicPick) (Version: 3.1.9 - NTeWORKS)
PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version: - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SendBlaster 2 (HKLM-x32\...\{CF950023-9C75-4843-8B68-FD8A5D641B4B}) (Version: 002.000.13800 - eDisplay srl)
simplitec simplicheck (HKLM-x32\...\{B73AFF76-53AD-464D-93D5-5A4E6CAAB893}) (Version: 1.2.3.0 - simplitec GmbH)
Sothink FLV Player (HKLM-x32\...\{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1) (Version: 2.1 - SourceTec Software Co., LTD)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM-x32\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
TIPCI (x32 Version: 2.00.0002 - Texas Instruments Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WaveLab LE 7 (HKLM-x32\...\WaveLabLE7) (Version: 7.1.0.543 - Steinberg)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
YTD Video Downloader 4.8.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ibrahim\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ibrahim\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ibrahim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000_Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InprocServer32 -> C:\Users\Ibrahim\Desktop\FileZilla FTP Client\fzshellext_64.dll ()
CustomCLSID: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ibrahim\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05055B8C-DB28-4233-B47E-110DC48D2D31} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{DDCE906B-5761-464C-B405-92E61ECDCDE3}.exe
Task: {06177BB4-0077-41EA-82AE-C529D6D515E8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {194106B9-2CF0-4B50-9613-410465E43720} - System32\Tasks\RNUpgradeHelperLogonPrompt_Ibrahim => C:\Users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-11] (RealNetworks, Inc.)
Task: {198181BD-285D-4819-975A-279A409B3729} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {52AC56C7-5496-4F9F-A9F1-F0836CC6943D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-16] (Adobe Systems Incorporated)
Task: {55D93B4A-E1F6-4B0A-BAF6-40E88080E2C4} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{4007B75F-547E-453A-B17A-8EB876993E98}.exe
Task: {6833939C-7485-4242-BA17-5F3BEA201719} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-11] (Google Inc.)
Task: {6C5F0D0B-95DB-4F6C-902B-7F96B403FC22} - System32\Tasks\AdobeAAMUpdater-1.0-Ibrahim-PC-Ibrahim => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {6D7C6FE9-EE8E-4A8A-A7C8-E85FF1DF9803} - System32\Tasks\{7AB8221E-2701-4B62-90E2-E89DB6A52E6B} => pcalua.exe -a "E:\Outlock Sicherung 24.06.13\Outlock Sicherung 24.06.13`.exe" -d "E:\Outlock Sicherung 24.06.13"
Task: {97991AA3-653D-47B8-A02B-63F0D06DFF40} - System32\Tasks\{E74E1A35-A9FA-4B0B-8E09-16F026067618} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {B2E7809E-1A38-4EDB-B213-22426027FA80} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {B5A02C35-02E5-46B2-9132-8DBB14BB5BA9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C56A6F03-11E3-485E-BAB4-7115F706F8B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-11] (Google Inc.)
Task: {C7B98D51-30D7-4604-ABEA-687382D294C0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3353200993-3378237040-2345229884-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {D8BBA9E2-3E3B-42A3-B40A-701501D3F7FC} - System32\Tasks\ReclaimerUpdateXML_Ibrahim => C:\Users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-11] (RealNetworks, Inc.)
Task: {DF9F103D-17F0-4A33-99A3-976192FED245} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3353200993-3378237040-2345229884-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {DF9F3FF1-2A5A-4B8B-9172-9D410DFDD6EF} - System32\Tasks\ReclaimerUpdateFiles_Ibrahim => C:\Users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-11] (RealNetworks, Inc.)
Task: {F36B1964-D8FB-48CB-A11F-C1FF5CE99289} - System32\Tasks\{87C9F65A-9EB0-47F8-9BFF-0DCA9F8E1C80} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.116.259/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;systemlevelpresent
Task: {FE25FF37-A056-4768-B960-505D801B8C97} - System32\Tasks\RNUpgradeHelperResumePrompt_Ibrahim => C:\Users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-11] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{4007B75F-547E-453A-B17A-8EB876993E98}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{DDCE906B-5761-464C-B405-92E61ECDCDE3}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Ibrahim.job => C:\Users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Ibrahim.job => C:\Users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Ibrahim.job => C:\Users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2010-03-23 02:26 - 2007-05-11 01:31 - 00921600 _____ () C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdistRes.DEU
2014-01-31 16:45 - 2014-01-31 16:45 - 00643952 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Users\Ibrahim\Desktop\FileZilla FTP Client\fzshellext_64.dll
2011-12-13 15:10 - 2007-04-13 17:20 - 00097432 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-01-17 12:04 - 2015-01-17 12:04 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-02 14:26 - 2014-02-02 14:26 - 32733080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3353200993-3378237040-2345229884-500 - Administrator - Disabled)
Gast (S-1-5-21-3353200993-3378237040-2345229884-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3353200993-3378237040-2345229884-1003 - Limited - Enabled)
Ibrahim (S-1-5-21-3353200993-3378237040-2345229884-1000 - Administrator - Enabled) => C:\Users\Ibrahim
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/21/2015 04:32:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig.
.
Error: (01/21/2015 04:32:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig.
.
Error: (01/17/2015 03:58:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4180
Error: (01/17/2015 03:58:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4180
Error: (01/17/2015 03:58:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/17/2015 03:58:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1107
Error: (01/17/2015 03:58:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1107
Error: (01/17/2015 03:58:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/17/2015 03:57:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7007674
Error: (01/17/2015 03:57:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7007674
System errors:
=============
Error: (01/22/2015 02:21:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (01/22/2015 00:38:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%216
Error: (01/22/2015 00:36:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%216
Error: (01/22/2015 11:59:42 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde nicht richtig gestartet.
Error: (01/22/2015 11:56:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Anwendungserfahrung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1115
Error: (01/22/2015 11:56:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/22/2015 11:56:46 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/22/2015 11:56:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Enumeratordienst für tragbare Geräte" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1115
Error: (01/22/2015 11:56:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computerbrowser" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1115
Error: (01/22/2015 11:56:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "FLEXnet Licensing Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 42%
Total physical RAM: 4086.43 MB
Available physical RAM: 2335.02 MB
Total Pagefile: 10213.57 MB
Available Pagefile: 8439.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:139.28 GB) (Free:5.56 GB) NTFS
Drive z: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:3.42 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 34FE34FD)
Partition 1: (Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=139.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-22 15:42:53
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542516K9SA00 rev.BBCOC31P 149,05GB
Running: 7u8ie45g.exe; Driver: C:\Users\Ibrahim\AppData\Local\Temp\fxriqfow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1692] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1692] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3992] entry point in ".rdata" section 000000006e3271e6
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2eb36a0
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2eb36a0@9c187452a9aa 0x02 0x2C 0x69 0x67 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x48 0xA6 0x0B 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4B 0x13 0x4C 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5B 0x12 0x74 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2eb36a0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2eb36a0@9c187452a9aa 0x02 0x2C 0x69 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x48 0xA6 0x0B 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4B 0x13 0x4C 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5B 0x12 0x74 0x26 ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 22.01.2015 Scan Time: 13:15:10 Logfile: MBAM1.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.22.07 Rootkit Database: v2015.01.14.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 CPU: x64 File System: NTFS User: Ibrahim Scan Type: Threat Scan Result: Completed Objects Scanned: 352910 Time Elapsed: 22 min, 45 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 3 Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\winlogon.exe, 2088, Delete-on-Reboot, [70ffed0dfa8fd0666147116339c70df3] Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\services.exe, 2728, Delete-on-Reboot, [303fd822bfcab68094145c1836ca40c0] Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\lsass.exe, 2964, Delete-on-Reboot, [0966b14970198aac5b4d81f3bb45a858] Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 2 Trojan.Dropper, HKU\S-1-5-21-3353200993-3378237040-2345229884-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tok-Cirrhatus, "C:\Users\Ibrahim\AppData\Local\smss.exe", Quarantined, [402fec0e8aff4aecfeaa3e36c13f56aa] Hijack.FolderOptions, HKU\S-1-5-21-3353200993-3378237040-2345229884-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, Quarantined, [e58ac832058464d29527f736e51f60a0] Registry Data: 0 (No malicious items detected) Folders: 1 Worm.Brontok, C:\Users\Ibrahim\AppData\Local\Bron.tok-12-22, Quarantined, [70ff5d9da1e864d2c13811285da64db3], Files: 33 Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\winlogon.exe, Delete-on-Reboot, [70ffed0dfa8fd0666147116339c70df3], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\services.exe, Delete-on-Reboot, [303fd822bfcab68094145c1836ca40c0], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\lsass.exe, Delete-on-Reboot, [0966b14970198aac5b4d81f3bb45a858], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\smss.exe, Quarantined, [402fec0e8aff4aecfeaa3e36c13f56aa], Trojan.Dropper, C:\Users\Ibrahim\Documents\Documents.exe, Quarantined, [0a657e7c4b3eb28444646c0805fb6d93], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\csrss.exe, Quarantined, [254a53a7fb8efa3cfbad472d49b74cb4], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\inetinfo.exe, Quarantined, [fc733dbd5d2c15210f996d07aa56ad53], PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (user_pref("extensions.Softonic.aflt", "OC");), Replaced,[d699d52597f243f3fe67ebf009fc0ef2] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (re* If you make changes to this file while the applican exits. * * To make a ), Replaced,[95da2ad0ee9b5cda54116e6d6a9b6f91] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (while the applican exits. * * To make a manual ), Replaced,[2a45fbff66232d09cf96eeed0cf93cc4] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applica), Replaced,[630c8476fa8fc76f0e578754739211ef] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( If you make changes to this file while the appl), Replaced,[db94f90190f9a98dd491b52643c2eb15] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (If you make changes to this file while the app), Replaced,[72fdd525c4c513232d38e0fb689d01ff] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (* If you make changes to this file while the app), Replaced,[343bad4d1b6eb97dacb901da04018977] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (If you make changes to this file while the applican ), Replaced,[83ec0eec2b5e979fd392bc1fe5206c94] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ou make changes to this file while the appli), Replaced,[214e6e8c018881b5c4a1805b31d4fa06] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (* If you make changes to this file while the applican exits. * * To ), Replaced,[ef80609af0990b2ba6bfa23933d26898] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (his file while the applican exits. * * To make ), Replaced,[4f2041b99eebab8b6afbe0fb4cb92ad6] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applican exits), Replaced,[6807bc3e593071c52441617ab64fa957] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( make changes to this file while the applican ), Replaced,[442b7882b2d74ee88ed706d5cf363ac6] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (* If you make changes to this file while the applican exits. * * To make a manual change to preferences, you can visit the URL about:config ), Replaced,[7ef188722d5cf3432540e7f44bba8d73] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ferences, you can visit the URL about:config */ ), Replaced,[e08fe713b6d3a492b7aeb7248c79f010] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applican exit), Replaced,[3c330feb5336bf7796cf31aaba4b629e] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (u make changes to this file while the applican ), Replaced,[17586793a7e241f50065508b31d4669a] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( If you make changes to this file while the appli), Replaced,[e68949b15f2af83e9acbd4078c793cc4] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (f you make changes to this file while the applican exits. * * To mak), Replaced,[7af58c6efb8e3df98bda409b699cc739] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (his file while the applican exits. * * To make a manu), Replaced,[046bd9215e2bf4422342cb1017ee11ef] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ke changes to this file while the applican exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_pr), Replaced,[620d61998aff2c0a234237a464a1837d] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ences, you can visit the URL about:config */ u), Replaced,[6c0307f3becbc37361049e3db5508779] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applican exits. * ), Replaced,[a6c9807a98f173c38adbf5e68d785da3] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (hanges to this file while the applican exits. * ), Replaced,[056af50568218caae67fd10a13f2e719] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=f259e586000000000000001f3c568fb7");), Replaced,[e6892ecc98f1a29468057764f51009f7] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (app.update.lastUpdateTime.experiments-update-timer", 1421841830); user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1421921901); u), Replaced,[fe710feb8108eb4ba9c457845baa03fd] Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 22.01.2015 Scan Time: 13:15:10 Logfile: MBAM2.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.22.07 Rootkit Database: v2015.01.14.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 CPU: x64 File System: NTFS User: Ibrahim Scan Type: Threat Scan Result: Completed Objects Scanned: 352910 Time Elapsed: 22 min, 45 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 3 Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\winlogon.exe, 2088, Delete-on-Reboot, [70ffed0dfa8fd0666147116339c70df3] Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\services.exe, 2728, Delete-on-Reboot, [303fd822bfcab68094145c1836ca40c0] Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\lsass.exe, 2964, Delete-on-Reboot, [0966b14970198aac5b4d81f3bb45a858] Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 2 Trojan.Dropper, HKU\S-1-5-21-3353200993-3378237040-2345229884-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tok-Cirrhatus, "C:\Users\Ibrahim\AppData\Local\smss.exe", Quarantined, [402fec0e8aff4aecfeaa3e36c13f56aa] Hijack.FolderOptions, HKU\S-1-5-21-3353200993-3378237040-2345229884-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, Quarantined, [e58ac832058464d29527f736e51f60a0] Registry Data: 0 (No malicious items detected) Folders: 1 Worm.Brontok, C:\Users\Ibrahim\AppData\Local\Bron.tok-12-22, Quarantined, [70ff5d9da1e864d2c13811285da64db3], Files: 33 Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\winlogon.exe, Delete-on-Reboot, [70ffed0dfa8fd0666147116339c70df3], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\services.exe, Delete-on-Reboot, [303fd822bfcab68094145c1836ca40c0], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\lsass.exe, Delete-on-Reboot, [0966b14970198aac5b4d81f3bb45a858], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\smss.exe, Quarantined, [402fec0e8aff4aecfeaa3e36c13f56aa], Trojan.Dropper, C:\Users\Ibrahim\Documents\Documents.exe, Quarantined, [0a657e7c4b3eb28444646c0805fb6d93], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\csrss.exe, Quarantined, [254a53a7fb8efa3cfbad472d49b74cb4], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\inetinfo.exe, Quarantined, [fc733dbd5d2c15210f996d07aa56ad53], PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (user_pref("extensions.Softonic.aflt", "OC");), Replaced,[d699d52597f243f3fe67ebf009fc0ef2] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (re* If you make changes to this file while the applican exits. * * To make a ), Replaced,[95da2ad0ee9b5cda54116e6d6a9b6f91] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (while the applican exits. * * To make a manual ), Replaced,[2a45fbff66232d09cf96eeed0cf93cc4] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applica), Replaced,[630c8476fa8fc76f0e578754739211ef] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( If you make changes to this file while the appl), Replaced,[db94f90190f9a98dd491b52643c2eb15] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (If you make changes to this file while the app), Replaced,[72fdd525c4c513232d38e0fb689d01ff] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (* If you make changes to this file while the app), Replaced,[343bad4d1b6eb97dacb901da04018977] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (If you make changes to this file while the applican ), Replaced,[83ec0eec2b5e979fd392bc1fe5206c94] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ou make changes to this file while the appli), Replaced,[214e6e8c018881b5c4a1805b31d4fa06] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (* If you make changes to this file while the applican exits. * * To ), Replaced,[ef80609af0990b2ba6bfa23933d26898] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (his file while the applican exits. * * To make ), Replaced,[4f2041b99eebab8b6afbe0fb4cb92ad6] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applican exits), Replaced,[6807bc3e593071c52441617ab64fa957] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( make changes to this file while the applican ), Replaced,[442b7882b2d74ee88ed706d5cf363ac6] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (* If you make changes to this file while the applican exits. * * To make a manual change to preferences, you can visit the URL about:config ), Replaced,[7ef188722d5cf3432540e7f44bba8d73] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ferences, you can visit the URL about:config */ ), Replaced,[e08fe713b6d3a492b7aeb7248c79f010] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applican exit), Replaced,[3c330feb5336bf7796cf31aaba4b629e] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (u make changes to this file while the applican ), Replaced,[17586793a7e241f50065508b31d4669a] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( If you make changes to this file while the appli), Replaced,[e68949b15f2af83e9acbd4078c793cc4] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (f you make changes to this file while the applican exits. * * To mak), Replaced,[7af58c6efb8e3df98bda409b699cc739] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (his file while the applican exits. * * To make a manu), Replaced,[046bd9215e2bf4422342cb1017ee11ef] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ke changes to this file while the applican exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_pr), Replaced,[620d61998aff2c0a234237a464a1837d] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ences, you can visit the URL about:config */ u), Replaced,[6c0307f3becbc37361049e3db5508779] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applican exits. * ), Replaced,[a6c9807a98f173c38adbf5e68d785da3] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (hanges to this file while the applican exits. * ), Replaced,[056af50568218caae67fd10a13f2e719] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=f259e586000000000000001f3c568fb7");), Replaced,[e6892ecc98f1a29468057764f51009f7] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (app.update.lastUpdateTime.experiments-update-timer", 1421841830); user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1421921901); u), Replaced,[fe710feb8108eb4ba9c457845baa03fd] Physical Sectors: 0 (No malicious items detected) (end) |
| Themen zu W7: Worm.Brontok u.v.m. lässt sich nicht entfernen |
| adware, bonjour, browser, canon, computer, converter, cpu, desktop, downloader, dvdvideosoft ltd., entfernen, error, excel, fehler, firefox, flash player, ftp, iexplore.exe, mozilla, registry, security, server, software, stick, svchost.exe, symantec, windows |
Baum-Darstellung