Color Media, cmwf.sys, cmwr.sys und weitere Malware die nicht Entfernt werden konnte Hallo Zusammen,
habe hier ein Notebook eines Bekannten, welches total mit Malware zugemüllt war. Dank ADWCleaner und Malwarebytes konnte ich wie gewohnt das Gro davon bereits entfernen (leider keine Log mehr vorhanden), was mir mit der im Titel genannten Malware nicht gelingen will.
Entschuldigt bitte, falls ich hier etwas falsch mache. Ich bin neu im Forum, versuche aber alles nach den Anleitungen (Log posten etc.) zu machen.
Hier die Logfiles:
Defogger hat KEINE Fehlermeldung angezeigt, hier trotzdem die Log, falls benötigt: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:03 on 14/04/2015 (Karl Rösch)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- FRST.txt: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Karl Rösch (administrator) on KARLRÖSCH-PC on 14-04-2015 19:04:22
Running from D:\02 FRST
Loaded Profiles: Karl Rösch (Available profiles: Karl Rösch)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [348672 2009-09-10] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2010-04-23] (CyberLink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1277884898-1004684798-2350901460-1000\...\MountPoints2: {f18d5027-5efd-11e1-be2e-6cf049e1216d} - D:\setup.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> {200B813D-FA11-4139-9F2B-F7A8C1F02D0D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {200B813D-FA11-4139-9F2B-F7A8C1F02D0D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-04-10] (Google Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-10] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-19] (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-12-25] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-04-10] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-10] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-19] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 16 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll File Not found ()
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll File Not found ()
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll File Not found ()
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll File Not found ()
Winsock: Catalog9-x64 16 C:\Windows\system32\ColorMedia64.dll File Not found ()
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Karl Rösch\AppData\Roaming\Mozilla\Firefox\Profiles\zd608mxw.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @ei.InternetSpeedTracker_9t.com/Plugin -> C:\Program Files (x86)\InternetSpeedTracker_9tEI\Installr\1.bin\NP9tEISB.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-25] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Karl Rösch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7574_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Karl Rösch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Karl Rösch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-01]
CHR Extension: (Google Search) - C:\Users\Karl Rösch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-01]
CHR Extension: (No Name) - C:\Users\Karl Rösch\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpllocnmehceenfbgcieemlipobmijb [2015-01-24]
CHR Extension: (Skype Extension) - C:\Users\Karl Rösch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-05-01]
CHR Extension: (Gmail) - C:\Users\Karl Rösch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-05-19]
StartMenuInternet: Google Chrome - Chrome.exe
Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.luckysearches.com/?type=sc&ts=1429006178&from=cmi&uid=WDCXWD3200BEVT-22A23T0_WD-WXA0AC99165091650
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AlwaysAware Alarm Service; C:\Program Files (x86)\Always-Aware Applications\Always-Aware Alarm\AntiTheftService.exe [45056 2010-02-25] (OEM) [File not signed]
S4 AlwaysAware HDP Service; C:\Program Files (x86)\Always-Aware Applications\Always-Aware Hard-Disk Drive\HDPService.exe [159744 2010-03-03] (OEM) [File not signed]
S2 DcsService; C:\Program Files\Configuration Center\bin\DeviceControlService.exe [1039872 2010-02-24] (Intel Corporation) [File not signed]
S4 HSETUApplicationService; C:\Program Files (x86)\HSETU\ApplicationService\ApplicationService.exe [3836992 2014-04-29] (ETU Software GmbH)
S4 moruxefo; C:\Users\Karl Rösch\AppData\Roaming\03000200-1429002843-0500-0006-000700080009\jnsb9348.tmp [189952 2015-04-14] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 ronevulo; C:\Users\Karl Rösch\AppData\Roaming\03000200-1429002843-0500-0006-000700080009\nsg4D9B.tmpfs [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 3wareDrv; C:\Windows\system32\drivers\3wareDrv.sys [102400 2009-08-31] (AMCC)
R3 acpixlr; C:\Windows\System32\DRIVERS\acpixlr.sys [34048 2009-10-09] (Intel Corporation)
S3 adp3132; C:\Windows\system32\drivers\adp3132.sys [385072 2010-01-28] (Adaptec, Inc.)
R3 BTATH_SCO; C:\Windows\System32\drivers\btath_sco.sys [37888 2009-09-11] (Atheros)
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed] <==== ATTENTION
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed] <==== ATTENTION
R0 HDPFilter; C:\Windows\System32\DRIVERS\HDPFilter.sys [17696 2009-09-02] (Intel Corporation)
R3 IPMLEBL; C:\Windows\System32\Drivers\ipmlebl.sys [24448 2009-10-21] (Intel Corporation)
S3 MegaSR1; C:\Windows\system32\drivers\MegaSR1.sys [515152 2011-05-23] (LSI Corporation, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-07-16] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)
R3 VKBD; C:\Windows\system32\drivers\virkbd.sys [25088 2009-12-10] (Intel Corporation)
S1 bfhviurx; \??\C:\Windows\system32\drivers\bfhviurx.sys [X]
S1 cwdisyin; \??\C:\Windows\system32\drivers\cwdisyin.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-14 19:03 - 2015-04-14 19:03 - 00000000 _____ () C:\Users\Karl Rösch\defogger_reenable
2015-04-14 17:54 - 2015-04-14 18:26 - 00000000 ____D () C:\Users\Karl Rösch\Desktop\WindowexeAllkiller
2015-04-14 17:37 - 2015-04-14 19:04 - 00000000 ____D () C:\FRST
2015-04-14 17:36 - 2015-04-14 17:46 - 00000000 ____D () C:\Users\Karl Rösch\Desktop\Farbar
2015-04-14 17:29 - 2015-04-14 17:28 - 02217984 _____ () C:\Users\Karl Rösch\Desktop\adwcleaner_4.201.exe
2015-04-14 13:27 - 2015-04-14 18:58 - 00000000 ____D () C:\AdwCleaner
2015-04-14 12:09 - 2015-04-14 12:10 - 00000000 ____D () C:\Users\Karl Rösch\AppData\Local\03000200-1429013374-0500-0006-000700080009
2015-04-14 12:08 - 2015-04-14 12:56 - 00000000 ____D () C:\Program Files (x86)\77eef7b7-41e8-4ba4-90b5-50cf6760082f
2015-04-14 12:08 - 2015-04-14 12:08 - 00001350 _____ () C:\Windows\Tasks\FT.job
2015-04-14 12:07 - 2015-04-14 12:07 - 00001358 _____ () C:\Windows\Tasks\WWKBNJ.job
2015-04-14 11:38 - 2015-04-14 13:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-14 11:38 - 2015-04-14 11:38 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-14 11:38 - 2015-04-14 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-14 11:38 - 2015-04-14 11:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-14 11:38 - 2015-04-14 11:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-14 11:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 11:38 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 11:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-14 11:37 - 2015-04-14 11:37 - 00000000 ____D () C:\Windows\pss
2015-04-14 11:15 - 2015-04-14 11:15 - 00004002 _____ () C:\Windows\System32\Tasks\LaunchPreSignup
2015-04-14 11:14 - 2015-04-14 12:23 - 00000000 ____D () C:\Program Files (x86)\OLBPre
2015-04-14 11:14 - 2015-04-14 11:15 - 00000000 ____D () C:\Users\Karl Rösch\AppData\Roaming\03000200-1429002843-0500-0006-000700080009
2015-03-26 21:14 - 2015-03-26 21:14 - 00005542 _____ () C:\Users\Karl Rösch\AppData\Roaming\WWKBNJ
2015-03-26 21:14 - 2015-03-26 21:14 - 00004185 _____ () C:\Users\Karl Rösch\AppData\Roaming\FT
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-14 19:03 - 2011-12-24 22:30 - 00000000 ____D () C:\Users\Karl Rösch
2015-04-14 18:41 - 2009-07-14 06:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 18:41 - 2009-07-14 06:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 18:37 - 2010-11-21 08:50 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-04-14 18:37 - 2010-11-21 08:50 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-04-14 18:37 - 2009-07-14 07:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-14 18:36 - 2011-12-24 22:30 - 01731650 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 18:33 - 2009-07-14 07:08 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-14 18:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 18:33 - 2009-07-14 06:51 - 00279096 _____ () C:\Windows\setupact.log
2015-04-14 17:46 - 2010-11-21 05:47 - 00161160 _____ () C:\Windows\PFRO.log
2015-04-14 14:32 - 2011-09-08 13:26 - 00058288 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2015-04-14 14:32 - 2011-09-08 12:11 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2015-04-14 13:48 - 2015-02-21 16:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-14 13:40 - 2015-02-21 16:34 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-14 13:40 - 2015-02-21 16:34 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-14 13:39 - 2015-02-21 16:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 13:30 - 2015-01-24 16:18 - 00001005 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-14 13:30 - 2012-06-13 19:16 - 00001012 _____ () C:\Users\Karl Rösch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-14 13:30 - 2012-04-22 15:17 - 00001289 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-14 13:30 - 2012-04-22 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-14 13:30 - 2011-12-24 22:30 - 00001169 _____ () C:\Users\Karl Rösch\Desktop\Internet Explorer.lnk
2015-04-14 13:13 - 2012-05-15 07:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-14 13:13 - 2012-05-15 07:40 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-04-14 12:56 - 2011-09-08 12:48 - 00000000 ____D () C:\Program Files (x86)\Always-Aware Applications
2015-04-14 12:25 - 2012-01-12 16:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 12:11 - 2015-02-20 16:08 - 00000718 __RSH () C:\ProgramData\ntuser.pol
2015-04-14 12:11 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-14 12:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-04-14 11:59 - 2012-01-12 16:15 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 11:38 - 2015-01-24 16:17 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-14 11:38 - 2011-12-28 17:12 - 00000000 ____D () C:\Users\Karl Rösch\AppData\Local\CrashDumps
2015-04-14 11:30 - 2012-04-22 15:15 - 00000000 ____D () C:\Users\Karl Rösch\AppData\Roaming\Skype
2015-04-14 11:29 - 2012-04-16 14:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 11:11 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
==================== Files in the root of some directories =======
2014-03-17 20:28 - 2014-03-17 20:28 - 49940480 _____ () C:\Program Files (x86)\GUTA312.tmp
2013-08-05 18:06 - 2013-08-05 18:06 - 4188160 _____ () C:\Program Files (x86)\GUTFB01.tmp
2012-05-30 17:14 - 2012-07-27 10:04 - 0000048 _____ () C:\Users\Karl Rösch\AppData\Roaming\AcroIEHelpe.txt
2015-02-21 16:21 - 2015-02-21 16:21 - 0000020 _____ () C:\Users\Karl Rösch\AppData\Roaming\appdataFr3.bin
2012-06-22 14:55 - 2012-07-27 09:15 - 0000032 _____ () C:\Users\Karl Rösch\AppData\Roaming\blckdom.res
2015-03-26 21:14 - 2015-03-26 21:14 - 0004185 _____ () C:\Users\Karl Rösch\AppData\Roaming\FT
2012-05-30 17:14 - 2012-05-30 17:14 - 0000264 _____ () C:\Users\Karl Rösch\AppData\Roaming\srvblck5.tmp
2015-03-26 21:14 - 2015-03-26 21:14 - 0005542 _____ () C:\Users\Karl Rösch\AppData\Roaming\WWKBNJ
2012-01-23 20:38 - 2012-01-23 20:43 - 0000000 _____ () C:\Users\Karl Rösch\AppData\Local\{7E0596C6-C329-48EF-BA82-584D12815961}
2015-04-14 11:20 - 2015-04-14 11:23 - 0000590 _____ () C:\ProgramData\Accelerometer.dll.config
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 14:46
==================== End Of Log ============================ FRST Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by Karl Rösch at 2015-04-14 19:06:03
Running from D:\02 FRST
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Accelerometer COM (HKLM-x32\...\{CD332E25-8E1F-45A5-B3DC-AF7CE6029EC4}) (Version: 1.6.075 - OEM Corporation)
ACPIXLR Driver (HKLM\...\{E35448DB-449C-4BC8-BAE9-3ADE2F76A100}) (Version: 1.2.013 - Intel Corp)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Always-Aware Alarm (HKLM-x32\...\{42BAEEBA-EE5E-459A-8605-C7082F8550B2}) (Version: 1.6.075 - OEM Corporation)
Always-Aware Display (HKLM-x32\...\{C3A0A941-32F2-4B39-B943-A65E4BD16BB4}) (Version: 1.6.075 - OEM Corporation)
Always-Aware Hard-Disk Drive (HKLM-x32\...\{05D23637-8131-4DB3-AA1C-786F8C43F1AE}) (Version: 1.6.076 - OEM Corporation)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 6.04.001 - Atheros Communications)
Borland Database Engine (HKLM-x32\...\{1BC99B7B-590A-4796-B6A8-D732AA1D74BB}) (Version: - )
Borland Database Engine (HKLM-x32\...\{CADE1721-0AE3-4FE9-B37F-CF98CA42A14F}) (Version: 5.1.1 - Hottgenroth Software GmbH & Co. KG)
Cinema PlusV14.04 (HKLM-x32\...\Cinema PlusV14.04) (Version: 1.36.01.22 - Cinema PlusV14.04)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Configuration Center (HKLM\...\{4DCCBC3E-3F7E-41DB-8056-1704B55FE56A}) (Version: 1.00.1130 - )
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2823 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Electric Testing Center 01.28.00 (HKLM-x32\...\{5F5D992B-7026-4602-A9B2-9123748C75B3}_is1) (Version: 01.28.00 - GMC-I Messtechnik GmbH)
EnBW Gebäude-SchnellCheck (HKLM-x32\...\{D9F1FE37-227F-48CE-B435-C262975CD4B3}) (Version: 7.1.0.313 - Hottgenroth Software GmbH & Co. KG)
EuroKAM Professional (HKLM-x32\...\{4A51E756-34C4-4BB0-9A48-1EF907000200}) (Version: 7.0.2.0 - Hottgenroth Software GmbH & Co. KG)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GMC-I Driver Control 1.13.00 (HKLM-x32\...\{248C9DB1-8517-4079-AD33-D249C80D184A}_is1) (Version: 1.13.00 - GMC-I Messtechnik GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HS Verbrauchspass (HKLM-x32\...\{164E3750-2271-4DCC-9B86-4A9CFD47A087}) (Version: 2.5.46 - Hottgenroth Software GmbH & Co. KG)
HSETU Energieberater Professional (HKLM-x32\...\{A1488CF8-65DC-4BDB-AF73-3BCAE568CBDE}) (Version: 7.5.0.417 - Hottgenroth Software GmbH & Co. KG)
HSETU Heizlast 12831/2 (HKLM-x32\...\{1A2B3C4D-ABCD-EF01-701D-6789E1701E99}) (Version: 1.0.3 - ETU Software GmbH)
HSETU U-Therm (HKLM-x32\...\{A22B6FC5-3A22-4132-BBC6-F66E23908E93}) (Version: 1.1.1 - Hottgenroth Software GmbH & Co. KG)
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kamin (HKLM-x32\...\{47FBD5F1-63FB-4AB7-B8AA-198D56EBFBC8}) (Version: 6.15.0 - Hottgenroth Software GmbH & Co.KG)
Luftverbund (HKLM-x32\...\{60311A78-6AC4-43F1-986D-84EE21261D21}) (Version: 3.30.0000 - HSETU)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
MiniTEST 2.0 (HKLM-x32\...\MiniTEST_is1) (Version: - Gossen Metrawatt)
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Opera Stable 27.0.1689.69 (HKLM-x32\...\Opera 27.0.1689.69) (Version: 27.0.1689.69 - Opera Software ASA)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6410 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
Skype Toolbars (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.7574 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
Technisches Informationssystem (HKLM-x32\...\{228CEC0D-D639-4DDD-8766-8A3F4CA88C1F}) (Version: 8.2.0.0 - Hottgenroth Software GmbH & Co. KG)
V 8.12 (HKLM-x32\...\Secutest2N_is1) (Version: - Feulner)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinProfi (HKLM-x32\...\{F3FF58A0-9DD9-11D4-BB63-00105A3701D3}) (Version: - )
WMIACPI (HKLM-x32\...\{683999F4-13B5-433F-8903-BB14A57D5DFE}) (Version: 1.0.0 - Intel)
Wöhler SM 500 (HKLM-x32\...\{1CFC6B2D-2A2A-47E4-9CD2-0B434B8DFD04}) (Version: 1.2.0000 - Wöhler Messgeräte Kehrgeräte GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
03-12-2014 08:46:39 Windows Update
08-12-2014 16:40:48 Windows Update
11-12-2014 18:38:58 Windows Update
15-12-2014 20:19:40 Windows Update
15-12-2014 21:16:23 Microsoft Antimalware Checkpoint
15-12-2014 21:27:37 Wiederherstellungsvorgang
17-12-2014 11:57:46 Kamin wird installiert
01-01-2015 18:47:43 Windows Update
02-01-2015 10:45:40 Windows Update
10-01-2015 16:59:32 Windows Update
18-01-2015 15:40:29 Windows Update
18-01-2015 16:41:40 Installed User's Guides
18-01-2015 17:03:08 Wiederherstellungsvorgang
18-01-2015 19:00:37 Windows Update
24-01-2015 15:36:08 Windows Update
24-01-2015 16:28:56 Wiederherstellungsvorgang
20-02-2015 16:10:18 Windows Update
20-02-2015 16:45:57 Microsoft Antimalware Checkpoint
14-04-2015 11:26:04 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-04-14 18:24 - 00000748 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0F5D86A4-FFAE-4BC2-9740-9084097AAB2B} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe
Task: {11714C34-1250-4E52-8254-3D2084C5C58B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-03] (Google Inc.)
Task: {145D97FA-FF92-4F69-9796-42405F538EFB} - System32\Tasks\{1D2D501E-3056-44C1-9257-8C65E0C14543} => pcalua.exe -a "C:\Users\Karl Rösch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LUQQ6BJ5\Setup.exe" -d "C:\Users\Karl Rösch\Desktop"
Task: {171F2AF9-8DB5-4D55-AA3D-41FDBF6E72F1} - System32\Tasks\{C615EB5C-D1CD-4BA5-B344-E8A25B05349D} => pcalua.exe -a "C:\Users\Karl Rösch\Downloads\Setup (1).exe" -d "C:\Users\Karl Rösch\Desktop"
Task: {1D2D9717-B5F6-4073-B65D-84B23AFA8D5A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2833B5B0-89E3-4F39-8D97-3B9314A15668} - \avayvxvaxc No Task File <==== ATTENTION
Task: {317E6156-8053-4D91-A764-C873F3F1B291} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-20] (Adobe Systems Incorporated)
Task: {3C85D21F-C581-4D6A-B20F-EF1FFEDD6738} - System32\Tasks\{ED5CD114-1D71-4539-AEFF-85A2F7C7DD33} => C:\Program Files (x86)\Gossen-Metrawatt\Electric Testing Center\ETC.exe [2011-11-07] (GMC-I Messtechnik GmbH)
Task: {4D7CB4C2-CDEE-4BBE-B201-F7A3A7959E32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-03] (Google Inc.)
Task: {54503446-120B-4D65-8FFB-614ED56ECB5C} - \avaavaevy No Task File <==== ATTENTION
Task: {727A51FB-58F2-4BE9-970C-090F4EFC6920} - \BlockAndSurf Update No Task File <==== ATTENTION
Task: {7F2AB754-05BA-4732-9A2A-7F596DD071AB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B1BF9002-6082-48D9-B835-D2C2CFCA710E} - System32\Tasks\{61DA9916-F143-4873-A57E-EB3DCDE642B9} => pcalua.exe -a "C:\Users\Karl Rösch\Downloads\Setup.exe" -d "C:\Users\Karl Rösch\Desktop"
Task: {B4007826-0693-4FC7-8005-F908824E197C} - System32\Tasks\NNYOXBV => C:\ProgramData\3a8e94626c7e455eab9ee6b45c18d0d0\3a8e94626c7e455eab9ee6b45c18d0d0.exe [2015-01-16] ()
Task: {C5903D86-CCC7-4F2A-BDBE-7D4B7E216321} - \SPBIW_UpdateTask_Time_323833333534333939352d235b783432415b45345a2d6c No Task File <==== ATTENTION
Task: {DACC55CD-C5C3-4C65-9654-7E64AA515BCD} - System32\Tasks\{93763EE4-FF03-4305-8FC4-C353DCF799D2} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {FCA37ACA-3484-489E-AC2D-EAABB753ECB4} - System32\Tasks\Opera scheduled Autoupdate 1422109106 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-10] (Opera Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FT.job => C:\Users\Karl Rýÿsch\AppData\Roaming\FT.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WWKBNJ.job => C:\Users\Karl Rýÿsch\AppData\Roaming\WWKBNJ.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2011-05-02 13:41 - 2011-05-02 13:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2009-09-10 20:47 - 2009-09-10 20:47 - 00057856 _____ () C:\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll
2009-09-10 20:48 - 2009-09-10 20:48 - 00348672 _____ () C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
2009-09-10 20:47 - 2009-09-10 20:47 - 00073216 _____ () C:\Program Files (x86)\Bluetooth Suite\Handsfree.dll
2009-09-10 20:42 - 2009-09-10 20:42 - 00080384 _____ () C:\Program Files (x86)\Bluetooth Suite\RfcommLib.dll
2009-09-10 20:47 - 2009-09-10 20:47 - 00039936 _____ () C:\Program Files (x86)\Bluetooth Suite\BTBIP.DLL
2009-09-10 20:46 - 2009-09-10 20:46 - 00053248 _____ () C:\Program Files (x86)\Bluetooth Suite\Sync.dll
2009-09-10 20:45 - 2009-09-10 20:45 - 00056832 _____ () C:\Program Files (x86)\Bluetooth Suite\GOEP_SINGLE.DLL
2009-09-10 20:46 - 2009-09-10 20:46 - 00040448 _____ () C:\Program Files (x86)\Bluetooth Suite\BPP.DLL
2009-09-10 20:46 - 2009-09-10 20:46 - 00062464 _____ () C:\Program Files (x86)\Bluetooth Suite\GOEP_bpp.DLL
2009-08-17 16:37 - 2009-08-17 16:37 - 00065024 _____ () C:\Program Files (x86)\Bluetooth Suite\langs\BtvStackGER.dll
2009-09-10 20:45 - 2009-09-10 20:45 - 00055296 _____ () C:\Program Files (x86)\Bluetooth Suite\GOEP.DLL
2014-10-31 13:59 - 2014-10-31 13:59 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2011-09-08 12:35 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" <==== ATTENTION
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1277884898-1004684798-2350901460-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\IMCC\Powersaver.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AlwaysAware Alarm Service => 2
MSCONFIG\Services: AlwaysAware HDP Service => 2
MSCONFIG\Services: ColorMedia => 2
MSCONFIG\Services: HSETUApplicationService => 2
MSCONFIG\Services: moruxefo => 2
MSCONFIG\Services: ronevulo => 2
MSCONFIG\Services: rpcnet => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^Users^Karl Rösch^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: Advanced System Protector => "C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe" autolaunch
MSCONFIG\startupreg: Allin1Convert AppIntegrator 32-bit => C:\PROGRA~2\ALLIN1~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: Allin1Convert AppIntegrator 64-bit => C:\PROGRA~2\ALLIN1~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: AlwaysAware Anti-Theft => C:\Program Files (x86)\Always-Aware Applications\Always-Aware Alarm\AntiTheft.exe /AUTORUN
MSCONFIG\startupreg: AlwaysAware Auto Rotate Screen => C:\Program Files (x86)\Always-Aware Applications\Always-Aware Display\AutoRotateScreen.exe /AUTORUN
MSCONFIG\startupreg: AlwaysAware Calibration Wizard => C:\Program Files (x86)\Always-Aware Applications\Accelerometer COM\AccelCalibrationWizard.exe /AUTORUN
MSCONFIG\startupreg: AlwaysAware Hard Drive Protection => C:\Program Files (x86)\Always-Aware Applications\Always-Aware Hard-Disk Drive\HPUtility.exe /p
MSCONFIG\startupreg: Configuration Center => C:\Program Files\Configuration Center\bin\McaMaster.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
==================== Accounts: =============================
Administrator (S-1-5-21-1277884898-1004684798-2350901460-500 - Administrator - Disabled)
Gast (S-1-5-21-1277884898-1004684798-2350901460-501 - Limited - Disabled)
Karl Rösch (S-1-5-21-1277884898-1004684798-2350901460-1000 - Administrator - Enabled) => C:\Users\Karl Rösch
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/14/2015 06:45:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.
Error: (04/14/2015 06:35:36 PM) (Source: WcesComm) (EventID: 2) (User: )
Description: IPv4-Fehler beim Starten des Diensts für Windows Mobile 2003-Geräteverbindungen. (Die Daten enthalten den Fehlercode.)
Error: (04/14/2015 06:33:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DeviceControlService.exe, Version: 0.8.0.4774, Zeitstempel: 0x4b83904f
Name des fehlerhaften Moduls: DeviceControlService.exe, Version: 0.8.0.4774, Zeitstempel: 0x4b83904f
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000008657e
ID des fehlerhaften Prozesses: 0x674
Startzeit der fehlerhaften Anwendung: 0xDeviceControlService.exe0
Pfad der fehlerhaften Anwendung: DeviceControlService.exe1
Pfad des fehlerhaften Moduls: DeviceControlService.exe2
Berichtskennung: DeviceControlService.exe3
Error: (04/14/2015 06:33:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/14/2015 06:33:30 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (04/14/2015 06:21:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DeviceControlService.exe, Version: 0.8.0.4774, Zeitstempel: 0x4b83904f
Name des fehlerhaften Moduls: DeviceControlService.exe, Version: 0.8.0.4774, Zeitstempel: 0x4b83904f
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000008657e
ID des fehlerhaften Prozesses: 0x680
Startzeit der fehlerhaften Anwendung: 0xDeviceControlService.exe0
Pfad der fehlerhaften Anwendung: DeviceControlService.exe1
Pfad des fehlerhaften Moduls: DeviceControlService.exe2
Berichtskennung: DeviceControlService.exe3
Error: (04/14/2015 06:21:36 PM) (Source: WcesComm) (EventID: 2) (User: )
Description: IPv4-Fehler beim Starten des Diensts für Windows Mobile 2003-Geräteverbindungen. (Die Daten enthalten den Fehlercode.)
Error: (04/14/2015 06:21:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/14/2015 06:21:24 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (04/14/2015 06:05:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.
System errors:
=============
Error: (04/14/2015 06:45:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147014790.
Error: (04/14/2015 06:45:09 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147952506.
Error: (04/14/2015 06:44:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147014790.
Error: (04/14/2015 06:44:39 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147952506.
Error: (04/14/2015 06:44:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147014790.
Error: (04/14/2015 06:44:09 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147952506.
Error: (04/14/2015 06:44:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
Error: (04/14/2015 06:43:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147014790.
Error: (04/14/2015 06:43:39 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147952506.
Error: (04/14/2015 06:41:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Device Control Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (04/14/2015 06:45:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.
Error: (04/14/2015 06:35:36 PM) (Source: WcesComm) (EventID: 2) (User: )
Description: IPv4
Error: (04/14/2015 06:33:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DeviceControlService.exe0.8.0.47744b83904fDeviceControlService.exe0.8.0.47744b83904f40000015000000000008657e67401d076d0be765484C:\Program Files\Configuration Center\bin\DeviceControlService.exeC:\Program Files\Configuration Center\bin\DeviceControlService.exe017ae461-e2c4-11e4-98db-1c4bd6d9939c
Error: (04/14/2015 06:33:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/14/2015 06:33:30 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (04/14/2015 06:21:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DeviceControlService.exe0.8.0.47744b83904fDeviceControlService.exe0.8.0.47744b83904f40000015000000000008657e68001d076cf0dd98ce3C:\Program Files\Configuration Center\bin\DeviceControlService.exeC:\Program Files\Configuration Center\bin\DeviceControlService.exe530ae76d-e2c2-11e4-9b3d-1c4bd6d9939c
Error: (04/14/2015 06:21:36 PM) (Source: WcesComm) (EventID: 2) (User: )
Description: IPv4
Error: (04/14/2015 06:21:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/14/2015 06:21:24 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (04/14/2015 06:05:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU U 380 @ 1.33GHz
Percentage of memory in use: 31%
Total physical RAM: 3766.64 MB
Available physical RAM: 2592.07 MB
Total Pagefile: 7531.47 MB
Available Pagefile: 6264.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:298.09 GB) (Free:238.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:14.44 GB) (Free:14.43 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 073FEA8A)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================ Gmer Log:
[/CODE]
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-14 19:19:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.01.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\KARLRS~1\AppData\Local\Temp\kwloruow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e41465 2 bytes [E4, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e414bb 2 bytes [E4, 76]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd648cd3e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd648cd8e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6d9939c
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd648cd3e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd648cd8e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6d9939c (not active ControlSet)
---- EOF - GMER 2.1 ----
[/CODE]
Ich hoffe Ihr könnt mir weiterhelfen und bedanke mich schonmal für eure Mühe!
Grüße, Mibu |