Diverse Maleware-Meldungen über Avira - FlowSurf - Teil 2 Ich bin dann u.a. auf FlowSurf gestossen und habe Ihre Vorgehensweise in folgendem Posting http://www.trojaner-board.de/153197-...entfernen.html befolgt.
Die diesbzgl. Log-Files sind:
Malwarebytes Anti-Malware Code:
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/01/12 07:15:15 +0100</date>
<logfile>mbam-log-2015-01-12 (07-15-14).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.01.11.11</malware-database>
<rootkit-database>v2015.01.07.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8</osversion>
<arch>x64</arch>
<username>Administrator</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>378943</objects>
<time>1542</time>
<processes>0</processes>
<modules>0</modules>
<keys>17</keys>
<values>8</values>
<datas>4</datas>
<folders>12</folders>
<files>54</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6CA2A4DE-483E-456B-8634-6445460D7097}</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>5acdc82ee5a4191d26ed24c59f638a76</hash></key>
<key><path>HKU\S-1-5-21-3394880751-743081515-1311326184-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6CA2A4DE-483E-456B-8634-6445460D7097}</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>5acdc82ee5a4191d26ed24c59f638a76</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6CA2A4DE-483E-456B-8634-6445460D7097}</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>5acdc82ee5a4191d26ed24c59f638a76</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>4add6e88d6b381b5394cdb0f43bf23dd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>4add6e88d6b381b5394cdb0f43bf23dd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Flowsurf</path><vendor>PUP.Optional.Flowsurf.A</vendor><action>success</action><hash>33f4de183b4ed462093016eb2fd3e818</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Flwsrf</path><vendor>PUP.Optional.Flowsurf.A</vendor><action>success</action><hash>33f4de183b4ed462093016eb2fd3e818</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Flowsurf</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>bf68ea0c77127db99d770ee031d30ef2</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect</path><vendor>PUP.Optional.WPM.A</vendor><action>success</action><hash>41e656a07514ca6ce1e9d212d62eec14</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>39ee41b5d4b5aa8c6922a5fdd72c07f9</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect</path><vendor>PUP.Optional.WindowsMangerProtect.A</vendor><action>success</action><hash>dd4a8c6a5e2b211528aaf77dc83b40c0</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>delete-on-reboot</action><hash>54d3df173b4eae88c58b508f48bce719</hash></key>
<key><path>HKU\S-1-5-21-3394880751-743081515-1311326184-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI</path><vendor>PUP.Optional.FilesFrog.A</vendor><action>delete-on-reboot</action><hash>b96ea551503990a671e3ccfef113f010</hash></key>
<key><path>HKU\S-1-5-21-3394880751-743081515-1311326184-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft</path><vendor>PUP.Optional.WebSearches.A</vendor><action>success</action><hash>fd2a8472e8a1fc3aa9af61204db6c23e</hash></key>
<key><path>HKU\S-1-5-21-3394880751-743081515-1311326184-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag</path><vendor>PUP.Optional.Tuto4PC.A</vendor><action>success</action><hash>06217f77bacf54e253a609de966e659b</hash></key>
<key><path>HKU\S-1-5-21-3394880751-743081515-1311326184-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>d5522cca8702e84e9fb1fde2f410ff01</hash></key>
<key><path>HKU\S-1-5-21-3394880751-743081515-1311326184-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS</path><vendor>PUP.Optional.FastStart.A</vendor><action>success</action><hash>55d2e01603860c2ac7f89eded82b46ba</hash></key>
<value><path>HKU\S-1-5-21-3394880751-743081515-1311326184-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>InetStat</valuename><vendor>PUP.Optional.InetStat.A</vendor><action>success</action><valuedata>C:\Users\Administrator\AppData\Roaming\InetStat\inetstat.exe</valuedata><hash>ea3dfcfae9a09c9a11d84a29a2619f61</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>mbot_de_7</valuename><vendor>PUP.Optional.MBot.A</vendor><action>success</action><valuedata></valuedata><hash>fe2942b4385192a40e002d549172b54b</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>jid1-tofUlNEIFlkUIA@jetpack</valuename><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><valuedata>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack</valuedata><hash>43e44fa7e5a4241216c3594759aac13f</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>faststartff@gmail.com</valuename><vendor>PUP.Optional.FastStart.A</vendor><action>success</action><valuedata>C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oog2nyzl.default\extensions\faststartff@gmail.com</valuedata><hash>0f183cba0584082e02e2f1f2a95b659b</hash></value>
<value><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF</path><valuename>chrid</valuename><vendor>PUP.Optional.FlowSurf.A</vendor><action>delete-on-reboot</action><valuedata>oglkiljdmflopemijdadoiepkhcaodjn</valuedata><hash>54d3df173b4eae88c58b508f48bce719</hash></value>
<value><path>HKU\S-1-5-21-3394880751-743081515-1311326184-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI</path><valuename>ui_path_filesfrog</valuename><vendor>PUP.Optional.FilesFrog.A</vendor><action>delete-on-reboot</action><valuedata>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker</valuedata><hash>b96ea551503990a671e3ccfef113f010</hash></value>
<value><path>HKU\S-1-5-21-3394880751-743081515-1311326184-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF</path><valuename>chrid</valuename><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><valuedata>oglkiljdmflopemijdadoiepkhcaodjn</valuedata><hash>d5522cca8702e84e9fb1fde2f410ff01</hash></value>
<value><path>HKU\S-1-5-21-3394880751-743081515-1311326184-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS</path><valuename>appid</valuename><vendor>PUP.Optional.FastStart.A</vendor><action>success</action><valuedata>faststartff@gmail.com</valuedata><hash>55d2e01603860c2ac7f89eded82b46ba</hash></value>
<data><path>HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.DoSearch.A</vendor><action>replaced</action><valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://do-search.com/?type=sc&ts=1384408242&from=smt&uid=TOSHIBAXMQ01ABD050_Y2UAP2TCTXXY2UAP2TCT</valuedata><baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://do-search.com/?type=sc&ts=1384408242&from=smt&uid=TOSHIBAXMQ01ABD050_Y2UAP2TCTXXY2UAP2TCT</baddata><gooddata>iexplore.exe</gooddata><hash>0522678f97f295a1dac81779a95c7090</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path><valuename></valuename><vendor>PUP.Optional.DoSearch.A</vendor><action>replaced</action><valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://do-search.com/?type=sc&ts=1384408242&from=smt&uid=TOSHIBAXMQ01ABD050_Y2UAP2TCTXXY2UAP2TCT</valuedata><baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://do-search.com/?type=sc&ts=1384408242&from=smt&uid=TOSHIBAXMQ01ABD050_Y2UAP2TCTXXY2UAP2TCT</baddata><gooddata>iexplore.exe</gooddata><hash>f7306e883752d165465cd4bc768fe11f</hash></data>
<data><path>HKU\S-1-5-21-3394880751-743081515-1311326184-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Search Page</valuename><vendor>PUP.Optional.WebSearches</vendor><action>replaced</action><valuedata>hxxp://istart.webssearches.com/web/?type=ds&ts=1406174392&from=amt&uid=TOSHIBAXMQ01ABD050_Y2UAP2TCTXXY2UAP2TCT&q={searchTerms}</valuedata><baddata>hxxp://istart.webssearches.com/web/?type=ds&ts=1406174392&from=amt&uid=TOSHIBAXMQ01ABD050_Y2UAP2TCTXXY2UAP2TCT&q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>5acdd52178112313e473ed97a461b749</hash></data>
<data><path>HKU\S-1-5-21-3394880751-743081515-1311326184-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Search_URL</valuename><vendor>PUP.Optional.WebsSearches.A</vendor><action>replaced</action><valuedata>hxxp://istart.webssearches.com/web/?type=ds&ts=1406174392&from=amt&uid=TOSHIBAXMQ01ABD050_Y2UAP2TCTXXY2UAP2TCT&q={searchTerms}</valuedata><baddata>hxxp://istart.webssearches.com/web/?type=ds&ts=1406174392&from=amt&uid=TOSHIBAXMQ01ABD050_Y2UAP2TCTXXY2UAP2TCT&q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>7caba4524445ed493b23bcca8a7b32ce</hash></data>
<folder><path>C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat</path><vendor>PUP.Optional.InetStat.A</vendor><action>success</action><hash>58cf3db9abdee94dee12c925f70d3cc4</hash></folder>
<folder><path>C:\Program Files (x86)\Flowsurf</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></folder>
<folder><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></folder>
<folder><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\defaults</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></folder>
<folder><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\defaults\preferences</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></folder>
<folder><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\locale</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></folder>
<folder><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></folder>
<folder><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\addon-sdk</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></folder>
<folder><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\addon-sdk\lib</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></folder>
<folder><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\flowsurf</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></folder>
<folder><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\flowsurf\data</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></folder>
<folder><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\flowsurf\lib</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></folder>
<file><path>C:\Program Files (x86)\Flowsurf\abengine.dll</path><vendor>Trojan.Proxy</vendor><action>success</action><hash>8d9ab640e1a8c3738a204cbbaf53f907</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\uninstall.exe</path><vendor>PUP.Optional.Flowsurf.A</vendor><action>success</action><hash>33f4de183b4ed462093016eb2fd3e818</hash></file>
<file><path>C:\Windows\SysWOW64\abengine.dll</path><vendor>Trojan.Proxy</vendor><action>delete-on-reboot</action><hash>29febd39365342f406a4de29649e7d83</hash></file>
<file><path>C:\Users\CINC\AppData\Local\Temp\smt_do-search_201311131701.exe</path><vendor>PUP.Optional.SkyTech.A</vendor><action>success</action><hash>ec3b37bf9aef6dc9bfd00b6c22df49b7</hash></file>
<file><path>C:\Users\CINC\AppData\Local\Temp\UpdateCheckerSetup.exe</path><vendor>PUP.Optional.Somoto</vendor><action>success</action><hash>43e45f974d3c62d4bca35fc84cb4f60a</hash></file>
<file><path>C:\Users\CINC\AppData\Local\Temp\nsgC3DF.tmp</path><vendor>PUP.Optional.Somoto.A</vendor><action>success</action><hash>b572ef07a1e8fe389ab2ff3a976ad828</hash></file>
<file><path>C:\Users\CINC\AppData\Local\Temp\Optimizer_Pro.exe</path><vendor>PUP.Optional.1ClickDownload.A</vendor><action>success</action><hash>2afdd4225a2f171f59135bc6b947ae52</hash></file>
<file><path>C:\Users\CINC\AppData\Local\Temp\fullpackage_temp\Baofeng.exe</path><vendor>PUP.Optional.NationZoom.A</vendor><action>success</action><hash>062171850782cb6b04d20c210df3da26</hash></file>
<file><path>C:\Users\CINC\AppData\Local\Temp\fullpackage_temp\package1.zip</path><vendor>PUP.Optional.NationZoom.A</vendor><action>success</action><hash>b275bd394c3d8ea845912d00f01042be</hash></file>
<file><path>C:\Users\CINC\AppData\Local\Temp\MircosoftStudio\Baofeng.exe</path><vendor>PUP.Optional.NationZoom.A</vendor><action>success</action><hash>0720ef07c7c2290d795d66c7ba46d828</hash></file>
<file><path>C:\Users\CINC\AppData\Local\Temp\MircosoftStudio\package1.zip</path><vendor>PUP.Optional.NationZoom.A</vendor><action>success</action><hash>998ee115ee9b3ff78c4a3af31be541bf</hash></file>
<file><path>C:\Users\CINC\AppData\Local\Temp\DA84D2CA-BAB0-7891-85BD-A510969F2ED1\Latest\BExternal.dll</path><vendor>PUP.Optional.Babylon.A</vendor><action>success</action><hash>62c5fbfb167360d684ce8e95847c17e9</hash></file>
<file><path>C:\Users\CINC\AppData\Local\Temp\DA84D2CA-BAB0-7891-85BD-A510969F2ED1\Latest\CrxInstaller.dll</path><vendor>PUP.Optional.Babylon.A</vendor><action>success</action><hash>bf6848aeb0d9a195fc92e852956c956b</hash></file>
<file><path>C:\Users\CINC\AppData\Local\Temp\DA84D2CA-BAB0-7891-85BD-A510969F2ED1\Latest\Setup.exe</path><vendor>PUP.Optional.Babylon.A</vendor><action>success</action><hash>180f9b5bccbdc1755f99150c05fbcf31</hash></file>
<file><path>C:\Windows\System32\Tasks\upfs7235</path><vendor>PUP.Optional.Flowsurf.A</vendor><action>success</action><hash>b86fd3238aff33037aaee68547bc1de3</hash></file>
<file><path>C:\Users\Administrator\AppData\Roaming\InetStat\inetstat.exe</path><vendor>PUP.Optional.InetStat.A</vendor><action>success</action><hash>ea3dfcfae9a09c9a11d84a29a2619f61</hash></file>
<file><path>C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml</path><vendor>PUP.Optional.WebsSearches.A</vendor><action>success</action><hash>87a04babd0b9d660335ad3cfb74c29d7</hash></file>
<file><path>C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat\InetStat.lnk</path><vendor>PUP.Optional.InetStat.A</vendor><action>success</action><hash>58cf3db9abdee94dee12c925f70d3cc4</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\abengine.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\abengine.tlb</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\abengine64.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\abenginecert.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\atl110.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\freebl3.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\ijs.exe</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\install.ico</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\lengine.exe</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\lengine.ini</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\lengine64.exe</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\libnspr4.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\libplc4.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\libplds4.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\list.txt</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\msvcr110.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\nss3.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\nssckbi.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\nssdbm3.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\nssutil3.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\smime3.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\softokn3.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\sqlite3.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\sqlite3.exe</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\ssl3.dll</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\term.txt</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\[SC] OpenService FEHLER 1060</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\bootstrap.js</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\harness-options.json</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\icon.png</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\icon64.png</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\install.rdf</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\locales.json</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\defaults\preferences\prefs.js</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\flowsurf\lib\main.js</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>55d2579f2663a29411c93a28cd36ae52</hash></file>
<file><path>C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oog2nyzl.default\prefs.js</path><vendor>PUP.Optional.QuickStart.A</vendor><action>replaced</action><baddata>user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");</baddata><gooddata></gooddata><hash>d3549e58810843f331527a4f1bea10f0</hash></file>
</items>
</mbam-log>
AdwCleaner Code:
# AdwCleaner v4.107 - Bericht erstellt am 12/01/2015 um 08:47:53
# Aktualisiert 07/01/2015 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Administrator - RALF
# Gestartet von : C:\Downloads\Security\T-B\02 AdwCleaner (Desktop)\AdwCleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Tobit
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Tobit
Ordner Gelöscht : C:\Users\CINC\AppData\Roaming\Tobit
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\CINC\AppData\Roaming\regsvr32.exe_log.txt
Datei Gelöscht : C:\Users\CINC\Desktop\FlvPlayer.lnk
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oog2nyzl.default\foxydeal.sqlite
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\inetstat.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKCU\Software\Fabulous
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.17183
-\\ Mozilla Firefox v34.0.5 (x86 de)
[oog2nyzl.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[oog2nyzl.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[oog2nyzl.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
*************************
AdwCleaner[R0].txt - [2385 octets] - [12/01/2015 08:45:06]
AdwCleaner[S0].txt - [2457 octets] - [12/01/2015 08:47:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2517 octets] ##########
Junkware Removal Tool Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8 x64
Ran by Administrator on 12.01.2015 at 8:56:57,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\oog2nyzl.default\minidumps [14 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.01.2015 at 8:58:59,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Shortcut Cleaner Code:
Shortcut Cleaner 1.3.4 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 8
Program started at: 01/12/2015 09:48:31 AM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\Administrator\Desktop
0 bad shortcuts found.
Program finished at: 01/12/2015 09:48:31 AM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
ESET Online Scanner Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e0b325a307295f44a7c7ccf42e6ce188
# engine=21920
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-12 03:01:48
# local_time=2015-01-12 04:01:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 18494 12983505 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3917003 12482286 0 0
# scanned=474378
# found=21
# cleaned=0
# scan_time=11698
sh=D8A2FE99C49ED9A3D7F908112D35B2DA101E48F4 ft=1 fh=ad0a5838d0edefbc vn="Variante von Win32/RiskWare.Astori.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Roaming\InetStat\isup.exe.vir"
sh=A486D992F0B39A61F283907D9261C2E9F1D8E937 ft=1 fh=bc983b4b2441a35c vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Downloads\Firefox\32bit_Advanced_v432.exe"
sh=988BF06B72A1BA0A59703F48F381A37A8AF11509 ft=1 fh=f6f8f42979522fe2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Downloads\Firefox\D Fend Reloaded - CHIP-Installer.exe"
sh=5543317AB6CC3C84B018F7262CD7F6048CA22C4B ft=1 fh=1b57474b1411cddc vn="Win32/InstallMonetizer.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Downloads\Firefox\MyPhoneExplorer_Setup_1.8.4.exe"
sh=93D2CA371B0D57A76B42A50DD07B0494C8197DE4 ft=1 fh=bd18101941c4e6ba vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Downloads\Firefox\UFO The Two Sides - CHIP-Installer.exe"
sh=2A193E3EA2073DEFB12E95A59407EC47F836092F ft=1 fh=4b8eb57437371966 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Downloads\Firefox\VLC media player 64 Bit - CHIP-Installer.exe"
sh=5CBCE87AD0F5B3F17303D7D253900D2D789F1523 ft=1 fh=f1375e255457e4e7 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\CINC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q9D09JZR\bi_downloader[1].exe"
sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\CINC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q9D09JZR\DeltaTB_20130715[1].exe"
sh=4D9823746FE4C94494AB96E93094377440D7FC73 ft=1 fh=eeed0289ec97c329 vn="Win32/Packed.ScrambleWrapper.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\CINC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q9D09JZR\SolidSavingsINT_20130712[1].exe"
sh=6D8DEB6A0C5052D5C2DE108B4DD18103F8561432 ft=1 fh=d429baf8742ea515 vn="Win32/Somoto.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\CINC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0NWGBVG\BiTool[1].dll"
sh=A41A57725B660171D4E574D193F84250FB4576DB ft=1 fh=ba6f97be13e3edf4 vn="Variante von Win32/SpeedingUpMyPC.B Anwendung" ac=I fn="C:\Users\CINC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0NWGBVG\OptimizerPro[1].exe"
sh=8567BAA20C5651B9D49CEB905F6A9F8A1B5516FF ft=1 fh=e5e92cb2b7b517be vn="Variante von MSIL/Adware.iBryte.D Anwendung" ac=I fn="C:\Users\CINC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XIDCUHE0\installer[1].exe"
sh=3603373DAA2B56E844794BA4879DFA44DDD96B47 ft=1 fh=de637c547ddbccf1 vn="Win32/InstallMonetizer.AG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\CINC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XIDCUHE0\MyPhoneExplorer_v2_5185[1].exe"
sh=6D8DEB6A0C5052D5C2DE108B4DD18103F8561432 ft=1 fh=d429baf8742ea515 vn="Win32/Somoto.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\CINC\AppData\Local\Temp\bitool.dll"
sh=D66F70DBE7C67F94F09515C1BD973B750A80AE49 ft=1 fh=b4b002d78e572ab2 vn="Variante von Win32/LiveSupport.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\CINC\AppData\Local\Temp\LiveSupport_setup.exe"
sh=C608142C6BBE1DE4E68B2BFD0F86BCCA8A373785 ft=1 fh=604b13fbf7d1e816 vn="Win32/AdWare.SpeedingUpMyPC.E Anwendung" ac=I fn="C:\Users\CINC\AppData\Local\Temp\OptimizerPro.exe"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\CINC\AppData\Local\Temp\DA84D2CA-BAB0-7891-85BD-A510969F2ED1\Latest\BabMaint.exe"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\CINC\AppData\Local\Temp\DA84D2CA-BAB0-7891-85BD-A510969F2ED1\Latest\IEHelper.dll"
sh=C08C6D9927D68BFAC53C31593936A81FAC1B83AF ft=1 fh=dd8ead27b318581e vn="Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\CINC\AppData\Local\Temp\is-370H9.tmp\OptProCrash.dll"
sh=03122518CF789F63ACE5E6CC18D09BD6E3D34A04 ft=1 fh=3537c5d07cea3b07 vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\CINC\AppData\Local\Temp\is-NJUA9.tmp\OptProCrash.dll"
sh=A3534356BA388AEC0F9C15EC0236D36E950833EF ft=1 fh=621402ad54c98504 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\CINC\AppData\Local\Temp\{81B6DAAD-B885-40BD-A35B-D71FB4D0B68D}\setup.exe"
Dann habe ich die von Ihnen empfohlene Vorgehensweise, die das Zusammenstellen von Informationen anbelangt unter http://www.trojaner-board.de/69886-a...-beachten.html befolgt:
Defogger Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:31 on 13/01/2015 (Administrator)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Systemscan mit FRST
FRST Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Administrator (administrator) on RALF on 13-01-2015 21:32:54
Running from C:\Downloads\Security\T-B\001 vor Posting zu tun\02 Farbars Recovery Scan Tool
Loaded Profiles: CINC & Administrator (Available profiles: CINC & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Downloads\RadioRecorder\Tobit Radio.fx\Server\rfx-server.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-10-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-11-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-11-05] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-10-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-10-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3394880751-743081515-1311326184-1001\...\Run: [BrowserChoice] => C:\Windows\BrowserChoice\browserchoice.exe [86696 2012-08-15] (Microsoft Corporation)
HKU\S-1-5-21-3394880751-743081515-1311326184-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-3394880751-743081515-1311326184-1001\...\Run: [RGSC] => C:\Program Files (x86)\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3394880751-743081515-1311326184-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3394880751-743081515-1311326184-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1384408242&from=smt&uid=TOSHIBAXMQ01ABD050_Y2UAP2TCTXXY2UAP2TCT&q={searchTerms}
HKU\S-1-5-21-3394880751-743081515-1311326184-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3394880751-743081515-1311326184-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-3394880751-743081515-1311326184-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-3394880751-743081515-1311326184-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384408242&from=smt&uid=TOSHIBAXMQ01ABD050_Y2UAP2TCTXXY2UAP2TCT&q={searchTerms}
HKU\S-1-5-21-3394880751-743081515-1311326184-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3394880751-743081515-1311326184-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3394880751-743081515-1311326184-500\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3394880751-743081515-1311326184-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3394880751-743081515-1311326184-1001 -> {6EF4F915-03A1-44BD-AFBF-537D4F21D2A9} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3394880751-743081515-1311326184-500 -> {42E21E09-8ECD-4254-B521-E0938C2A1397} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q113&_nkw={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oog2nyzl.default
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oog2nyzl.default\Extensions\abs@avira.com [2014-12-12]
FF Extension: DownloadHelper - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oog2nyzl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-20] () [File not signed]
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-01-13] (IObit)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-10-17] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 Radio.fx; c:\Downloads\RadioRecorder\Tobit Radio.fx\Server\rfx-server.exe [3673944 2011-11-18] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1265824 2012-10-23] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-10-22] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-11-05] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 s0016bus; C:\Windows\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\system32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\system32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\system32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\system32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\system32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\drivers\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-23] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-13 21:32 - 2015-01-13 21:32 - 00000000 ____D () C:\FRST
2015-01-13 21:30 - 2015-01-13 21:30 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2015-01-12 10:20 - 2015-01-12 10:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Tobit
2015-01-12 09:51 - 2015-01-12 09:51 - 00001546 _____ () C:\Users\Administrator\Desktop\esetsmartinstaller_deu - Verknüpfung.lnk
2015-01-12 09:48 - 2015-01-12 09:48 - 00001790 _____ () C:\sc-cleaner.txt
2015-01-12 09:48 - 2015-01-12 09:48 - 00001411 _____ () C:\Users\Administrator\Desktop\sc-cleaner - Verknüpfung.lnk
2015-01-12 08:58 - 2015-01-12 08:58 - 00000817 _____ () C:\Users\Administrator\Desktop\JRT.txt
2015-01-12 08:56 - 2015-01-12 08:56 - 00000000 ____D () C:\Windows\ERUNT
2015-01-12 08:55 - 2015-01-12 08:55 - 00001477 _____ () C:\Users\Administrator\Desktop\JRT - Verknüpfung.lnk
2015-01-12 08:44 - 2015-01-12 08:47 - 00000000 ____D () C:\AdwCleaner
2015-01-12 08:44 - 2015-01-12 08:44 - 00001501 _____ () C:\Users\Administrator\Desktop\AdwCleaner_4.107 - Verknüpfung.lnk
2015-01-12 08:39 - 2015-01-12 08:39 - 00000463 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2015-01-12 07:08 - 2015-01-12 08:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-12 07:07 - 2015-01-12 07:07 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-12 07:07 - 2015-01-12 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-12 07:07 - 2015-01-12 07:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-12 07:07 - 2015-01-12 07:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-12 07:07 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-12 07:07 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-12 07:07 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-11 05:08 - 2015-01-11 05:08 - 00001138 _____ () C:\Users\Public\Desktop\Elite Dangerous Launcher.lnk
2015-01-11 05:08 - 2015-01-11 05:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frontier
2014-12-24 07:40 - 2014-12-24 07:40 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-12-24 07:40 - 2014-12-24 07:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-12-24 07:39 - 2014-12-24 07:39 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-24 07:38 - 2014-12-24 07:38 - 00000000 ____D () C:\Program Files\AMD
2014-12-24 07:35 - 2014-12-24 07:35 - 00000000 ____D () C:\AMD
2014-12-23 06:23 - 2014-12-23 06:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Frontier Developments
2014-12-23 06:23 - 2014-12-23 06:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Frontier Developments
2014-12-22 06:35 - 2014-12-22 06:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Frontier_Developments
2014-12-22 06:30 - 2014-12-22 06:30 - 00000000 ____D () C:\Program Files (x86)\Frontier
2014-12-19 07:27 - 2014-11-26 22:11 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-19 07:27 - 2014-11-26 22:11 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-19 05:54 - 2014-11-21 09:38 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-19 05:54 - 2014-11-21 09:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-19 05:54 - 2014-11-21 09:37 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-19 05:54 - 2014-11-21 09:37 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-12-19 05:54 - 2014-11-21 09:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-19 05:54 - 2014-11-21 09:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-19 05:54 - 2014-11-21 09:35 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-19 05:54 - 2014-11-21 08:17 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-19 05:54 - 2014-11-21 08:17 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-19 05:54 - 2014-11-21 08:17 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-19 05:54 - 2014-11-21 08:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-19 05:54 - 2014-11-21 08:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-19 05:54 - 2014-11-21 08:17 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-12-19 05:54 - 2014-11-21 08:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-19 05:54 - 2014-11-21 08:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-19 05:54 - 2014-11-21 08:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-19 05:54 - 2014-11-21 08:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-19 05:54 - 2014-11-21 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-19 05:54 - 2014-11-21 08:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-19 05:54 - 2014-11-21 08:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-19 05:54 - 2014-11-21 08:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-19 05:54 - 2014-11-21 08:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-19 05:54 - 2014-11-21 08:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-19 05:54 - 2014-11-21 08:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-19 05:54 - 2014-11-21 08:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-19 05:54 - 2014-11-21 08:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-19 05:54 - 2014-11-21 08:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-19 05:54 - 2014-11-21 07:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-19 05:54 - 2014-11-21 05:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-12-19 05:53 - 2014-11-15 07:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-19 05:53 - 2014-11-15 06:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-19 05:53 - 2014-11-15 06:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-19 05:53 - 2014-11-15 06:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-12-19 05:53 - 2014-11-15 06:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-12-19 05:53 - 2014-11-15 06:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-12-19 05:53 - 2014-11-15 06:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-12-19 05:53 - 2014-11-15 06:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-12-19 05:53 - 2014-11-15 06:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-12-19 05:53 - 2014-11-15 04:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-12-19 05:53 - 2014-11-15 04:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-12-19 05:53 - 2014-11-15 04:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-12-19 05:53 - 2014-11-15 04:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-12-19 05:53 - 2014-11-05 07:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-12-19 05:53 - 2014-11-05 07:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-12-19 05:53 - 2014-11-01 08:33 - 06973760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-12-19 05:53 - 2014-11-01 07:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2014-12-19 05:53 - 2014-10-29 15:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2014-12-19 05:53 - 2014-10-27 23:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2014-12-19 05:52 - 2014-12-09 08:12 - 00590816 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-12-19 05:52 - 2014-12-09 08:12 - 00467408 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-12-19 05:52 - 2014-11-06 07:50 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-19 05:52 - 2014-11-06 06:03 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-19 05:52 - 2014-10-30 08:20 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-19 05:52 - 2014-10-30 06:22 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-13 21:30 - 2013-12-09 10:12 - 00000000 ____D () C:\Users\Administrator
2015-01-13 21:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-01-13 21:00 - 2012-07-26 06:26 - 00000172 _____ () C:\Windows\win.ini
2015-01-13 20:42 - 2014-09-17 20:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2015-01-13 20:31 - 2013-02-21 03:35 - 01369354 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 20:13 - 2013-12-09 15:40 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3394880751-743081515-1311326184-500
2015-01-12 22:38 - 2014-10-22 23:07 - 00030586 _____ () C:\Windows\PFRO.log
2015-01-12 22:38 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 22:17 - 2014-01-13 20:15 - 00000304 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2015-01-12 08:47 - 2013-12-09 10:13 - 00001011 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-12 08:07 - 2013-12-16 22:11 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2015-01-12 08:03 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\DesktopTileResources
2015-01-11 05:29 - 2013-07-09 05:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-11 01:56 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-10 08:33 - 2014-01-13 20:15 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-01 07:50 - 2014-07-18 19:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\MyPhoneExplorer
2014-12-28 06:24 - 2013-12-27 07:59 - 00000000 ____D () C:\Users\Administrator\dwhelper
2014-12-28 06:23 - 2014-05-04 00:33 - 00000000 ____D () C:\AT 02
2014-12-24 07:39 - 2013-02-21 03:30 - 00000000 ____D () C:\ProgramData\AMD
2014-12-24 07:38 - 2014-09-05 05:05 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-22 06:39 - 2014-11-16 00:05 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-22 06:39 - 2014-09-05 05:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-22 06:39 - 2014-09-05 05:05 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-19 10:51 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-12-19 06:09 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-19 06:06 - 2013-08-21 22:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-19 05:58 - 2013-06-06 05:21 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-17 12:30 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-12-15 19:40 - 2014-04-24 21:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
C:\Users\CINC\AppData\Local\Temp\app.exe
C:\Users\CINC\AppData\Local\Temp\bitool.dll
C:\Users\CINC\AppData\Local\Temp\bi_cleaner.exe
C:\Users\CINC\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\CINC\AppData\Local\Temp\drm_dyndata_7390004.dll
C:\Users\CINC\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\CINC\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\CINC\AppData\Local\Temp\OptimizerPro.exe
C:\Users\CINC\AppData\Local\Temp\uninst1.exe
C:\Users\CINC\AppData\Local\Temp\vlc-2.0.8-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 05:52
==================== End Of Log ============================
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Administrator at 2015-01-13 21:33:58
Running from C:\Downloads\Security\T-B\001 vor Posting zu tun\02 Farbars Recovery Scan Tool
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ACID Music Studio 9.0 (HKLM-x32\...\{7943168F-18A0-11E2-9C81-F04DA23A5C58}) (Version: 9.0.35 - Sony)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version: - Ubisoft Montreal)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Build-a-lot: On Vacation (x32 Version: 2.2.0.110 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Classic Shell (HKLM\...\{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}) (Version: 3.6.7 - IvoSoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Crysis Warhead (HKLM-x32\...\Steam App 17330) (Version: - Crytek)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5728.52 - CyberLink Corp.)
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version: - Eidos Montreal)
D-Fend Reloaded 1.4.1 (deinstallieren) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.1 - Alexander Herzog)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DVD Architect Studio 5.0 (HKLM-x32\...\{4347F591-C451-11E1-BA36-F04DA23A5C58}) (Version: 5.0.161 - Sony)
Elite Dangerous Launcher version 0.4.1844.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.1844.0 - Frontier Developments)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version: - Ubisoft Montreal)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Heroes of Hellas 3: Athens (x32 Version: 3.0.2.32 - WildTangent) Hidden
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41505) (Version: 3.8.0.41505.25 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.1.7.2405 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jagged Alliance - Back in Action (HKLM-x32\...\Steam App 57740) (Version: - Coreplay GmbH)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{BFB6D89E-0BDF-11E2-A35E-F04DA23A5C58}) (Version: 12.0.530 - Sony)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.8 (x86 de)) (Version: 17.0.8 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PeaceMaker 1.1.1 (HKLM-x32\...\PeaceMaker 1.1.1) (Version: - ImpactGames, LLC)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version: - id Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Silent Hunter III (HKLM-x32\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.00.0000 - Ubisoft)
Silent Hunter III (x32 Version: 1.00.0000 - Ubisoft) Hidden
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{7A9D3D30-BEEC-11E1-91CF-F04DA23A5C58}) (Version: 10.0.178 - Sony)
SpaceEngine Version 0.9.7.1 (HKLM-x32\...\{53E413B3-2417-4BD1-984D-8C92C81C231F}_is1) (Version: 0.9.7.1 - SpaceEngine)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version: - Yager)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.12.4 (HKLM-x32\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.2 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.1.0.11020 - Sony Corporation)
VAIO Care (HKLM\...\{EC635BC0-0D7C-4CA2-9B87-2A330C298CB2}) (Version: 8.1.0.10120 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.1.0.10300 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.3.0.09290 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.0.08140 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.1.0.10240 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.1.10170 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.0.00.10170 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.0.2.10230 - Sony Corporation)
VAIO CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO-Hardwarediagnose-Plugin für VAIO Care (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.7.0.11070 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WDR RadioRecorder (HKLM-x32\...\Tobit Radio.fx Server 1) (Version: - Tobit.Software)
WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WinUAE (HKLM-x32\...\{A93442DE-6AA1-4C2B-9BCC-0AA461A93350}) (Version: 2.8.1.0 - Arabuusimiehet)
XCom Long War Mod version 2.12 (HKLM-x32\...\{9F2A2F03-5F43-4BD1-860E-F61284EE7AC5}_is1) (Version: 2.12 - JohnnyLump)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
12-01-2015 05:59:46 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 06:26 - 2014-02-12 18:59 - 00000920 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 prod.xcom.firaxis.com
127.0.0.1 prod.xcom-ew.firaxis.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03AC4671-5DD9-47DA-9F1D-C724E1047A13} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2012-10-31] (Sony Corporation)
Task: {1CCB9AA0-2B69-4ABF-B1E6-E2931832BDA3} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {3E591A77-E1F3-4548-B264-ADA8DF066A76} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {4C618C49-B48B-4623-8EF8-4EDE5E68C476} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {562E8010-14D1-46ED-9287-533DC2385537} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2012-11-01] (Sony Corporation)
Task: {5BADDDA3-713F-49DE-B549-107838C47DB3} - \upfs7235 No Task File <==== ATTENTION
Task: {643281B4-2AE7-4029-897C-01B43AD670B8} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {66DA3013-B927-4691-AB21-CCFBEB2DBF9A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {6E460240-F5FB-4D35-9119-96B460418498} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation)
Task: {7B42D922-09D9-4795-A7D7-A77822D14037} - System32\Tasks\Sony Corporation\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-11-08] (Sony Corporation)
Task: {85C81B8E-99E7-490B-AC6D-A732A321EFF9} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {871F02CC-5D41-496F-9A13-E0EBB217EE2E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {8E3B3EDD-840C-4006-A4D6-A09E8DB8A626} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2012-10-31] (Sony Corporation)
Task: {8FA64066-72B2-439C-A342-0A66D8491813} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation)
Task: {9191B39B-B4AD-4D86-B419-CBA4D28256E6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {955EAB01-029D-4B0B-8196-2082D05F42FC} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {A99AC5AC-5B12-4FC2-A063-26F0C4CA14A4} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-23] (Sony Corporation)
Task: {AC94E708-E1AD-4166-A2A0-28D0B1AB322D} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation)
Task: {B50003B6-293C-4A5F-9E58-F3B3F852CE03} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {C882C882-59D5-4B8E-83A5-95E13E9070AC} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {CD3D944B-5E53-4219-A69D-7F90BD35A1A1} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {DCC096BF-9E2B-436C-9764-A37E477436CD} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-01-13] (IObit)
Task: {DDBB8D55-E9B5-40FA-B74D-66265DD7535B} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {DF6AC01A-DD7F-4CDD-9381-8D629B98F6D2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-19] (Microsoft Corporation)
Task: {E9FEDD00-A2BC-4788-AD34-A7107C6F15DB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Loaded Modules (whitelisted) =============
2013-09-11 00:12 - 2011-11-18 13:51 - 03673944 _____ () c:\Downloads\RadioRecorder\Tobit Radio.fx\Server\rfx-server.exe
2012-08-06 13:27 - 2012-08-06 13:27 - 00156672 _____ () C:\Program Files\Sony\VAIO Care\VCPerfService.exe
2012-08-06 13:27 - 2012-08-06 13:27 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-07-26 20:45 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-26 20:45 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-26 20:45 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-26 20:45 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-26 20:45 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-02-21 03:31 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-11 06:34 - 2014-12-11 06:35 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "ISBMgr.exe"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3394880751-743081515-1311326184-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-3394880751-743081515-1311326184-1001\...\StartupApproved\Run: => "BrowserChoice"
HKU\S-1-5-21-3394880751-743081515-1311326184-1001\...\StartupApproved\Run: => "BrowserSafeguard"
HKU\S-1-5-21-3394880751-743081515-1311326184-500\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-3394880751-743081515-1311326184-500\...\StartupApproved\Run: => "InetStat"
========================= Accounts: ==========================
Administrator (S-1-5-21-3394880751-743081515-1311326184-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-3394880751-743081515-1311326184-1004 - Limited - Enabled)
CINC (S-1-5-21-3394880751-743081515-1311326184-1001 - Administrator - Enabled) => C:\Users\CINC
Gast (S-1-5-21-3394880751-743081515-1311326184-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3394880751-743081515-1311326184-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Qualcomm Atheros AR3012 Bluetooth(R) Adapter
Description: Qualcomm Atheros AR3012 Bluetooth(R) Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/13/2015 05:56:37 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/12/2015 10:39:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (01/12/2015 10:11:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (01/12/2015 00:45:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (01/12/2015 00:43:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (01/12/2015 00:42:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (01/12/2015 09:54:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (01/12/2015 09:54:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (01/12/2015 09:51:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error: (01/12/2015 09:51:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
System errors:
=============
Error: (01/12/2015 10:39:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/12/2015 00:43:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/12/2015 00:42:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 12.01.2015 um 12:09:14 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (01/13/2015 05:56:37 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/12/2015 10:39:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Downloads\Security\T-B\05 Eset Online Scanner\esetsmartinstaller_deu.exe
Error: (01/12/2015 10:11:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (01/12/2015 00:45:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Downloads\Security\T-B\05 Eset Online Scanner\esetsmartinstaller_deu.exe
Error: (01/12/2015 00:43:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Downloads\Security\T-B\05 Eset Online Scanner\esetsmartinstaller_deu.exe
Error: (01/12/2015 00:42:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Downloads\Security\T-B\05 Eset Online Scanner\esetsmartinstaller_deu.exe
Error: (01/12/2015 09:54:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Downloads\Security\T-B\05 Eset Online Scanner\esetsmartinstaller_deu.exe
Error: (01/12/2015 09:54:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Downloads\Security\T-B\05 Eset Online Scanner\esetsmartinstaller_deu.exe
Error: (01/12/2015 09:51:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Downloads\Security\T-B\05 Eset Online Scanner\esetsmartinstaller_deu.exe
Error: (01/12/2015 09:51:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Downloads\Security\T-B\05 Eset Online Scanner\esetsmartinstaller_deu.exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 4043.27 MB
Available physical RAM: 2553.86 MB
Total Pagefile: 5067.27 MB
Available Pagefile: 3008.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:429.05 GB) (Free:1.45 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:1862.92 GB) (Free:702.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B62B837B)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: E4943E2C)
Partition 1: (Active) - (Size=1862.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Scan mit GMER Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-13 21:52:08
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003d TOSHIBA_MQ01ABD050 rev.AX0A3H 465,76GB
Running: v5h1idpg.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxlorpob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000211900 7 bytes [00, AF, 7F, 01, 00, 00, F2]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000211908 7 bytes [01, 10, C0, FF, 00, D2, DA]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\atiesrxx.exe[976] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9a7a0177a 4 bytes [A0, A7, F9, 07]
.text C:\Windows\system32\atiesrxx.exe[976] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9a7a01782 4 bytes [A0, A7, F9, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3844] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9a0b91532 4 bytes [B9, A0, F9, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3844] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9a0b9153a 4 bytes [B9, A0, F9, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3844] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9a0b9165a 4 bytes [B9, A0, F9, 07]
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[2684] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9a7a0177a 4 bytes [A0, A7, F9, 07]
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[2684] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9a7a01782 4 bytes [A0, A7, F9, 07]
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3784] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9a0b91532 4 bytes [B9, A0, F9, 07]
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3784] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9a0b9153a 4 bytes [B9, A0, F9, 07]
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3784] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9a0b9165a 4 bytes [B9, A0, F9, 07]
.text C:\Windows\system32\atieclxx.exe[5664] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9a7a0177a 4 bytes [A0, A7, F9, 07]
.text C:\Windows\system32\atieclxx.exe[5664] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9a7a01782 4 bytes [A0, A7, F9, 07]
.text C:\Windows\system32\atieclxx.exe[5664] C:\Windows\system32\WSOCK32.dll!recvfrom + 742 000007f9a24d1b32 4 bytes [4D, A2, F9, 07]
.text C:\Windows\system32\atieclxx.exe[5664] C:\Windows\system32\WSOCK32.dll!recvfrom + 750 000007f9a24d1b3a 4 bytes [4D, A2, F9, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5900] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9a0b91532 4 bytes [B9, A0, F9, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5900] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9a0b9153a 4 bytes [B9, A0, F9, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5900] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9a0b9165a 4 bytes [B9, A0, F9, 07]
.text C:\Windows\Explorer.EXE[2152] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9a0b91532 4 bytes [B9, A0, F9, 07]
.text C:\Windows\Explorer.EXE[2152] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9a0b9153a 4 bytes [B9, A0, F9, 07]
.text C:\Windows\Explorer.EXE[2152] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9a0b9165a 4 bytes [B9, A0, F9, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[36] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9a0b91532 4 bytes [B9, A0, F9, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[36] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9a0b9153a 4 bytes [B9, A0, F9, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[36] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9a0b9165a 4 bytes [B9, A0, F9, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\SYSTEM32\ntdll.dll [1692:1056] 0000000000a62cae
Thread C:\Windows\SYSTEM32\ntdll.dll [1692:3508] 0000000074b8304c
Thread C:\Windows\system32\csrss.exe [1404:1368] fffff960008f95e8
Thread C:\Windows\SYSTEM32\ntdll.dll [4864:1216] 000000000118f5bd
Thread C:\Windows\SYSTEM32\ntdll.dll [4864:2980] 000000006938ec50
Thread C:\Windows\SYSTEM32\ntdll.dll [4864:4244] 000000006938dc50
Thread C:\Windows\SYSTEM32\ntdll.dll [4864:4700] 000000006938e680
Thread C:\Windows\SYSTEM32\ntdll.dll [4864:2320] 00000000732997fe
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Über Ihre Hilfe würde ich mich freuen,
mit freundlichem Gruß
Ralf |