Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 8.1 x64: Adobe Flashplayer lässt sich nicht updaten/installieren/deinstallieren + weiteres Seltsames... (https://www.trojaner-board.de/157688-windows-8-1-x64-adobe-flashplayer-laesst-updaten-installieren-deinstallieren-weiteres-seltsames.html)

TCR 17.08.2014 11:16
Windows 8.1 x64: Adobe Flashplayer lässt sich nicht updaten/installieren/deinstallieren + weiteres Seltsames...
 
Liste der Anhänge anzeigen (Anzahl: 2)
Liebes Trojaner-Board,
ich bin neu in diesem Forum, komme aber ohne Eure Hilfe wohl nicht mehr weiter.
Mein Problem hat mit einem offensichtlich fehlerhaften Update des Adobe FlashPlayers 13 gestartet, allerdings glaube ich mittlerweile es ist mehr als das.
Ich kann den Flashplayer weder neu installieren, nicht über den Web-Installer (Installation wird aufgrund eines unbekannten Fehlers beendet) und auch nicht lokal über das MSI-file (Fehler 1722). Deinstallieren über das Adobe-eigene Tool funktioniert ebenso wenig: Hier zeigt sich einfach überhaupt keine Reaktion der Maschine.
Einige Foren empfehlen zur Lösung des "1722" Fehlers bei lokaler Installation das Löschen der Registry Keys unter "HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayer\SafeVersions", ich kann diese Keys aber auch als Admin nicht löschen !

Nun habe ich bereits Scans durchgeführt mit JRT und Malwarebytes, einige Reste von W32/Mobogenie und Somoto erwischt und entfernt, allerdings ohne irgendeine Verbesserung zum ursprünglichen Problem (ausser dass ich schon jetzt bedauere bei der Umstellung auf Win8 von Avast zum Defender gewechselt zu haben ...).

Ein Durchlauf mit SECURITYCHECK hat dann meine Bedenken noch vergrößert: Hier wird angegeben dass sowohl Adobe Flashplayer, aber auch Google Chrome immer noch installiert sind. Zumindest für Google Chrome kann das gar nicht sein denn den verwende ich schon länger nicht mehr und dachte auch dass alles gesäubert war.

Wie angegeben wollte ich natürlich auch ein GMER-log mitliefern, aber das Tool verweigert den Dienst mit Hinweis dass es auf "..../config/system" nicht zugreifen kann. Komisch, screenshot liegt bei.

Abschliessend: Um absolut den Flashplayer von der Maschine zu bekommen habe ich auch versucht den Internet Explorer zu entfernen. Geht bis zu einem gewissen Punkt, dann meldet das System dass dieses Featureänderung nicht erfolgreich war und leitet automatisch den Rollback ein. Gleiches passiert wenn ich das Sicherheitsupdate "KB2982794" für die ActiveX-Version des Flashplayers für Internetexplorer von Microsoft installieren will = Rollback.

Nun habe ich die Bitte dass sich von Euch jemand Kundiges meine logs anschaut, irgendetwas passiert hier was ich nicht sehe. Besten Dank im Vorraus !

schrauber 17.08.2014 11:37
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

TCR 17.08.2014 12:36
Entschuldigung schrauber,

hier sind die logs in Klartext:
FRST.txt:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by thoma_000 (administrator) on COMPUTERLE on 17-08-2014 11:36:52
Running from \\NAS-REHBERG\Public\SW_Archive\internet\malware-Schutz
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
(Alexander Seeliger Software) C:\Program Files (x86)\Alexosoft\Backup Service Home 3\BSHService.exe
(Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
( ) C:\Windows\System32\lxebcoms.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\JMS\VCR.NET\bin\JMS.DVBVCR.RecordingService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Alexander Seeliger Software) C:\Program Files (x86)\Alexosoft\Backup Service Home 3\Alexosoft.BackupService.MainApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe
() C:\Program Files (x86)\JMS\VCR.NET\Tools\VCRNET Control Center.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
() C:\Program Files\Double Commander\doublecmd.exe
() C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\S5WOW_App\x64\S5wow_2005.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) \\NAS-REHBERG\Public\SW_Archive\internet\malware-Schutz\FRST64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [lxebmon.exe] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2013-12-13] (Greenshot)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1384608 2012-07-12] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3686077581-4278164509-3682126449-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-3686077581-4278164509-3682126449-1001\...\Run: [BackupServiceHome3Run] => C:\Program Files (x86)\Alexosoft\Backup Service Home 3\Alexosoft.BackupService.MainApp.exe [939008 2013-08-11] (Alexander Seeliger Software)
HKU\S-1-5-21-3686077581-4278164509-3682126449-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3686077581-4278164509-3682126449-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Transfer Utility Camera Monitor.lnk
ShortcutTarget: Transfer Utility Camera Monitor.lnk -> C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VCR.NET Überwachung.lnk
ShortcutTarget: VCR.NET Überwachung.lnk -> C:\Program Files (x86)\JMS\VCR.NET\Tools\VCRNET Control Center.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2012-05-18] (ASUSTeK Computer Inc.) [File not signed]
R2 Backup Service Home-Dienst; C:\Program Files (x86)\Alexosoft\Backup Service Home 3\BSHService.exe [19456 2013-08-02] (Alexander Seeliger Software) [File not signed]
R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2014-03-18] (Sirrix AG) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LanmanServer; C:\Windows\SysWOW64\srvsvc.dll [324608 2013-08-22] (Microsoft Corporation)
S4 lxebCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxeb_device; C:\WINDOWS\system32\lxebcoms.exe [1052328 2010-04-14] ( )
R2 lxeb_device; C:\WINDOWS\SysWOW64\lxebcoms.exe [598696 2010-04-14] ( )
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 VCR.NET Service; C:\Program Files (x86)\JMS\VCR.NET\bin\JMS.DVBVCR.RecordingService.exe [40960 2014-01-09] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S3 svsvc; %SystemRoot%\system32\svsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 cmuda3; C:\Windows\system32\drivers\cmudax3.sys [3848192 2013-02-16] (C-Media Inc)
R1 CSN5PDTS82x64; C:\Windows\System32\Drivers\CSN5PDTS82x64.sys [34840 2012-10-24] (Colasoft Co., Ltd.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [469264 2013-06-21] (Intel Corporation)
R3 kncbda; C:\Windows\system32\DRIVERS\kncbda64.sys [195712 2012-03-22] (ODSoft multimedia)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [124928 2013-08-22] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113952 2014-02-25] (Oracle Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-06-18] ()
S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 11:32 - 2014-08-17 11:32 - 00000899 _____ () C:\Users\thoma_000\Desktop\checkup.txt
2014-08-17 11:23 - 2014-08-17 11:36 - 00000000 ____D () C:\FRST
2014-08-17 11:07 - 2014-08-17 11:07 - 00000000 ____D () C:\Users\thoma_000\AppData\Roaming\Mozilla
2014-08-17 10:02 - 2014-08-17 10:02 - 00000797 _____ () C:\WINDOWS\setupact.log
2014-08-17 10:02 - 2014-08-17 10:02 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-16 23:21 - 2014-08-16 23:23 - 00000000 ____D () C:\Users\thoma_000\Downloads\adobe
2014-08-16 22:36 - 2014-08-16 22:36 - 00000836 _____ () C:\Users\thoma_000\Desktop\ESET.txt
2014-08-16 20:46 - 2014-08-16 20:46 - 00000882 _____ () C:\Users\thoma_000\Desktop\JRT.txt
2014-08-16 20:46 - 2014-08-16 20:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-16 20:43 - 2014-08-16 20:43 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-16 17:42 - 2014-08-16 17:42 - 00000101 _____ () C:\Users\thoma_000\Downloads\flash-allow-reinstall.reg
2014-08-16 17:26 - 2014-08-16 17:29 - 20288000 _____ () C:\Users\thoma_000\Downloads\install_flash_player_14_plugin.msi
2014-08-16 17:19 - 2014-08-16 17:19 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2014-08-16 17:06 - 2014-08-16 17:07 - 00851632 _____ (Adobe Systems Incorporated) C:\Users\thoma_000\Downloads\uninstall_flash_player.exe
2014-08-16 16:49 - 2014-08-16 20:51 - 00000628 _____ () C:\WINDOWS\PFRO.log
2014-08-16 16:43 - 2014-08-17 10:54 - 00000000 ____D () C:\AdwCleaner
2014-08-16 16:36 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-16 16:36 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-16 16:35 - 2014-08-07 00:38 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-16 16:35 - 2014-08-02 07:44 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-16 16:35 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-16 16:23 - 2014-08-17 10:06 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 16:22 - 2014-08-16 16:22 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-16 16:22 - 2014-08-16 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-16 16:22 - 2014-08-16 16:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-16 16:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-16 16:22 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-16 16:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-01 23:36 - 2014-08-01 19:34 - 113509200 _____ (Apple Inc.) C:\Users\thoma_000\Downloads\iTunes64Setup (1).exe
2014-08-01 09:28 - 2014-08-01 09:28 - 00050688 _____ (Atribune.org) C:\Users\thoma_000\Downloads\atfcleaner.exe
2014-07-27 14:15 - 2014-07-27 14:15 - 00000000 ____D () C:\Users\thoma_000\AppData\Roaming\OpenOffice
2014-07-27 01:58 - 2014-07-27 23:58 - 11204096 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-07-22 23:32 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-22 23:32 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-22 23:32 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-19 15:24 - 2014-08-16 20:17 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-18 18:02 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-18 14:35 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-18 14:34 - 2014-07-18 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-18 14:34 - 2014-07-18 14:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-18 14:34 - 2014-07-18 14:34 - 00000000 ____D () C:\Program Files\iTunes
2014-07-18 14:34 - 2014-07-18 14:34 - 00000000 ____D () C:\Program Files\iPod
2014-07-18 14:34 - 2014-07-18 14:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-18 14:30 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-18 14:30 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-18 14:30 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-18 14:22 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-18 14:22 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-18 14:22 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-18 14:22 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-18 14:22 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-18 14:22 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-18 14:22 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-18 14:22 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-18 14:22 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-18 14:22 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-18 14:22 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-18 14:22 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-18 14:22 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-18 14:22 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-18 14:22 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-18 14:22 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-18 14:22 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-18 14:22 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-18 14:22 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-18 14:22 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-18 14:22 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-18 14:22 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-18 14:22 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-18 14:22 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-18 14:22 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-18 14:22 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-18 14:22 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-18 14:22 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-18 14:22 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-18 14:22 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-18 14:22 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-18 14:22 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-18 14:22 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-18 14:21 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-18 14:21 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-18 14:21 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-18 14:21 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-18 14:21 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-18 14:21 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-18 14:21 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-18 14:21 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-18 14:21 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-18 14:21 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-18 14:21 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-18 14:21 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-18 14:21 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-18 14:21 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-18 14:21 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-18 14:21 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-18 14:21 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-18 14:20 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 11:36 - 2014-08-17 11:23 - 00000000 ____D () C:\FRST
2014-08-17 11:33 - 2013-09-30 06:14 - 01986416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-17 11:33 - 2013-09-30 05:56 - 00842990 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-17 11:33 - 2013-09-30 05:56 - 00192720 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-17 11:32 - 2014-08-17 11:32 - 00000899 _____ () C:\Users\thoma_000\Desktop\checkup.txt
2014-08-17 11:32 - 2013-03-31 17:52 - 01048576 _____ () C:\WINDOWS\PE_Rom.dll
2014-08-17 11:30 - 2014-06-01 20:45 - 01800474 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-17 11:30 - 2013-12-08 13:55 - 00000000 __RDO () C:\Users\thoma_000\SkyDrive
2014-08-17 11:30 - 2013-03-31 16:05 - 00050300 _____ () C:\ProgramData\lxebscan.log
2014-08-17 11:29 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-17 11:29 - 2013-03-31 13:47 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-17 11:28 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-17 11:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-17 11:07 - 2014-08-17 11:07 - 00000000 ____D () C:\Users\thoma_000\AppData\Roaming\Mozilla
2014-08-17 11:07 - 2013-12-08 14:08 - 00000000 ____D () C:\Program Files\Pale Moon
2014-08-17 11:06 - 2013-08-31 12:37 - 00000000 ____D () C:\Users\thoma_000\AppData\Roaming\doublecmd
2014-08-17 10:54 - 2014-08-16 16:43 - 00000000 ____D () C:\AdwCleaner
2014-08-17 10:35 - 2014-03-02 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-17 10:09 - 2013-03-31 17:57 - 00000000 _____ () C:\WINDOWS\Path.idx
2014-08-17 10:06 - 2014-08-16 16:23 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 10:05 - 2014-02-23 17:56 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7087A9BD-B7F6-4A84-A8D9-939D8A3B4AF0}
2014-08-17 10:02 - 2014-08-17 10:02 - 00000797 _____ () C:\WINDOWS\setupact.log
2014-08-17 10:02 - 2014-08-17 10:02 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-16 23:23 - 2014-08-16 23:21 - 00000000 ____D () C:\Users\thoma_000\Downloads\adobe
2014-08-16 22:36 - 2014-08-16 22:36 - 00000836 _____ () C:\Users\thoma_000\Desktop\ESET.txt
2014-08-16 20:51 - 2014-08-16 16:49 - 00000628 _____ () C:\WINDOWS\PFRO.log
2014-08-16 20:46 - 2014-08-16 20:46 - 00000882 _____ () C:\Users\thoma_000\Desktop\JRT.txt
2014-08-16 20:46 - 2014-08-16 20:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-16 20:43 - 2014-08-16 20:43 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-16 20:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-16 20:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-16 20:25 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-16 20:17 - 2014-07-19 15:24 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-16 19:59 - 2013-07-22 03:29 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-16 19:58 - 2013-03-31 15:26 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-16 17:42 - 2014-08-16 17:42 - 00000101 _____ () C:\Users\thoma_000\Downloads\flash-allow-reinstall.reg
2014-08-16 17:29 - 2014-08-16 17:26 - 20288000 _____ () C:\Users\thoma_000\Downloads\install_flash_player_14_plugin.msi
2014-08-16 17:19 - 2014-08-16 17:19 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2014-08-16 17:07 - 2014-08-16 17:06 - 00851632 _____ (Adobe Systems Incorporated) C:\Users\thoma_000\Downloads\uninstall_flash_player.exe
2014-08-16 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-16 16:47 - 2013-12-08 13:16 - 00000000 ____D () C:\Users\thoma_000
2014-08-16 16:22 - 2014-08-16 16:22 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-16 16:22 - 2014-08-16 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-16 16:22 - 2014-08-16 16:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-16 16:22 - 2014-01-04 13:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-07 00:38 - 2014-08-16 16:35 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-02 07:44 - 2014-08-16 16:35 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-01 19:34 - 2014-08-01 23:36 - 113509200 _____ (Apple Inc.) C:\Users\thoma_000\Downloads\iTunes64Setup (1).exe
2014-08-01 17:11 - 2013-04-05 11:07 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-01 17:05 - 2013-12-21 14:05 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-01 09:28 - 2014-08-01 09:28 - 00050688 _____ (Atribune.org) C:\Users\thoma_000\Downloads\atfcleaner.exe
2014-08-01 09:08 - 2013-12-21 12:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-01 09:08 - 2013-12-21 12:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 23:58 - 2014-07-27 01:58 - 11204096 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-07-27 21:54 - 2013-04-05 17:48 - 00004968 _____ () C:\ProgramData\lxeb.log
2014-07-27 20:53 - 2013-03-31 16:47 - 00001407 _____ () C:\ProgramData\lxebDiagnostics.log
2014-07-27 14:15 - 2014-07-27 14:15 - 00000000 ____D () C:\Users\thoma_000\AppData\Roaming\OpenOffice
2014-07-24 23:33 - 2013-12-21 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-20 18:59 - 2013-08-22 16:44 - 00538792 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-19 15:25 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-19 15:25 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-19 15:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-19 15:16 - 2013-03-31 18:15 - 00001915 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-07-19 15:16 - 2013-03-31 18:15 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-07-18 19:14 - 2013-03-31 19:04 - 00000000 ____D () C:\Users\thoma_000\AppData\Roaming\XnView
2014-07-18 18:02 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 14:34 - 2014-07-18 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-18 14:34 - 2014-07-18 14:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-18 14:34 - 2014-07-18 14:34 - 00000000 ____D () C:\Program Files\iTunes
2014-07-18 14:34 - 2014-07-18 14:34 - 00000000 ____D () C:\Program Files\iPod
2014-07-18 14:34 - 2014-07-18 14:34 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 11:15

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Additions.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by thoma_000 at 2014-08-17 11:37:07
Running from \\NAS-REHBERG\Public\SW_Archive\internet\malware-Schutz
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAC ACM Codec 1.9 (HKLM-x32\...\AACACM) (Version: 1.9 - fccHandler)
AC-3 ACM Codec 2.2 (HKLM-x32\...\AC3ACM) (Version: 2.2 - fccHandler)
Add/Remove Pro (Freeware) (HKLM-x32\...\Add/Remove Pro (Freeware)_is1) (Version:  - Super Win Software, Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.7.8981 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Service Home 3.5.2.1 (HKLM-x32\...\{5979B77A-9AE6-4E75-AED8-283C5E16C02D}_is1) (Version: 3.5.2.1 - Alexander Seeliger Software)
Bandizip (HKCU\...\Bandizip) (Version: 3.08 - Bandisoft.com)
Bewerbungsfoto-/Passbild-Generator v3.6a (HKLM-x32\...\Passbild-Generator_is1) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser in the Box (HKLM-x32\...\BitBox) (Version: 3.3.1-r30 - Sirrix AG)
Canon SELPHY CP780 (HKLM\...\Canon SELPHY CP780) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4954 - CDBurnerXP)
Cedocida DV Codec (32 Bit and 64 Bit) (HKLM\...\cedocida) (Version:  - )
C-Media PCI Audio Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008738}) (Version: 1.00.0003 - )
Colasoft Capsa 7 Free (HKLM-x32\...\Colasoft Capsa 7 Free_is1) (Version: 7.7.2.4050 - Colasoft)
Cuttermaran 1.70 (HKLM-x32\...\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}) (Version: 1.7.0 - toarnold)
CyberLink Codec Package (HKLM-x32\...\{F61459F5-E5F7-4397-BA7D-EEE7BFA8A3AE}) (Version: 1.00.0000 - KNC One GmbH)
Double Commander 0.5.9 beta (HKLM\...\Double Commander_is1) (Version:  - )
DVB.NET Library 4.2 (HKLM-x32\...\{245CC53F-5E36-471B-8954-9504B64BA592}) (Version: 4.2.22 - JMS)
DVB.NET Server 4.2 (HKLM-x32\...\{DBCF2C83-44DA-4FC1-9624-2BCA88474084}) (Version: 4.2.22 - JMS)
DVB.NET Tools 4.2 (HKLM-x32\...\{CEDBF426-98C6-45A4-AF30-7326F5F1D5F5}) (Version: 4.2.22 - JMS)
DVB.NET Viewer 4.2 (HKLM-x32\...\{14C509C9-FE61-46F3-8AF6-5DDA91B0556C}) (Version: 4.2.22 - JMS)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 deutsch (HKLM-x32\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)
DVDStyler v2.4.2 (HKLM-x32\...\DVDStyler_is1) (Version:  - )
EMCO UnLock IT 3.0 (HKLM-x32\...\EMCO UnLock IT 3_is1) (Version:  - EMCO Software)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FaxRedist (HKLM-x32\...\{2C8CC208-965C-48A1-90A8-DFB484358F1C}) (Version: 1.0.0 -  )
ffdshow v1.2.4499 [2013-01-04] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4499.0 - )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
Fotomatic 1.3v (HKLM-x32\...\{45C4CE4D-64B7-47C8-A946-9737CD4C0259}_is1) (Version:  - Cybia)
FSproxy 1.0 RC2 (HKLM-x32\...\FSproxy) (Version: 1.0 RC2 - Micha³ Siejak)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GlobeDigital (HKLM-x32\...\InstallShield_{56F150D4-EA0F-415A-8F08-A4F17B782BCC}) (Version: 2.1.2.0.328 - ODSoft multimedia)
GlobeDigital (x32 Version: 2.1.2.0.328 - ODSoft multimedia) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Handbrake 6167 Nightly (HKLM-x32\...\Handbrake) (Version: 6167 Nightly - )
HDClone 4.3 Free Edition (HKLM-x32\...\HDClone.Free.4.3.4.1031-{EE1804A8-A428-40D4-830F-191A779E21C7}) (Version: 4.3 - Miray Software AG)
Huffyuv AVI lossless video codec (Remove Only) (HKLM\...\HUFFYUV) (Version:  - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImageSkill Background Remover 3 (Remove only) (HKLM-x32\...\ImageSkill Background Remover 3) (Version: 3.2 - ImageSkill Software)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Network Connections 18.5.54.0 (Version: 18.5.54.0 - Intel) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
iPhone-Konfigurationsprogramm (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LAV Filters 0.60.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.60.1 - Hendrik Leppkes)
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaInfo 0.7.66 (HKLM\...\MediaInfo) (Version: 0.7.66 - MediaArea.net)
Mein Taschenrechner (HKCU\...\b7ebceda106eb14c) (Version: 1.1.0.1 - Mein Taschenrechner)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Tool Web Package : EXCTRLST.EXE (HKLM-x32\...\{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}) (Version: 1.00.0.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSI PLC Utility (HKLM-x32\...\{F50B55DD-1015-401C-95D0-58175473F174}) (Version: 6.0.0 - MSI)
My MP4Box GUI 0.6.0.6 (HKLM\...\{3FBE3061-F2BC-4D3A-B4A9-8FB15C503F87}_is1) (Version: 0.6.0.6 - Matt Bodin)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Neat Image v6 Demo (with plug-in) (HKLM-x32\...\Neat Image_is1) (Version:  - Neat Image team, ABSoft)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)
Osmo4/GPAC (remove only) (HKCU\...\Osmo4) (Version:  - )
Pale Moon 24.7.1 (x64 en-US) (HKLM\...\Pale Moon 24.7.1 (x64 en-US)) (Version: 24.7.1 - Moonchild Productions)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Presto 2 (HKLM-x32\...\Presto 2) (Version:  - )
q264 (HKLM-x32\...\{A93D6BC7-F68B-4BE8-A34C-2ECB50CECA32}) (Version: 0.03.0007 - Tetrachrome Software LLC)
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 4.1.2.0218 - QNAP Systems, Inc.)
QNAP Qget (HKLM-x32\...\Qget) (Version: 3.1.4.1125 - QNAP Systems, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
SDK Debuggers (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Serif DrawPlus 8 (HKLM-x32\...\{838E3304-69BE-4537-8297-1760E36A2DA5}) (Version: 8.1.1.001 - Serif (Europe) Ltd)
Serif MoviePlus X5 (HKLM-x32\...\{93C40A12-0098-46B1-972E-E8083686A7A0}) (Version: 7.0.2.018 - Serif (Europe) Ltd)
Serif PagePlus 11 - Installer (HKLM-x32\...\{3D4FEB69-2D56-42FA-9854-B47C53B398A3}_is1) (Version:  - Avanquest GmbH)
Serif PagePlus 11 (HKLM-x32\...\{0A07E5D2-DAFB-42A9-8927-05C5F8E35F1A}) (Version: 11.1.1.0 - Serif (Europe) Ltd)
Serif PhotoPlus 11 (HKLM-x32\...\{FAFC9FF9-56BE-414D-B637-537E7D06E7B9}) (Version: 11.1.1.019 - Serif (Europe) Ltd)
Serif WebPlus X5 (HKLM-x32\...\{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}) (Version: 13.0.3.029 - Serif (Europe) Ltd)
Sony USB Driver (HKLM-x32\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version:  - )
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Transfer Utility (HKLM-x32\...\{0ECE15AC-CB68-40EC-B70D-1B220717844C}) (Version: 2.05.251 - PIXELA)
Transmission Remote (HKLM-x32\...\Transmission Remote) (Version:  - Alan F)
Transmission Remote GUI 3.2 (HKLM-x32\...\transgui_is1) (Version:  - Yury Sidorov)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VCR.NET 4.2 (HKLM-x32\...\{2174E5FB-6B1E-4C15-B675-BBB53F9D4B85}) (Version: 4.2.80 - JMS)
VidCoder 1.5.23 Beta (x64) (HKLM\...\VidCoder-Beta-x64_is1) (Version: 1.5.23 - RandomEngy)
Virtualdub FFMpeg Input Plugin (HKLM-x32\...\{F26A7CD7-C187-45DB-A790-C1C103A03C2F}_is1) (Version: 0.8.1.4 - Karl Pritchett)
virtualPhotographer 1.5.6 (HKLM-x32\...\virtualPhotographer_is1) (Version:  - optikVerve Labs)
Visual C++ 2008 Runtime (x64) (x32 Version: 1.0.1 - Highresolution Enterprises) Hidden
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VobMerge.NET (HKLM-x32\...\{6F3BFE93-4A15-41B6-86F1-617B47ED091A}) (Version: 1.0.0 - DV)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
Windows Software Development Kit EULA (x32 Version: 8.100.25984 - Microsoft Corporations) Hidden
Windows Software Development Kit EULA (x32 Version: 8.59.25584 - Microsoft Corporations) Hidden
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{2fc72c67-2837-46c2-b20a-9acb0d3cb2b2}) (Version: 8.100.25984 - Microsoft Corporation)
WinISO 5.3 (HKLM-x32\...\WinISO_is1) (Version:  - WinISO Computing Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.1.5 (HKLM-x32\...\winscp3_is1) (Version: 5.1.5 - Martin Prikryl)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
XnView 1.99.6 (HKLM-x32\...\XnView_is1) (Version: 1.99.6 - Gougelet Pierre-e)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3686077581-4278164509-3682126449-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\thoma_000\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-3686077581-4278164509-3682126449-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3686077581-4278164509-3682126449-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (hxxp://MediaArea.net/MediaInfo)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2014-06-15 12:23 - 00000909 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 192.168.255.1 fsproxy
 192.168.255.1 fsproxy

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {27CEFFBC-FE5E-4CBC-8EF4-AC4E73A10E63} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-07-23] (ASUSTeK Computer Inc.)
Task: {282DC73E-9F22-47CF-A65B-6479B7D78301} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2D18B385-AF0C-4C88-A6DE-9118B18EDE42} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {364AF9AE-A323-44F1-8D13-A05525189BD4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {3B3D1454-F74C-484F-8C13-98C0584542F6} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe [2012-07-12] (ASUSTeK Computer Inc.)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {523C1231-599A-4CAC-A2AA-27BC1F6C7282} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {55146F48-15F7-4F95-A2D8-54498A921B3E} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {561F4528-7012-4362-B2BA-EED28B0F366C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-16] (Microsoft Corporation)
Task: {58DD11E1-C8DE-4991-BF2F-C7F7315FBF3E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {69089848-D939-4D4F-9B8C-F0D44CE931C0} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2014-02-18] ()
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {798D22B7-5959-4F06-9514-204640B053D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BB03B246-B22B-41AE-A124-D69E1AB02819} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {C8AC71ED-92E2-4EA9-ABF8-676CB777477B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CCA756A1-6069-4DBA-AFDB-0C3605E3C66D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D579EA50-5C52-4770-9B29-74EBD7E80C54} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D81AF30C-694C-44E6-B196-08431F2B7A27} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DAB57DEE-5342-4C9C-A730-E1B16E2386A6} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EFB4ED6F-5E86-478F-B984-726DEFFA81F7} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {F89E8063-1142-404F-A21B-53BB8046E964} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {FC2BEF0D-6957-41A4-9A75-95C45F3961FA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-03-31 16:06 - 2009-11-04 09:17 - 00189440 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxebdrpp.dll
2014-01-09 22:33 - 2014-01-09 22:33 - 00040960 _____ () C:\Program Files (x86)\JMS\VCR.NET\bin\JMS.DVBVCR.RecordingService.exe
2013-03-31 15:10 - 2012-06-01 18:42 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-03-30 13:14 - 2014-02-18 08:49 - 01739440 _____ () C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
2013-12-08 16:06 - 2013-01-23 14:29 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
2014-01-09 22:33 - 2014-01-09 22:33 - 00114688 _____ () C:\Program Files (x86)\JMS\VCR.NET\Tools\VCRNET Control Center.exe
2013-08-31 12:37 - 2014-03-23 13:53 - 09020435 _____ () C:\Program Files\Double Commander\doublecmd.exe
2013-03-31 16:52 - 2012-05-03 10:40 - 00258048 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\S5WOW_App\x64\S5wow_2005.exe
2014-03-15 11:44 - 2014-08-17 11:07 - 04073984 _____ () C:\Program Files\Pale Moon\mozjs.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-23 13:06 - 2010-12-23 13:06 - 00028672 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\cx_Logging.pyd
2012-10-27 16:21 - 2012-10-27 16:21 - 00098816 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32api.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00110080 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pywintypes27.dll
2012-10-27 16:20 - 2012-10-27 16:20 - 00018432 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32event.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00119808 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32file.pyd
2012-10-27 16:21 - 2012-10-27 16:21 - 00167936 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32gui.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00024064 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32pipe.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00035840 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32process.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00017408 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32profile.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00108544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32security.pyd
2012-10-27 16:21 - 2012-10-27 16:21 - 00022528 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32ts.pyd
2012-10-27 16:22 - 2012-10-27 16:22 - 00364544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pythoncom27.dll
2012-10-27 16:23 - 2012-10-27 16:23 - 00320512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32com.shell.shell.pyd
2013-11-10 20:24 - 2013-11-10 20:24 - 00087552 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ctypes.pyd
2013-11-10 20:24 - 2013-11-10 20:24 - 00358400 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_hashlib.pyd
2013-11-10 20:24 - 2013-11-10 20:24 - 00044544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_socket.pyd
2013-11-10 20:24 - 2013-11-10 20:24 - 00899584 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ssl.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00025600 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32cred.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00011264 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32crypt.pyd
2012-10-27 16:20 - 2012-10-27 16:20 - 00064512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32net.pyd
2013-03-31 15:10 - 2014-08-17 11:29 - 00030720 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-03-31 15:10 - 2010-06-29 11:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2013-03-31 16:52 - 2012-05-02 18:04 - 00233472 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\AudioProjection.dll
2013-03-31 16:52 - 2012-06-22 13:32 - 00184320 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\DLCapPP.dll
2013-03-31 16:52 - 2010-12-14 17:46 - 00067584 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\CoreAudioCap.dll
2013-03-31 16:52 - 2011-08-09 14:52 - 00425984 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\awiscale.DLL
2013-03-31 16:52 - 2012-04-25 14:57 - 00073728 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\IsSupported.dll
2013-03-31 16:52 - 2012-01-12 16:44 - 00475136 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFiGO_HookKey.dll
2013-03-31 16:52 - 2012-04-20 16:24 - 00716800 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiMoveHelp.dll
2013-03-31 16:52 - 2012-04-25 14:47 - 00659456 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\PhoneCtrlAPI.dll
2013-03-31 16:50 - 2012-05-17 19:57 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2013-12-08 16:06 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
2013-12-08 16:06 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
2013-12-08 16:06 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebDRS.dll
2013-12-08 16:06 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
2014-06-01 21:39 - 2009-07-26 17:38 - 00886272 _____ () C:\Program Files (x86)\Alexosoft\Backup Service Home 3\System.Data.SQLite.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-07-19 22:48 - 2012-09-10 16:31 - 00364544 _____ () C:\Program Files (x86)\PIXELA\Transfer Utility\pxl_m17n_tool.dll
2013-03-31 16:52 - 2012-02-06 21:08 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\pngio.dll
2013-03-31 16:50 - 2012-07-05 12:05 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2013-03-31 15:10 - 2011-07-12 20:14 - 00147456 ____N () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2013-03-31 15:10 - 2010-10-05 09:22 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2013-03-31 16:53 - 2011-09-26 19:36 - 00869376 ____N () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2013-03-31 15:10 - 2012-10-08 18:07 - 00972288 ____N () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2013-12-29 17:14 - 2013-05-08 17:22 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2013-03-31 16:51 - 2012-06-19 12:56 - 01305600 ____N () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2013-03-31 16:38 - 2012-07-25 09:56 - 01124864 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2013-03-31 16:37 - 2012-07-20 09:39 - 01047040 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2013-03-31 15:10 - 2013-04-15 15:19 - 00883712 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2013-03-31 15:10 - 2012-05-28 22:27 - 01622528 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2013-03-31 15:10 - 2011-09-19 21:18 - 01243136 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2013-03-31 15:10 - 2011-07-21 10:06 - 00846848 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2013-03-31 15:10 - 2012-08-29 19:09 - 00875520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2013-03-31 16:52 - 2012-07-10 17:55 - 01625600 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\WiFiGO.dll
2013-03-31 15:10 - 2010-08-23 11:17 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2013-03-31 15:10 - 2010-10-05 09:22 - 00208896 ____N () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2013-03-31 16:50 - 2012-01-19 09:39 - 00028672 ____N () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll
2013-03-31 16:51 - 2012-07-17 16:55 - 00062464 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi Engine\IsSupported.dll
2013-03-31 16:38 - 2012-07-31 15:21 - 00152064 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll
2013-03-31 16:38 - 2012-08-08 16:45 - 00786432 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll
2013-03-31 16:38 - 2010-10-05 08:22 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll
2013-03-31 15:10 - 2009-08-12 21:15 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2014-01-19 21:23 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C7D0F96D
AlternateDataStreams: C:\Users\thoma_000\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "EzPrint"

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Qualcomm Atheros AR9485-Funknetzwerkadapter
Description: Qualcomm Atheros AR9485-Funknetzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2014 11:28:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x155c
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5

Error: (08/17/2014 11:00:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (08/17/2014 11:00:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (08/16/2014 11:23:39 PM) (Source: MsiInstaller) (EventID: 11722) (User: COMPUTERLE)
Description: Product: Adobe Flash Player 14 Plugin -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: D:\Temp\InstallPlugin_14_0_0_179.exe, command: -install -msi

Error: (08/16/2014 10:42:03 PM) (Source: MsiInstaller) (EventID: 11722) (User: COMPUTERLE)
Description: Product: Adobe Flash Player 14 Plugin -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: D:\Temp\InstallPlugin_14_0_0_179.exe, command: -install -msi

Error: (08/16/2014 09:42:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 914

Startzeit: 01cfb9897659e34d

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 69c1e016-257d-11e4-bf2f-c86000df1f30

Vollständiger Name des fehlerhaften Pakets: CAF9E577.Plex_1.6.4.3_x64__aam28m9va5cke

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (08/16/2014 09:40:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20573 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ce4

Startzeit: 01cfb9892864c8c5

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 1c4a60ac-257d-11e4-bf2f-c86000df1f30

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (08/16/2014 09:34:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20573 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ef0

Startzeit: 01cfb9833939019c

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 614c2106-257c-11e4-bf2f-c86000df1f30

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (08/16/2014 09:27:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a2c

Startzeit: 01cfb9875daf5606

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 525f04fe-257b-11e4-bf2f-c86000df1f30

Vollständiger Name des fehlerhaften Pakets: CAF9E577.Plex_1.6.4.3_x64__aam28m9va5cke

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (08/16/2014 09:18:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm palemoon.exe, Version 24.7.0.5319 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 66c

Startzeit: 01cfb986b95e17ed

Endzeit: 19

Anwendungspfad: C:\Program Files\Pale Moon\palemoon.exe

Berichts-ID: 15d3cda9-257a-11e4-bf2f-c86000df1f30

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (08/17/2014 11:30:54 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (08/17/2014 11:29:14 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "\\?\Volume{4a73a57d-e402-4fd1-87b8-6407de1dfe0a}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (08/17/2014 11:28:38 AM) (Source: DCOM) (EventID: 10010) (User: COMPUTERLE)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (08/17/2014 11:28:38 AM) (Source: DCOM) (EventID: 10010) (User: COMPUTERLE)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (08/17/2014 10:00:34 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "\\?\Volume{4a73a57d-e402-4fd1-87b8-6407de1dfe0a}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (08/17/2014 10:00:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎08.‎2014 um 23:03:41 unerwartet heruntergefahren.

Error: (08/17/2014 10:00:23 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841170672

Error: (08/16/2014 11:27:06 PM) (Source: DCOM) (EventID: 10010) (User: COMPUTERLE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/16/2014 11:27:06 PM) (Source: DCOM) (EventID: 10010) (User: COMPUTERLE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/16/2014 11:27:05 PM) (Source: DCOM) (EventID: 10010) (User: COMPUTERLE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (08/17/2014 11:28:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa155c01cfb9fd8abf34a0\\NAS-REHBERG\Public\SW_Archive\internet\malware-Schutz\Gmer-19357.exe\\NAS-REHBERG\Public\SW_Archive\internet\malware-Schutz\Gmer-19357.exed02c2a3e-25f0-11e4-bf30-c86000df1f30

Error: (08/17/2014 11:00:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (08/17/2014 11:00:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (08/16/2014 11:23:39 PM) (Source: MsiInstaller) (EventID: 11722) (User: COMPUTERLE)
Description: Product: Adobe Flash Player 14 Plugin -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: D:\Temp\InstallPlugin_14_0_0_179.exe, command: -install -msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/16/2014 10:42:03 PM) (Source: MsiInstaller) (EventID: 11722) (User: COMPUTERLE)
Description: Product: Adobe Flash Player 14 Plugin -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: D:\Temp\InstallPlugin_14_0_0_179.exe, command: -install -msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/16/2014 09:42:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1638491401cfb9897659e34d4294967295C:\WINDOWS\system32\backgroundTaskHost.exe69c1e016-257d-11e4-bf2f-c86000df1f30CAF9E577.Plex_1.6.4.3_x64__aam28m9va5ckeApp

Error: (08/16/2014 09:40:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20573ce401cfb9892864c8c54294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe1c4a60ac-257d-11e4-bf2f-c86000df1f30microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (08/16/2014 09:34:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20573ef001cfb9833939019c4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe614c2106-257c-11e4-bf2f-c86000df1f30microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (08/16/2014 09:27:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384a2c01cfb9875daf56064294967295C:\WINDOWS\system32\backgroundTaskHost.exe525f04fe-257b-11e4-bf2f-c86000df1f30CAF9E577.Plex_1.6.4.3_x64__aam28m9va5ckeApp

Error: (08/16/2014 09:18:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: palemoon.exe24.7.0.531966c01cfb986b95e17ed19C:\Program Files\Pale Moon\palemoon.exe15d3cda9-257a-11e4-bf2f-c86000df1f30


CodeIntegrity Errors:
===================================
  Date: 2014-08-16 21:30:43.458
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-16 21:30:43.354
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-16 21:30:43.071
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-16 21:29:51.247
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-16 21:29:48.707
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-16 21:29:44.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-16 21:29:13.415
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-16 19:44:05.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-16 19:44:05.203
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-16 19:44:04.994
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 23%
Total physical RAM: 7873.77 MB
Available physical RAM: 6047.5 MB
Total Pagefile: 15809.77 MB
Available Pagefile: 13734.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive b: (Volume) (Fixed) (Total:19.87 GB) (Free:5.68 GB) NTFS
Drive c: () (Fixed) (Total:67.84 GB) (Free:15.57 GB) NTFS
Drive d: (Volume) (Fixed) (Total:397.4 GB) (Free:159.87 GB) NTFS
Drive e: (Volume) (Fixed) (Total:465.76 GB) (Free:201.79 GB) NTFS
Drive h: () (Removable) (Total:7.54 GB) (Free:7.54 GB) FAT32
Drive t: () (Network) (Total:915.42 GB) (Free:337.05 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 23A9D762)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: E003B233)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.6 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.6 GB) - (Type=0B)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 20 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
JRT.txt:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro x64
Ran by thoma_000 on 16.08.2014 at 20:43:43,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3686077581-4278164509-3682126449-1001\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.08.2014 at 20:46:29,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ESET.txt:
Code:
C:\AdwCleaner\Quarantine\C\Users\thoma_000\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir        Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\thoma_000\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir        Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\thoma_000\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir        Win32/NextLive.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\thoma_000\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir        Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung
C:\Users\thoma_000\Local Settings\Application Data\Bundled software uninstaller\biclient.exe        Win32/Somoto.A evtl. unerwünschte Anwendung
checkup.txt:
Code:
Results of screen317's Security Check version 0.99.87 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Windows Defender 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player        13.0.0.214 Flash Player out of Date! 
 Mozilla Thunderbird (24.3.0)
 Google Chrome 30.0.1599.101 
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
Besten dank für die schnelle Reaktion !

noch eine Korrektur zu dem Ergebnis von systemcheck, ich konnte mir nicht vorstellen dass der Windows Security Center Service nicht läuft, und es ist auch nicht so.

Code:
Results of screen317's Security Check version 0.99.87 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player        13.0.0.214 Flash Player out of Date! 
 Mozilla Thunderbird (24.3.0)
 Google Chrome 30.0.1599.101 
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

schrauber 17.08.2014 22:58
SIeht alles gut aus. Adobe schon mal mit Revo deinstalliert und Reste entfernt?

TCR 18.08.2014 12:41
nein, das habe ich nicht. Ich habe bisher immer "Add/Remove Pro" verwendet, aber damit finde ich keinen Anhaltspunkt in der Sache.
Ich werde morgen den Revo Unistaller versuchen, der soll ja auch die registry Einträge entfernen. Ich glaube dass es genau daran liegt dass ich keine Neuinstallation des Flashplayers ausführen kann.
Irgendeine Idee warum GMER nicht startet ?

Beste Grüsse

so ich habe den Revo unistaller jetzt laufen lassen. In der Tat hat er die Reste des Adobe Flashplayers in der Registry gefunden und auch löschen können. Leider hat es nichts am Fehlerbild bewirkt, immer noch Fehler 1722 wenn ich die .MSI starte ...
Securitycheck meldet jetzt auch keinen Flashplayer mehr im Report, aber immer noch Google Chrome. Und den findet selbst Revo nicht !
Der ProcessMonitor von Sysinternals meldet auch keine Access denied für den Installer von Adobe. Ich muss noch mal im Netz weitersuchen was sonst noch an Gründen für den 1722 Error bekannt ist, so langsam ...

schrauber 19.08.2014 04:39
Gmer und Win8.1 sind keine Freunde :)

ZEig mal nen Screenshot der Adobe Meldung bitte.

TCR 19.08.2014 21:34
folgendes Verhalten:

install_flash_player_14_plugin.exe: Überhaupt keine Reaktion, einfach GAR NICHTS.
install_flash_player_14_plugin.msi: Installation beginnt, dann Pop-Up mit
"Product: Adobe Flash Player 14 Plugin -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: D:\Temp\InstallPlugin_14_0_0_179.exe, command: -install -msi"

Gleiches Bild ergibt sich wenn ich es mit den installer-files für die version 13 versuche...

Mittlerweile geht auch kein Flash-Player im Internet Explorer mehr, und das ist die ActiveX version die mit Win8 installiert ist. Wenn ich "Windows8.1-KB2982794-x64.msu" starte, das ist das Sicherheitsupdate für die ActiveX version für den IE, ist der Update am Ende nicht erfolgreich.

Irgendeine böse Macht will nicht dass ich Flash-Objekte anschauen kann :confused:

schrauber 20.08.2014 11:01
Haste den Installer mal mit Rechtsklick als Admin gestartet?

TCR 20.08.2014 13:04
ja habe ich, auch in der command-shell. Ich habe zwar ein Verzeichnis "c:\Windows\SysWOW64\Macromed\Flash\". un darin stehen auch die ActiveX Komponenten, sonst aber nichts.
Allerdings ist mir gerade aufgefallen dass der Trusted Installer nur Anzeigerechte hat, wenn ich es aber auf Vollzugriff ändern möchte kommt die Fehlermeldung dass der ZUgriff auf die Elemente zur Änderung der Sicherheitsinformation verweigert wird.

Wie kann ich eigentlich in dem Forum einen Screenshot posten ? ...

schrauber 21.08.2014 10:51
Zitat:
Wie kann ich eigentlich in dem Forum einen Screenshot posten ? ...
In der Antworten Box unten auf Erweitert, dann Anhänge verwalten.

Mach mal ein Refresh von WIndows.

TCR 24.08.2014 16:38
ich habe es jetzt ein glücklicherweise vorhandenenes Image von vor 3 Monaten aufgespielt. Dort war dann noch die Version 12 des Flashplaers drauf, aber die Installation als Update auf Version 14 ging problemlos.
Nachdem ich normalerweise nicht so leicht aufgebe hier noch eine LIste mit erfolglosen Versuchen:
- reset aller relevanten Registry und file-system permissions über das von Adobe bereitgestellte batchfile "reset_fp11.bat" und "subinacl". Vorsicht, das batchfile läuft erst nicht durch da es für die englische Version des OS geschrieben wurde, geht aber leicht zu ändern indem man adminstarors mit administratoren tauscht und user mit benutzer ... => alle access denied Meldungen mit der Hand korrigert, sript lief dann durch und hat die Berechtigungen von was weiss ich wievielen files und keys geändert, NULL Ergebnis
- refresh über eignen restore-pint um meine Programme zu retten (regimg /CreateImage c:\Refresh, wie von der Zeitschrift "com!" angegeben) => hat zwar geklappt, ist aber ebenso wirkungslos für mein Problem.

Was es auch immer gewesen ist: kein Errorlog dass irgenwie weiterhilft, msiexec meldet lediglich eine nicht erfolgreiche "Customaction1".

Es geht nichts über ein Image von einem funktionierenden System, ich hätte mir 3 Tage Arbeit sparen können :-(

schrauber 25.08.2014 12:10
Jap :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131