|
Log-Analyse und Auswertung: Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.05.2015, 09:09 | #16 |
| Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 Ich hatte den Scan noch einmal mit AVG durch geführt. FRST log habe ich jetzt noch mal durchgeführt, allerdings hatte ich ja schon alle Programme deinstalliert. Dementsprechend war der Defogger auch nicht mehr dabei. Hätte ich den vorher auch nochmal anwenden sollen? Nun wäre es leider zu spät. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-05-2015 Ran by Shorlogere (administrator) on SHORLOGERE-PC on 20-05-2015 09:52:16 Running from C:\Users\Shorlogere\Desktop Loaded Profiles: Shorlogere & (Available profiles: Shorlogere) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Nero AG) D:\Programme\Nero 7\Nero 7\InCD\InCDsrv.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe () C:\Acer\Mobility Center\MobilityService.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Nero AG) D:\Programme\Nero 7\Nero 7\InCD\NBHGui.exe (Nero AG) D:\Programme\Nero 7\Nero 7\InCD\InCD.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Realtek Semiconductor Corp.) C:\Users\Shorlogere\AppData\Local\temp\RtkBtMnt.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe () C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe () C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor) HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST) HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [107112 2006-11-21] (Symantec Corporation) HKLM\...\Run: [osCheck] => C:\Program Files\Norton Internet Security\osCheck.exe [22696 2006-11-21] (Symantec Corporation) HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2007-07-05] (sonix) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation) HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-08-31] (CyberLink) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [768520 2007-10-17] (Dritek System Inc.) HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.) HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.) HKLM\...\Run: [Symantec PIF AlertEng] => C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation) HKLM\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-08-01] (Acer Inc.) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG) HKLM\...\Run: [SecurDisc] => D:\Programme\Nero 7\Nero 7\InCD\NBHGui.exe [1629480 2008-05-06] (Nero AG) HKLM\...\Run: [InCD] => D:\Programme\Nero 7\Nero 7\InCD\InCD.exe [1057064 2008-05-06] (Nero AG) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-26] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.) HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [DivXMediaServer] => D:\Programme\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-08-01] (Acer Inc.) HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG) HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [Amazon Music] => C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] () HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.) HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom) HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\acer.scr [83554304 2007-04-19] () HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG) HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] () HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.) HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom) HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\acer.scr [83554304 2007-04-19] () HKU\S-1-5-18\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-08-01] (Acer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk [2007-12-26] ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-01-11] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3128768096-592464525-3037917805-1000 -> {3F61328A-CE9B-40CA-A639-5B3771784314} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKU\S-1-5-21-3128768096-592464525-3037917805-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {3F61328A-CE9B-40CA-A639-5B3771784314} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-11-21] (Symantec Corporation) BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Windows\system32\ActiveToolBand.dll [2007-04-25] (HiTRUST) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll [2007-04-25] (HiTRUST) Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-11-21] (Symantec Corporation) DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-07-12] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Shorlogere\AppData\Roaming\Mozilla\Firefox\Profiles\254g2r7t.default-1432032617803 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-19] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] () FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Programme\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> D:\Programme\DivX\DivX Web Player\npdivx32.dll [2013-08-28] (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> D:\Programme\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programme\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3128768096-592464525-3037917805-1000: amazon.com/AmazonMP3DownloaderPlugin -> D:\Programme\Amazon\npAmazonMP3DownloaderPlugin1017325.dll [2012-10-04] (Amazon.com, Inc.) FF Plugin HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> D:\Programme\Amazon\npAmazonMP3DownloaderPlugin1017325.dll [2012-10-04] (Amazon.com, Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-24] FF HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-26] (Symantec Corporation) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.) R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation) R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation) R2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation) S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-11-21] (Symantec Corporation) R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT) R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed] R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-08-28] (Acer Inc.) [File not signed] R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed] R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-10] () [File not signed] R2 InCDsrv; D:\Programme\Nero 7\Nero 7\InCD\InCDsrv.exe [1553192 2008-05-06] (Nero AG) S3 ISPwdSvc; C:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-11-21] (Symantec Corporation) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed] S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation) R2 LiveUpdate Notice Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation) S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed] S3 NBService; D:\Programme\Nero 7\Nero 7\Nero BackItUp\NBService.exe [800040 2008-04-08] (Nero AG) R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () [File not signed] R3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1251720 2011-05-21] () R2 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-11-21] (Symantec Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation) R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-10-30] (acer) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [226784 2015-04-09] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [166880 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [269792 2015-03-11] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [110048 2015-04-03] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-04-07] (AVG Technologies CZ, s.r.o.) R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-07-28] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [105592 2011-07-28] (Symantec Corporation) R1 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20110818.001\IDSvix86.sys [287792 2011-04-27] (Symantec Corporation) R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118952 2008-05-06] (Nero AG) R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [36648 2008-05-06] (Nero AG) U1 InCDrec; C:\Windows\System32\drivers\InCDRec.sys [16936 2008-05-06] (Nero AG) R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38312 2008-05-06] (Nero AG) R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20110818.003\NAVENG.SYS [86136 2011-08-04] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20110818.003\NAVEX15.SYS [1576312 2011-08-04] (Symantec Corporation) R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-12-26] (NewTech Infosystems, Inc.) [File not signed] R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST) R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST) R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST) S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-01-03] (RapidSolution Software AG) R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-01-03] (RapidSolution Software AG) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-02] () R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-11-21] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [245880 2006-11-21] (Symantec Corporation) S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [275576 2006-11-21] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [24184 2006-11-21] (Symantec Corporation) R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [12720 2009-08-03] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2011-05-21] (Symantec Corporation) R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [145968 2009-08-03] (Symantec Corporation) R3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [39856 2009-08-03] (Symantec Corporation) R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [38448 2009-08-03] (Symantec Corporation) R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-08-03] (Symantec Corporation) R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-08-03] (Symantec Corporation) R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2012-01-03] (RapidSolution Software AG) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2007-12-05] (Cyberlink Corp.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) S4 blbdrive; No ImagePath S3 catchme; \??\C:\Users\SHORLO~1\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; No ImagePath S3 NwlnkFlt; No ImagePath S3 NwlnkFwd; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-20 09:50 - 2015-05-20 09:54 - 00000000 ____D () C:\FRST 2015-05-20 09:49 - 2015-05-20 09:49 - 01146880 _____ (Farbar) C:\Users\Shorlogere\Desktop\FRST.exe 2015-05-19 12:45 - 2015-05-19 12:45 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-05-19 12:45 - 2015-05-19 12:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-19 12:45 - 2015-05-19 12:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-05-19 12:42 - 2015-05-19 12:44 - 39443672 _____ () C:\Users\Shorlogere\Desktop\FirefoxSetup38.0.1.exe 2015-05-19 12:18 - 2015-05-19 12:18 - 00001061 _____ () C:\Users\Shorlogere\Desktop\Revo Uninstaller.lnk 2015-05-19 12:18 - 2015-05-19 12:18 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-05-19 12:17 - 2015-05-19 12:17 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Shorlogere\Desktop\revosetup95.exe 2015-05-19 12:02 - 2015-05-19 12:03 - 00001968 _____ () C:\DelFix.txt 2015-05-19 12:02 - 2015-05-19 12:02 - 00000000 ____D () C:\Windows\ERUNT 2015-05-18 11:52 - 2015-05-18 11:52 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-05-18 11:49 - 2015-05-18 11:49 - 00000000 ____D () C:\ProgramData\Oracle 2015-05-18 11:48 - 2015-05-18 11:48 - 37066152 _____ (Oracle Corporation) C:\Users\Shorlogere\jre-8u40-windows-i586.exe 2015-05-16 17:07 - 2015-05-16 17:07 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SHORLOGERE-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat 2015-05-16 17:07 - 2015-05-16 17:07 - 00000000 ____D () C:\RegBackup 2015-05-16 14:35 - 2015-05-16 14:35 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-16 14:35 - 2015-05-16 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-16 14:35 - 2015-05-16 14:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-05-16 14:35 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-05-16 14:35 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-05-16 14:30 - 2015-05-16 14:30 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Shorlogere\Downloads\mbam-setup-2.1.6.1022.exe 2015-05-15 20:06 - 2015-05-18 12:30 - 00000000 ____D () C:\Windows\erdnt 2015-05-14 21:29 - 2015-05-16 14:35 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-14 21:28 - 2015-05-20 09:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-14 21:28 - 2015-05-14 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-05-14 21:25 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-05-14 15:08 - 2015-05-14 15:08 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\AVG2015 2015-05-14 15:06 - 2015-05-14 15:06 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2015-05-14 15:06 - 2015-05-14 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-05-14 15:02 - 2015-05-18 12:07 - 00000000 ____D () C:\ProgramData\AVG2015 2015-05-14 15:02 - 2015-05-14 15:02 - 00000000 ____D () C:\$AVG 2015-05-14 14:58 - 2015-05-14 14:58 - 00000000 ____D () C:\Program Files\AVG 2015-05-14 14:55 - 2015-05-20 09:40 - 00000000 ____D () C:\ProgramData\MFAData 2015-05-14 14:55 - 2015-05-14 15:13 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\Avg2015 2015-05-14 14:55 - 2015-05-14 14:55 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\MFAData 2015-05-13 21:59 - 2015-05-13 21:59 - 00143352 _____ () C:\Windows\Minidump\Mini051315-04.dmp 2015-05-13 20:54 - 2015-05-13 20:54 - 00143352 _____ () C:\Windows\Minidump\Mini051315-03.dmp 2015-05-13 20:42 - 2015-05-13 20:42 - 00143352 _____ () C:\Windows\Minidump\Mini051315-02.dmp 2015-05-13 20:35 - 2015-05-13 20:35 - 00143352 _____ () C:\Windows\Minidump\Mini051315-01.dmp 2015-05-13 13:17 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 13:15 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-05-13 13:15 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-05-13 13:15 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-05-13 13:15 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-05-13 13:15 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-05-13 13:15 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-05-13 13:15 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-05-13 13:15 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 13:15 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 13:15 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 13:14 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 13:03 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-12 21:17 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-12 21:17 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-12 21:17 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-12 21:17 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-12 21:17 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-12 21:17 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-12 21:17 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-12 21:17 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-12 21:17 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-12 21:17 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-12 21:17 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-12 21:17 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-12 21:17 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-05-12 21:17 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-12 21:17 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-12 21:17 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-12 21:17 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-12 21:17 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-12 21:17 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-12 21:17 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-05-12 21:17 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-05-12 21:17 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-20 09:53 - 2011-05-21 16:14 - 01976261 _____ () C:\Windows\WindowsUpdate.log 2015-05-20 09:39 - 2012-04-01 17:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-20 09:39 - 2011-07-21 09:01 - 00157226 _____ () C:\Users\Shorlogere\AppData\Roaming\nvModes.001 2015-05-20 09:36 - 2012-04-01 17:52 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-20 09:36 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-20 09:36 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-20 09:36 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-19 22:58 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-19 22:33 - 2012-10-07 16:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-19 21:19 - 2012-10-07 16:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-05-19 21:19 - 2011-05-23 18:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-05-19 21:19 - 2011-05-21 19:09 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\Adobe 2015-05-19 20:09 - 2011-05-21 16:09 - 00389806 _____ () C:\Windows\PFRO.log 2015-05-19 17:28 - 2013-06-18 12:58 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\vlc 2015-05-18 12:27 - 2011-05-21 15:27 - 00000000 ____D () C:\Users\Shorlogere 2015-05-18 11:44 - 2011-08-28 12:12 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-05-17 21:08 - 2011-06-27 18:57 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\Skype 2015-05-17 14:11 - 2006-11-02 12:33 - 00006626 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-16 15:54 - 2011-06-27 18:56 - 00000000 ___RD () C:\Program Files\Skype 2015-05-16 15:54 - 2011-06-27 18:56 - 00000000 ____D () C:\ProgramData\Skype 2015-05-16 15:48 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\DigitalLocker 2015-05-15 20:27 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default 2015-05-15 20:27 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public 2015-05-15 20:24 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini 2015-05-15 20:09 - 2013-05-14 12:20 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\CrashDumps 2015-05-15 20:03 - 2011-05-21 17:53 - 00000534 _____ () C:\Windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Shorlogere.job 2015-05-15 12:34 - 2014-05-18 20:44 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-14 20:25 - 2011-05-21 22:36 - 00002631 _____ () C:\Users\Shorlogere\Desktop\Microsoft Office Word 2007.lnk 2015-05-14 15:06 - 2013-06-06 10:40 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\TuneUp Software 2015-05-13 21:59 - 2011-11-03 17:40 - 417634770 _____ () C:\Windows\MEMORY.DMP 2015-05-13 21:59 - 2011-11-03 17:40 - 00000000 ____D () C:\Windows\Minidump 2015-05-13 21:38 - 2015-01-11 21:16 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2015-05-13 21:38 - 2014-12-08 12:05 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-05-13 21:38 - 2014-05-22 09:13 - 00000000 ____D () C:\Users\Shorlogere\Desktop\Mama-Stick 2015-05-13 21:38 - 2013-05-02 10:45 - 00000000 ____D () C:\ProgramData\Protexis 2015-05-13 21:38 - 2012-09-30 11:05 - 00000000 ___HD () C:\ProgramData\CanonIJEGV 2015-05-13 21:38 - 2012-01-05 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-13 21:38 - 2012-01-05 18:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-13 21:38 - 2011-05-21 22:24 - 00000000 ____D () C:\Program Files\Microsoft Works 2015-05-13 21:38 - 2011-05-21 22:21 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\Microsoft Help 2015-05-13 21:38 - 2011-05-21 15:29 - 00000000 ___HD () C:\Users\Shorlogere\AppData\Local\acer eNM 2015-05-13 21:38 - 2011-05-21 15:27 - 00000000 ___RD () C:\Users\Shorlogere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-05-13 21:38 - 2011-05-21 15:27 - 00000000 ___RD () C:\Users\Shorlogere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-13 21:38 - 2007-12-26 08:16 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2015-05-13 21:38 - 2007-12-26 08:01 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC 2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer 2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\restore 2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\ShellNew 2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 __RSD () C:\Windows\Media 2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Windows\Offline Web Pages 2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades 2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool 2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration 2015-05-13 18:24 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-05-13 18:13 - 2006-11-02 14:47 - 00308168 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-13 13:13 - 2013-07-19 13:01 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-13 13:06 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-05-08 21:12 - 2011-05-21 18:02 - 00000016 _____ () C:\Windows\system32\coh.cache 2015-04-28 12:39 - 2014-03-19 15:39 - 00000000 ____D () C:\Users\Shorlogere\Desktop\Umwandlung 2015-04-27 19:09 - 2011-05-21 18:20 - 00000049 __RSH () C:\Users\Public\Documents\HBEPGUID.TXT 2015-04-23 12:50 - 2011-05-21 22:43 - 00245760 _____ () C:\Users\Shorlogere\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Files in the root of some directories ======= 2011-07-21 09:01 - 2015-05-20 09:39 - 0157226 _____ () C:\Users\Shorlogere\AppData\Roaming\nvModes.001 2011-07-21 08:53 - 2014-08-03 16:40 - 0157226 _____ () C:\Users\Shorlogere\AppData\Roaming\nvModes.dat 2012-01-05 13:46 - 2014-05-17 09:32 - 0000680 _____ () C:\Users\Shorlogere\AppData\Local\d3d9caps.dat 2011-05-21 22:43 - 2015-04-23 12:50 - 0245760 _____ () C:\Users\Shorlogere\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-01-05 14:28 - 2012-01-05 14:29 - 0029347 _____ () C:\Users\Shorlogere\AppData\Local\HWVendorDetection.log Files to move or delete: ==================== C:\Users\Shorlogere\jre-8u40-windows-i586.exe Some content of TEMP: ==================== C:\Users\Shorlogere\AppData\Local\temp\RtkBtMnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-20 09:44 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-05-2015 Ran by Shorlogere at 2015-05-20 09:58:52 Running from C:\Users\Shorlogere\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3128768096-592464525-3037917805-500 - Administrator - Disabled) Gast (S-1-5-21-3128768096-592464525-3037917805-501 - Limited - Disabled) Shorlogere (S-1-5-21-3128768096-592464525-3037917805-1000 - Administrator - Enabled) => C:\Users\Shorlogere ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4Videosoft Media Toolkit Ultimate (HKLM\...\4Videosoft Media Toolkit Ultimate_is1) (Version: - ) Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.13.4811 - CyberLink Corporation) Acer Crystal Eye webcam (HKLM\...\{AA047D7C-5E7C-4878-B75C-77589151B563}) (Version: 1.0.14 - SUYIN) Acer Crystal Eye Webcam Video Class Camera (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.30.500-1.0 - Suyin) Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4207 - CyberLink Corp.) Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.4241 - HiTRUST Inc.) Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4011 - Acer Inc.) Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4011 - Acer Inc.) Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4009 - Acer Inc.) Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4024 - Acer Inc.) Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4002 - Acer Inc.) Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4016 - Acer Inc.) Acer GridVista (HKLM\...\GridVista) (Version: 2.68.622 - ) Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.) Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.12.20071026 - Acer Inc.) Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1005 - Acer Inc.) Acoustica Effects Pack (HKLM\...\Acoustica Effects Pack) (Version: 3.0 - Acoustica, Inc) Acoustica Mixcraft 5 (HKLM\...\Acoustica Mixcraft 5) (Version: - Acoustica) Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Reader X (10.1.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated) Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC) AppCore (Version: 1 - Symantec Corporation) Hidden Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audials (HKLM\...\{8ABEEC21-B23C-4610-B57A-BE94345D4096}) (Version: 9.0.57913.1300 - RapidSolution Software AG) AV (Version: 1 - Symantec Corporation) Hidden AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies) AVG 2015 (Version: 15.0.4347 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden Bonjour (HKLM\...\{D03482C5-9AD8-496D-B388-692AE04C93AF}) (Version: 3.0.0.2 - Apple Inc.) Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version: - ) Canon MP640 series Benutzerregistrierung (HKLM\...\Canon MP640 series Benutzerregistrierung) (Version: - ) Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - ) Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - ) ccCommon (Version: 106.1.1.4 - Symantec) Hidden CDex extraction audio (HKLM\...\CDex) (Version: - ) CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - ) Corel PaintShop Pro X5 (HKLM\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.2.0.12 - Corel Corporation) Corel PaintShop Pro X5 (Version: 15.2.0.12 - Corel Corporation) Hidden DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC) ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.0.20150211 - Landesfinanzdirektion Thüringen) Free Studio version 6.4.3.128 (HKLM\...\Free Studio_is1) (Version: 6.4.3.128 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.43.806 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.43.806 - DVDVideoSoft Ltd.) Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.) Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - ) ICA (Version: 15.2.0.12 - Corel Corporation) Hidden Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - ) IPM_PSP_COM (Version: 15.2.0.12 - Corel Corporation) Hidden iTunes (HKLM\...\{69995C7A-062A-4A90-A4DF-8C22895DF522}) (Version: 10.4.1.10 - Apple Inc.) Launch Manager (HKLM\...\LManager) (Version: - ) LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation) LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla) MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden MyDriveConnect 3.3.0.1812 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom) Nero 7 Premium (HKLM\...\{C6115A28-F277-4E82-B067-84D28BF21031}) (Version: 7.03.1357 - Nero AG) Norton AntiVirus (Version: 14.1.0.27 - Symantec Corporation) Hidden Norton Confidential Browser Component (Version: 1.1.0.6 - Symantec Corporation) Hidden Norton Confidential Web Protection Component (Version: 1.1.0.6 - Symantec Corporation) Hidden Norton Internet Security (Symantec Corporation) (HKLM\...\SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}) (Version: 10.1.0.26 - Symantec Corporation) Norton Internet Security (Version: 10.1.0 - Symantec Corp.) Hidden Norton Internet Security (Version: 10.1.0.26 - Symantec Corporation) Hidden Norton Protection Center (Version: 2007.1.2.11 - Symantec Corporation) Hidden NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems) NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems) NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) Orion (HKLM\...\{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}) (Version: 1.0.214 - Convesoft) PowerProducer 3.72 (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074324(3.7)_Vista_Acer - CyberLink Corporation) PSPPContent (Version: 15.2.0.12 - Corel Corporation) Hidden PSPPHelp (Version: 15.2.0.12 - Corel Corporation) Hidden QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5443 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - ) schrankplaner (HKLM\...\schrankplaner3.600) (Version: 3.600 - Schrankplaner GmbH) Setup (Version: 15.2.0.12 - Ihr Firmenname) Hidden Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.) Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) SPBBC 32bit (Version: 3.1.1.4 - Symantec Corporation) Hidden Symantec Real Time Storage Protection Component (Version: 10.1.1.5 - Symantec Corporation) Hidden SymNet (Version: 7.2.5.8 - Symantec Corporation) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics) System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WEB.DE MailCheck für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.1.1739 - 1&1 Mail & Media GmbH) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> D:\Programme\Amazon\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) CustomCLSID: HKU\S-1-5-21-3128768096-592464525-3037917805-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> D:\Programme\Amazon\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) ==================== Restore Points ========================= 19-05-2015 12:02:52 Ende der Bereinigung 19-05-2015 12:22:29 Revo Uninstaller's restore point - Mozilla Firefox 38.0 (x86 de) 19-05-2015 12:28:09 Revo Uninstaller's restore point - Mozilla Firefox 38.0 (x86 de) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 12:23 - 2015-05-15 20:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {4AF949F5-6323-40F6-86FE-8C43F409599A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19] (Adobe Systems Incorporated) Task: {503EE400-8E34-4376-9EDC-C074D314B857} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {8248FC8B-2BCA-405C-A1BA-8050465381E3} - System32\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Shorlogere => C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2006-11-21] (Symantec Corporation) Task: {C15F4F04-6430-4D59-A3D7-AA08E8C239E8} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation) Task: {DCF179C3-5770-465D-BB5A-89AE913B5B72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-01] (Google Inc.) Task: {EA878563-08D5-42E0-9B44-9392FFE42759} - System32\Tasks\{E1412B5E-4FC1-4B33-8BC8-B0CD68799628} => C:\Program Files\Skype\\Phone\Skype.exe [2015-04-17] (Skype Technologies S.A.) Task: {F231B09C-A3B7-4DE8-8846-8B89F31E72E7} - System32\Tasks\{5FF01C47-6D8D-497E-B2A3-0CABFC08B0B4} => C:\Program Files\Skype\\Phone\Skype.exe [2015-04-17] (Skype Technologies S.A.) Task: {FB578DB4-DD3D-424B-AF4F-5FFA4527E47B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-01] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Shorlogere.job => C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca ==================== Loaded Modules (Whitelisted) ============== 2007-04-25 17:30 - 2007-04-25 17:30 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll 2007-04-25 17:31 - 2007-04-25 17:31 - 00028672 _____ () C:\Windows\system32\BatchCrypto.dll 2006-11-21 06:35 - 2006-11-21 06:35 - 00009384 _____ () C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.loc 2007-12-26 07:56 - 2006-11-24 13:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe 2007-12-26 07:56 - 2006-10-24 11:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll 2007-12-26 07:54 - 2007-01-23 15:48 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2011-05-21 15:34 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll 2011-05-21 15:34 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll 2007-12-26 07:41 - 2007-12-10 11:23 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2007-12-26 07:41 - 2007-12-10 11:22 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll 2007-12-26 07:41 - 2007-12-10 11:22 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll 2007-12-26 07:41 - 2007-12-10 11:22 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll 2007-12-26 07:41 - 2007-12-10 11:23 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll 2007-12-26 13:29 - 2003-06-07 07:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll 2013-08-29 02:23 - 2013-08-29 02:23 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe 2013-08-29 02:25 - 2013-08-29 02:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll 2014-09-17 11:54 - 2014-09-06 02:54 - 06281536 _____ () C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe 2014-10-03 14:04 - 2014-10-03 14:04 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll 2014-10-03 14:04 - 2014-10-03 14:04 - 00087416 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll 2014-10-03 14:04 - 2014-10-03 14:04 - 00398712 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll 2007-12-26 07:45 - 2007-07-24 11:39 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll 2007-12-26 07:39 - 2007-08-29 11:35 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll 2007-12-26 07:39 - 2007-09-07 18:23 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll 2011-05-21 15:28 - 2007-08-31 17:37 - 00106496 ____N () C:\Acer\Empowering Technology\eAudio\eAudioUI.dll 2011-05-21 15:28 - 2007-03-22 11:51 - 00003584 ____N () C:\Acer\Empowering Technology\eAudio\de\eAudioUI.resources.dll 2007-12-26 07:46 - 2007-04-11 17:42 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll 2007-12-26 07:46 - 2007-04-11 16:07 - 00077824 _____ () C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll 2007-12-26 07:48 - 2007-10-01 18:01 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll 2007-12-26 07:48 - 2007-10-01 18:01 - 00106496 _____ () C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll 2007-12-26 07:41 - 2007-12-10 11:23 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll 2007-12-26 07:41 - 2007-12-10 11:22 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll 2007-12-26 07:41 - 2007-12-10 11:22 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll 2007-12-26 07:41 - 2007-12-10 11:22 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll 2007-12-26 07:47 - 2007-08-28 15:21 - 00249856 _____ () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll 2007-12-26 07:41 - 2007-12-10 11:23 - 00003584 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll 2007-12-26 07:41 - 2007-12-10 11:22 - 00010752 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll 2011-05-21 18:00 - 2011-05-21 18:00 - 01251720 _____ () C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 2011-05-21 18:00 - 2011-05-21 18:00 - 00362376 _____ () C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Control Panel\Desktop\\Wallpaper -> D:\Eigene Dateien\Bilder\Kunst\Zeichnung\weißer Hintergrund-40-Prozent.jpg HKU\S-1-5-21-3128768096-592464525-3037917805-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> D:\Eigene Dateien\Bilder\Kunst\Zeichnung\weißer Hintergrund-40-Prozent.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [{D5502EE8-28FF-44C6-8C25-B32C755E8A23}] => (Allow) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe FirewallRules: [{1109A187-1A2D-40E6-9544-FACFCEDB241E}] => (Allow) C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe FirewallRules: [{3FF3ED83-3584-470C-A079-BF1918320F97}] => (Allow) C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe FirewallRules: [{39508C32-D4AA-48CA-8EC3-0399BB5612A6}] => (Allow) C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe FirewallRules: [{B3C7FE4B-D00B-4363-AD53-26106AF18422}] => (Allow) C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe FirewallRules: [{DB914D97-A9BB-404C-BE6F-9DCEC6D80B20}] => (Allow) C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe FirewallRules: [{91C9CE29-E1C6-4853-8242-8A51091186AD}] => (Allow) C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe FirewallRules: [{1C8BE10A-956D-4D85-B214-AEC14868C449}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{839CE49B-5F82-4200-A720-799D28DBFB9A}] => (Allow) LPort=80 FirewallRules: [{029637F0-34D4-4D38-AD9A-8EE86436AFFA}] => (Allow) LPort=80 FirewallRules: [{ADBA2C91-377D-40CB-A05E-91EE025D7A9B}] => (Allow) LPort=80 FirewallRules: [{4C520401-8141-4BCF-8DB2-0D350B4DD791}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FFB284BB-D529-4020-9762-3A658B182DA0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DD3A48B9-F59E-4F31-A1D3-F91F17E106D8}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{449FE487-33E5-4ABF-9DF2-D7E8C2CC84BA}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_656 FirewallRules: [{71E8CD53-C672-426D-B920-A8B1329C8FE0}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_600 FirewallRules: [{2BEC8E50-0712-488A-AB87-7F204FD0D359}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_625 FirewallRules: [{E8B0636D-AD65-4B39-A4D3-A7223EB11FD8}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_634 FirewallRules: [{1F7F0461-9FD1-4DBF-93A7-F466C1B66CB2}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_613 FirewallRules: [{528AA44C-FFE7-4461-82C7-845553C56A4C}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_358.decrpt FirewallRules: [{B625AD4E-B02D-427C-80E2-02EB27290730}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_514 FirewallRules: [{D5DE54C7-61B2-4942-B305-EB355998DBFE}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_518 FirewallRules: [{F77AB3D8-F88A-42C2-9A2F-64F19128FEF7}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_519 FirewallRules: [{D2B99ECC-0944-4E06-98A3-FDFA238ECCF1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{FD984B85-8E9D-40A2-B624-78A00624F750}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe FirewallRules: [{01B376CC-AB8C-47E3-88D4-53C1EA394381}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe FirewallRules: [{AAF9CA03-7869-48ED-985F-1858042A2704}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe FirewallRules: [{1259261E-6972-4592-8D2E-453D8D8DF94D}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe FirewallRules: [{C3D820B2-E4D2-4D97-A34D-ADA5A5F9C64F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe FirewallRules: [{EE0B0617-DC08-4C82-A1B4-96BC1AE8F29F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe FirewallRules: [{84A13B13-FF09-4FD4-9563-EDF392030790}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe FirewallRules: [{C164BA87-F55B-4AAB-8A9E-86EF651EC5DB}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe FirewallRules: [{9CB5BC66-8F43-43D4-AC6B-0448C9ED9FA0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{260888B7-F09B-4E21-9558-0C27DABB5A74}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{80A436D6-2925-4AE4-B8DB-7FDC02BE0B55}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft-ISATAP-Adapter Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Microsoft-ISATAP-Adapter #4 Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Broadcom NetLink (TM) Gigabit Ethernet Description: Broadcom NetLink (TM) Gigabit Ethernet Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Broadcom Service: b57nd60x Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/20/2015 09:41:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (05/20/2015 09:41:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (05/20/2015 09:41:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (05/20/2015 09:41:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (05/20/2015 09:40:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (05/20/2015 09:40:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (05/20/2015 09:40:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (05/20/2015 09:40:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (05/20/2015 09:40:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (05/20/2015 09:40:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) System errors: ============= Error: (05/20/2015 09:35:55 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT-AUTORITÄT) Description: 1 Error: (05/20/2015 09:35:55 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT-AUTORITÄT) Description: 0 Error: (05/19/2015 08:08:49 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT-AUTORITÄT) Description: 1 Error: (05/19/2015 08:08:49 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT-AUTORITÄT) Description: 0 Error: (05/19/2015 00:07:00 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT-AUTORITÄT) Description: 1 Error: (05/19/2015 00:07:00 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT-AUTORITÄT) Description: 0 Error: (05/19/2015 11:45:51 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT-AUTORITÄT) Description: 1 Error: (05/19/2015 11:45:51 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT-AUTORITÄT) Description: 0 Error: (05/18/2015 10:43:22 PM) (Source: Dhcp) (EventID: 1000) (User: ) Description: Die Lease dieses Computers zu der IP-Adresse 10.136.1.186 über die Netzwerkkarte mit der Netzwerkadresse 001DE030911F ist verloren gegangen. Error: (05/18/2015 10:41:32 PM) (Source: Dhcp) (EventID: 1002) (User: ) Description: Die IP-Adresslease 192.168.2.105 für die Netzwerkkarte mit der Netzwerkadresse 001DE030911F wurde durch den DHCP-Server 10.143.181.129 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Microsoft Office Sessions: ========================= Error: (03/28/2013 01:53:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1334 seconds with 1200 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2015-05-20 09:58:29.793 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-05-20 09:58:29.560 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-05-20 09:58:29.297 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-05-20 09:58:29.072 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-05-20 09:58:28.448 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-05-20 09:58:28.224 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-05-20 09:58:27.963 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-05-20 09:58:27.720 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-05-20 09:56:04.196 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-05-20 09:56:03.972 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz Percentage of memory in use: 66% Total physical RAM: 3069.32 MB Available physical RAM: 1014.2 MB Total Pagefile: 6345.79 MB Available Pagefile: 3669.29 MB Total Virtual: 2047.88 MB Available Virtual: 1894.04 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:69.27 GB) (Free:11.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:149.05 GB) (Free:19.78 GB) NTFS Drive e: () (Fixed) (Total:69.04 GB) (Free:8.95 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 149.1 GB) (Disk ID: 664A344C) Partition 1: (Not Active) - (Size=10.7 GB) - (Type=27) Partition 2: (Active) - (Size=69.3 GB) - (Type=06) Partition 3: (Not Active) - (Size=69 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: C867E6F0) Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Also sollte ich Emsisoft lieber kaufen? |
20.05.2015, 20:32 | #17 |
/// the machine /// TB-Ausbilder | Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 Keinen Schimmer was AVG da anmeckert, aber da ist nix.
__________________Sollte? Nein, ich kann ja nicht über dein Geld bestimmen . Es ist eben unsere Empfehlung hier, aktuell gibt es ja auch nen Rabatt wegen der neuen Version wenn ich nit irre. Und Freware ist eben nit so prall
__________________ |
20.05.2015, 22:47 | #18 |
| Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 Dann hoffe ich mal, dass das von AVG ein Fehlalarm war.
__________________Ich habe jetzt Emsisoft installiert. Emsisoft meldet diese Bedrohung auch nicht. An dieser Stelle noch einmal vielen Dank für Deine Hilfe! Liebe Grüße, shorlo |
21.05.2015, 19:25 | #19 |
/// the machine /// TB-Ausbilder | Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |