| |
| |||||||
Log-Analyse und Auswertung: Virenscanner meldet TR/Crypt.Xpack.99996Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
11.10.2014, 17:04
| #1 |
| |  Virenscanner meldet TR/Crypt.Xpack.99996 Hallo, mein virenscanner avira hat gestern einen Fund gemeldet: TR/Crypt.Xpack.9996. Dieser ließ sich nicht enfernen. Heute wurden dann zusätzlich zunehmend, zuletzt 77, Viren gemeldet. Vorher konnte ich winword nicht mehr aufrufen, ich weiß nicht, ob das etwas mit der Sache zu tun hat. Ich habe auf winword reparieren geklickt, das ging dann nach einiger Zeit wieder. Kurz drauf wurde dann der Crypt.Xpack gemeldet. Ich bitte um Hilfe für dieses Problem, leider kenne ich mich überhaupt nicht aus und bin eher ein PC-Depp. |
|
11.10.2014, 17:20
| #2 |
| /// the machine /// TB-Ausbilder    | Virenscanner meldet TR/Crypt.Xpack.99996 hi,
__________________Logfile vom AV Programm? Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
11.10.2014, 19:49
| #3 |
| | Virenscanner meldet TR/Crypt.Xpack.99996 Hallo Schrauber,
__________________hier kommen die Ergebnisse: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014
Ran by Bastet (ATTENTION: The logged in user is not administrator) on ANGELIKA on 11-10-2014 20:38:51
Running from C:\Users\Bastet\Desktop
Loaded Profiles: UpdatusUser & Bastet (Available profiles: Admin & UpdatusUser & Bastet)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2009-11-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [469536 2009-11-25] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1901903680-3249174370-2502805026-1004\...\Run: [hasaejiw] => C:\Users\Bastet\AppData\Local\Tqispkicvn\aurqvejiw.exe [80384 2014-10-10] ()
HKU\S-1-5-21-1901903680-3249174370-2502805026-1004\...\Run: [yxmfolnr] => C:\Users\Bastet\AppData\Local\Temp\Vlpxbiffp\ldowbolnr.exe [58880 2014-10-11] () <===== ATTENTION
HKU\S-1-5-21-1901903680-3249174370-2502805026-1004\...\Run: [kfqsdlny] => C:\Users\Bastet\AppData\Roaming\Vacica\ckrhdlny.exe [58880 2014-10-11] ()
HKU\S-1-5-21-1901903680-3249174370-2502805026-1004\...\Run: [medical_image] => C:\ProgramData\Avira\My Avira\Temp\rotation_lock_button\photo_viewer.exe [176128 2011-10-05] (American Megatrends, Inc) <===== ATTENTION
HKU\S-1-5-21-1901903680-3249174370-2502805026-1004\...\Run: [nxnxuwzx] => C:\Users\Bastet\AppData\Roaming\Mowilbt\fqnsfquwzx.exe [94208 2014-10-11] ()
HKU\S-1-5-21-1901903680-3249174370-2502805026-1004\...\RunOnce: [fault] => C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\mail_server\registry.exe [172544 2014-06-13] (Faronics Corporation)
HKU\S-1-5-21-1901903680-3249174370-2502805026-1004\...\MountPoints2: {db21f16b-a9f4-11e3-938a-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.youdagames.com?hp=1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=el1352&r=17360314z406pe465v155r4571s352
SearchScopes: HKLM - DefaultScope {D4D96C01-CF46-40CF-B535-CB8D81CE1139} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {D4D96C01-CF46-40CF-B535-CB8D81CE1139} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKCU - DefaultScope {D4D96C01-CF46-40CF-B535-CB8D81CE1139} URL =
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll (Google Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation)
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default
FF DefaultSearchEngine: SuchMaschine
FF SearchEngineOrder.1: SuchMaschine
FF SelectedSearchEngine: SuchMaschine
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://ws.infospace.com/gamers_tbar/ws/redir?_iceUrl=true&user_id=85120638&tool_id=62781&qkw=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\searchplugins\search-the-web.xml
FF SearchPlugin: C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\searchplugins\search_engine.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Gamers Unite! Snag Bar - C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\Extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi [2014-03-15]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Admin\AppData\Local\nwhb-v9.4.15.crx []
CHR HKLM-x32\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Admin\AppData\Local\nwhb-v9.4.15.crx []
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-11] ()
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [117640 2010-02-05] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-11] ()
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 SRTSP; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSP64.SYS [476720 2010-02-05] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSPX64.SYS [32304 2010-02-05] (Symantec Corporation)
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091101.004\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091101.004\EX64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-11 20:38 - 2014-10-11 20:40 - 00014295 _____ () C:\Users\Bastet\Desktop\FRST.txt
2014-10-11 20:37 - 2014-10-11 20:38 - 00000000 ____D () C:\FRST
2014-10-11 20:35 - 2014-10-11 20:35 - 02109952 _____ (Farbar) C:\Users\Bastet\Desktop\FRST64.exe
2014-10-11 20:31 - 2014-10-11 20:32 - 02109952 _____ (Farbar) C:\Users\Bastet\Downloads\FRST64(1).exe
2014-10-11 20:28 - 2014-10-11 20:28 - 02109952 _____ (Farbar) C:\Users\Bastet\Downloads\FRST64.exe
2014-10-11 17:46 - 2014-10-11 17:46 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Mowilbt
2014-10-11 12:56 - 2014-10-11 12:56 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Vacica
2014-10-10 14:33 - 2014-10-11 17:03 - 00000000 ____D () C:\ProgramData\vmomul
2014-10-10 09:17 - 2014-10-10 09:17 - 00000000 ___HD () C:\Users\Bastet\AppData\Local\Tqispkicvn
2014-10-09 23:19 - 2014-10-09 23:21 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Qkgjcau
2014-10-07 16:30 - 2014-10-07 16:30 - 00000753 _____ () C:\Users\Bastet\Desktop\Pharao.lnk
2014-10-07 16:29 - 2014-10-07 16:29 - 00000000 ____D () C:\Users\Bastet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-10-07 16:06 - 2014-10-07 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2014-09-27 14:48 - 2014-09-27 14:48 - 00000000 ____D () C:\SIERRA
2014-09-27 14:48 - 2014-09-27 14:48 - 00000000 ____D () C:\Program Files (x86)\Sierra On-Line
2014-09-27 14:47 - 2014-10-07 16:06 - 00000302 _____ () C:\Windows\SIERRA.INI
2014-09-24 22:11 - 2014-09-24 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-21 00:40 - 2014-07-13 16:33 - 00001298 _____ () C:\Users\Bastet\Desktop\Ritter Arthur 4.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-11 20:31 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 20:31 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-11 20:20 - 2014-03-12 16:48 - 01982757 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 20:18 - 2014-03-13 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 20:02 - 2014-03-13 14:02 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-10-11 12:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 12:41 - 2009-07-14 06:51 - 00065675 _____ () C:\Windows\setupact.log
2014-10-10 21:49 - 2014-03-13 01:40 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-10-10 21:49 - 2014-03-13 01:40 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-10-10 21:49 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-10 21:09 - 2010-02-05 02:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-27 14:53 - 2010-02-05 02:34 - 00195006 _____ () C:\Windows\PFRO.log
2014-09-27 14:45 - 2010-02-05 02:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines GameZone
2014-09-27 14:45 - 2010-02-05 02:35 - 00000000 ____D () C:\Program Files (x86)\eMachines GameZone
2014-09-27 14:45 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-26 10:31 - 2014-03-14 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 11:18 - 2014-03-13 00:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 11:18 - 2014-03-13 00:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\Users\Bastet\AppData\Local\Temp\Vlpxbiffp\ldowbolnr.exe
C:\ProgramData\Avira\My Avira\Temp\rotation_lock_button\photo_viewer.exe
Some content of TEMP:
====================
C:\Users\Bastet\AppData\Local\Temp\avgnt.exe
C:\Users\Bastet\AppData\Local\Temp\CmdLineExt.dll
C:\Users\Bastet\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Bastet\AppData\Local\Temp\drm_dyndata_7300015.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2014
Ran by Bastet at 2014-10-11 20:40:32
Running from C:\Users\Bastet\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security (Disabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.5 - INTENIUM GmbH)
Die Siedler III Gold Edition (HKLM-x32\...\S3) (Version: - )
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eMachines GameZone Console (HKLM-x32\...\{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1) (Version: 5.1.1.3 - Oberon Media, Inc.)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3006 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0812 - eMachines Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version: - Oberon Media)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.00.3005 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Kingdom For The Princess II (HKLM-x32\...\25a144fe374c4ed6e2c84fced8d6cc46) (Version: - Zylom)
My Kingdom for the Princess IV (HKLM-x32\...\58e1fbaed756aace10c08d4c1be28cce) (Version: - Zylom)
Nero 9 Essentials (HKLM-x32\...\{c0329ca4-2cf0-4a88-a397-6ce72f9fb46e}) (Version: - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.7.0.30 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.8 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7316 - NVIDIA Corporation) Hidden
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
Peggle(TM) Deluxe (HKLM-x32\...\00415396db1c66bc03a5109b1c550c8f) (Version: - Zylom)
Pharao (HKLM-x32\...\Pharao) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)
Ritter Arthur 4 (HKLM-x32\...\Ritter Arthur 4) (Version: 1.0.0.0 - INTENIUM GmbH)
Sommer Mahjong (HKLM-x32\...\Sommer Mahjong) (Version: 2.0.0.0 - INTENIUM GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1D53FB73-9826-4541-B2E0-A239C6EBA718}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{34726474-50D6-49FC-B8AC-35411459D27A}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3010 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\UpdaterEX.job => ?
==================== Loaded Modules (whitelisted) =============
2009-11-25 04:39 - 2009-11-25 04:39 - 00469536 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
2009-11-25 04:39 - 2009-11-25 04:39 - 00154144 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
2014-03-15 19:37 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Bastet\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-24 22:11 - 2014-09-24 22:11 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Bastet:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\Users\Bastet\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Bastet\Cookies:gs5sys
AlternateDataStreams: C:\Users\Bastet\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\Bastet\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Bastet\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Bastet\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Bastet\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Bastet\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Bastet\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\Bastet\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
========================= Accounts: ==========================
Admin (S-1-5-21-1901903680-3249174370-2502805026-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1901903680-3249174370-2502805026-500 - Administrator - Disabled)
Bastet (S-1-5-21-1901903680-3249174370-2502805026-1004 - Limited - Enabled) => C:\Users\Bastet
Gast (S-1-5-21-1901903680-3249174370-2502805026-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1901903680-3249174370-2502805026-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-1901903680-3249174370-2502805026-1003 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/11/2014 01:26:53 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (10/11/2014 01:25:31 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/10/2014 09:54:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Name des fehlerhaften Moduls: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00003fa0
ID des fehlerhaften Prozesses: 0xec4
Startzeit der fehlerhaften Anwendung: 0xLoadHelper.wgc20
Pfad der fehlerhaften Anwendung: LoadHelper.wgc21
Pfad des fehlerhaften Moduls: LoadHelper.wgc22
Berichtskennung: LoadHelper.wgc23
Error: (10/10/2014 09:53:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Name des fehlerhaften Moduls: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00003fa0
ID des fehlerhaften Prozesses: 0x1358
Startzeit der fehlerhaften Anwendung: 0xLoadHelper.wgc20
Pfad der fehlerhaften Anwendung: LoadHelper.wgc21
Pfad des fehlerhaften Moduls: LoadHelper.wgc22
Berichtskennung: LoadHelper.wgc23
Error: (10/10/2014 09:19:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Name des fehlerhaften Moduls: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00003fa0
ID des fehlerhaften Prozesses: 0x271c
Startzeit der fehlerhaften Anwendung: 0xLoadHelper.wgc20
Pfad der fehlerhaften Anwendung: LoadHelper.wgc21
Pfad des fehlerhaften Moduls: LoadHelper.wgc22
Berichtskennung: LoadHelper.wgc23
Error: (10/10/2014 09:18:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Name des fehlerhaften Moduls: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00003fa0
ID des fehlerhaften Prozesses: 0x1604
Startzeit der fehlerhaften Anwendung: 0xLoadHelper.wgc20
Pfad der fehlerhaften Anwendung: LoadHelper.wgc21
Pfad des fehlerhaften Moduls: LoadHelper.wgc22
Berichtskennung: LoadHelper.wgc23
Error: (10/10/2014 09:17:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Name des fehlerhaften Moduls: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00003fa0
ID des fehlerhaften Prozesses: 0x2850
Startzeit der fehlerhaften Anwendung: 0xLoadHelper.wgc20
Pfad der fehlerhaften Anwendung: LoadHelper.wgc21
Pfad des fehlerhaften Moduls: LoadHelper.wgc22
Berichtskennung: LoadHelper.wgc23
Error: (10/10/2014 09:17:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Name des fehlerhaften Moduls: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00003fa0
ID des fehlerhaften Prozesses: 0x1da0
Startzeit der fehlerhaften Anwendung: 0xLoadHelper.wgc20
Pfad der fehlerhaften Anwendung: LoadHelper.wgc21
Pfad des fehlerhaften Moduls: LoadHelper.wgc22
Berichtskennung: LoadHelper.wgc23
Error: (10/10/2014 09:17:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Name des fehlerhaften Moduls: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00003fa0
ID des fehlerhaften Prozesses: 0x2bb4
Startzeit der fehlerhaften Anwendung: 0xLoadHelper.wgc20
Pfad der fehlerhaften Anwendung: LoadHelper.wgc21
Pfad des fehlerhaften Moduls: LoadHelper.wgc22
Berichtskennung: LoadHelper.wgc23
Error: (10/10/2014 09:16:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Name des fehlerhaften Moduls: LoadHelper.wgc2, Version: 0.0.0.0, Zeitstempel: 0x46e6de1a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00003fa0
ID des fehlerhaften Prozesses: 0x2240
Startzeit der fehlerhaften Anwendung: 0xLoadHelper.wgc20
Pfad der fehlerhaften Anwendung: LoadHelper.wgc21
Pfad des fehlerhaften Moduls: LoadHelper.wgc22
Berichtskennung: LoadHelper.wgc23
System errors:
=============
Error: (10/11/2014 00:42:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (10/11/2014 00:41:48 PM) (Source: SRTSP) (EventID: 5) (User: )
Description: Error loading Symantec real time Anti-Virus driver.
Error: (10/11/2014 00:41:48 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/10/2014 09:52:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (10/10/2014 09:51:31 PM) (Source: SRTSP) (EventID: 5) (User: )
Description: Error loading Symantec real time Anti-Virus driver.
Error: (10/10/2014 09:51:31 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/10/2014 09:16:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (10/10/2014 09:15:28 AM) (Source: SRTSP) (EventID: 5) (User: )
Description: Error loading Symantec real time Anti-Virus driver.
Error: (10/10/2014 09:15:28 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/09/2014 05:47:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Microsoft Office Sessions:
=========================
Error: (10/10/2014 06:51:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/10/2014 06:49:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/10/2014 06:46:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/10/2014 06:45:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 215 Processor
Percentage of memory in use: 62%
Total physical RAM: 1791.37 MB
Available physical RAM: 664.63 MB
Total Pagefile: 3582.73 MB
Available Pagefile: 1376.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (eMachines) (Fixed) (Total:284.99 GB) (Free:223.65 GB) NTFS
Drive d: (PHARAO) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
|
12.10.2014, 13:53
| #4 |
| /// the machine /// TB-Ausbilder | Virenscanner meldet TR/Crypt.Xpack.99996 Logfile vom AV Programm? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.10.2014, 14:58
| #5 |
| | Virenscanner meldet TR/Crypt.Xpack.99996 Hallo Schrauber, hier kommt als erstes der logfile von avira, es ist der aktuellste, gestern wurden noch zahlreiche Viren vorher angezeigt, brauchtst Du die auch? Das wären sehr viele, Meldungen im Minutentakt. Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 11. Oktober 2014 23:21
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ANGELIKA
Versionsinformationen:
BUILD.DAT : 14.0.6.570 92022 Bytes 15.08.2014 10:30:00
AVSCAN.EXE : 14.0.6.548 1046608 Bytes 05.08.2014 08:43:27
AVSCANRC.DLL : 14.0.6.522 62544 Bytes 05.08.2014 08:43:27
LUKE.DLL : 14.0.6.522 57936 Bytes 05.08.2014 08:43:56
AVSCPLR.DLL : 14.0.6.548 92752 Bytes 05.08.2014 08:43:27
AVREG.DLL : 14.0.6.522 262224 Bytes 05.08.2014 08:43:24
avlode.dll : 14.0.6.526 603728 Bytes 05.08.2014 08:43:23
avlode.rdf : 14.0.4.46 64835 Bytes 08.09.2014 16:14:54
XBV00010.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:16
XBV00011.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:16
XBV00012.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:16
XBV00013.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:16
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:16
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:16
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:16
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:16
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:16
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:17
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:17
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:17
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:17
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:17
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:17
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:17
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:17
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:17
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:17
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:17
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:17
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:17
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:17
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:18
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:18
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:18
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:18
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:18
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:18
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:18
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:18
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 21:05:18
XBV00151.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:24:59
XBV00152.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:24:59
XBV00153.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:24:59
XBV00154.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:24:59
XBV00155.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:24:59
XBV00156.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:24:59
XBV00157.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:24:59
XBV00158.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:24:59
XBV00159.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:24:59
XBV00160.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:24:59
XBV00161.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:24:59
XBV00162.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:24:59
XBV00163.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:24:59
XBV00164.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00165.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00166.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00167.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00168.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00169.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00170.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00171.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00172.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00173.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00174.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00175.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00176.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00177.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00178.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00179.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:00
XBV00180.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00181.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00182.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00183.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00184.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00185.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00186.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00187.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00188.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00189.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00190.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00191.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00192.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00193.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00194.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00195.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00196.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:01
XBV00197.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:02
XBV00198.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:02
XBV00199.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:02
XBV00200.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:02
XBV00201.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:02
XBV00202.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:02
XBV00203.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:02
XBV00204.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:02
XBV00205.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:02
XBV00206.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:02
XBV00207.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:02
XBV00208.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00209.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00210.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00211.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00212.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00213.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00214.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00215.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00216.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00217.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00218.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00219.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00220.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00221.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00222.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00223.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:03
XBV00224.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00225.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00226.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00227.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00228.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00229.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00230.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00231.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00232.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00233.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00234.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00235.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00236.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00237.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00238.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00239.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00240.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00241.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:04
XBV00242.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:05
XBV00243.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:05
XBV00244.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:05
XBV00245.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:05
XBV00246.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:05
XBV00247.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:05
XBV00248.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:05
XBV00249.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:05
XBV00250.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:05
XBV00251.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:05
XBV00252.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:05
XBV00253.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:05
XBV00254.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:05
XBV00255.VDF : 8.11.175.172 2048 Bytes 30.09.2014 14:25:05
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 10:41:06
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:41:06
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 10:41:06
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 10:41:06
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 10:41:06
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 10:41:06
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 15:00:55
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 16:59:54
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 21:05:16
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 15:32:57
XBV00042.VDF : 8.11.175.172 1208832 Bytes 30.09.2014 14:24:52
XBV00043.VDF : 8.11.175.174 36864 Bytes 30.09.2014 14:24:53
XBV00044.VDF : 8.11.175.178 5632 Bytes 30.09.2014 20:25:08
XBV00045.VDF : 8.11.175.180 11264 Bytes 30.09.2014 20:25:08
XBV00046.VDF : 8.11.175.194 9728 Bytes 30.09.2014 07:51:16
XBV00047.VDF : 8.11.175.206 3072 Bytes 30.09.2014 07:51:17
XBV00048.VDF : 8.11.175.218 2560 Bytes 30.09.2014 07:51:17
XBV00049.VDF : 8.11.175.222 24576 Bytes 01.10.2014 07:51:17
XBV00050.VDF : 8.11.175.224 28160 Bytes 01.10.2014 18:37:16
XBV00051.VDF : 8.11.175.230 3072 Bytes 01.10.2014 18:37:16
XBV00052.VDF : 8.11.175.232 17408 Bytes 01.10.2014 18:37:16
XBV00053.VDF : 8.11.175.234 19456 Bytes 01.10.2014 18:37:16
XBV00054.VDF : 8.11.175.236 11264 Bytes 01.10.2014 18:37:16
XBV00055.VDF : 8.11.175.238 12288 Bytes 01.10.2014 18:37:16
XBV00056.VDF : 8.11.175.254 10240 Bytes 01.10.2014 09:43:28
XBV00057.VDF : 8.11.176.8 5120 Bytes 01.10.2014 09:43:28
XBV00058.VDF : 8.11.176.18 5120 Bytes 01.10.2014 09:43:28
XBV00059.VDF : 8.11.176.20 6144 Bytes 02.10.2014 09:43:28
XBV00060.VDF : 8.11.176.26 27136 Bytes 02.10.2014 09:43:28
XBV00061.VDF : 8.11.176.28 16384 Bytes 02.10.2014 09:43:28
XBV00062.VDF : 8.11.176.30 17408 Bytes 02.10.2014 18:48:23
XBV00063.VDF : 8.11.176.40 2048 Bytes 02.10.2014 18:48:23
XBV00064.VDF : 8.11.176.50 11264 Bytes 02.10.2014 18:48:23
XBV00065.VDF : 8.11.176.60 5632 Bytes 02.10.2014 18:48:23
XBV00066.VDF : 8.11.176.70 2048 Bytes 02.10.2014 18:48:23
XBV00067.VDF : 8.11.176.82 11264 Bytes 02.10.2014 18:48:24
XBV00068.VDF : 8.11.176.86 18944 Bytes 02.10.2014 09:15:42
XBV00069.VDF : 8.11.176.88 2048 Bytes 02.10.2014 09:15:42
XBV00070.VDF : 8.11.176.90 9216 Bytes 02.10.2014 09:15:42
XBV00071.VDF : 8.11.176.92 2048 Bytes 03.10.2014 09:15:43
XBV00072.VDF : 8.11.176.96 31744 Bytes 03.10.2014 09:15:43
XBV00073.VDF : 8.11.176.98 18432 Bytes 03.10.2014 15:15:08
XBV00074.VDF : 8.11.176.108 17408 Bytes 03.10.2014 15:15:08
XBV00075.VDF : 8.11.176.116 11264 Bytes 03.10.2014 15:15:08
XBV00076.VDF : 8.11.176.124 16384 Bytes 03.10.2014 15:15:09
XBV00077.VDF : 8.11.176.126 6144 Bytes 03.10.2014 15:15:09
XBV00078.VDF : 8.11.176.128 8192 Bytes 03.10.2014 15:15:09
XBV00079.VDF : 8.11.176.130 5632 Bytes 03.10.2014 21:15:11
XBV00080.VDF : 8.11.176.132 12288 Bytes 03.10.2014 21:15:11
XBV00081.VDF : 8.11.176.134 10752 Bytes 03.10.2014 21:15:11
XBV00082.VDF : 8.11.176.136 14848 Bytes 03.10.2014 21:15:11
XBV00083.VDF : 8.11.176.138 12800 Bytes 03.10.2014 21:15:11
XBV00084.VDF : 8.11.176.140 5632 Bytes 03.10.2014 09:20:08
XBV00085.VDF : 8.11.176.142 8704 Bytes 03.10.2014 09:20:08
XBV00086.VDF : 8.11.176.144 61440 Bytes 04.10.2014 09:20:08
XBV00087.VDF : 8.11.176.146 17920 Bytes 04.10.2014 15:21:18
XBV00088.VDF : 8.11.176.148 11264 Bytes 04.10.2014 21:20:00
XBV00089.VDF : 8.11.176.150 57856 Bytes 05.10.2014 15:20:50
XBV00090.VDF : 8.11.176.158 3072 Bytes 05.10.2014 15:20:50
XBV00091.VDF : 8.11.176.166 7680 Bytes 05.10.2014 15:20:50
XBV00092.VDF : 8.11.176.180 2048 Bytes 05.10.2014 15:20:50
XBV00093.VDF : 8.11.176.188 50176 Bytes 06.10.2014 08:56:22
XBV00094.VDF : 8.11.176.190 2048 Bytes 06.10.2014 08:56:22
XBV00095.VDF : 8.11.176.192 10752 Bytes 06.10.2014 08:56:22
XBV00096.VDF : 8.11.176.194 4608 Bytes 06.10.2014 08:56:22
XBV00097.VDF : 8.11.176.202 4608 Bytes 06.10.2014 08:56:22
XBV00098.VDF : 8.11.176.208 66560 Bytes 06.10.2014 14:55:44
XBV00099.VDF : 8.11.176.214 2048 Bytes 06.10.2014 14:55:44
XBV00100.VDF : 8.11.176.226 2048 Bytes 06.10.2014 14:55:44
XBV00101.VDF : 8.11.176.238 31232 Bytes 06.10.2014 14:55:44
XBV00102.VDF : 8.11.176.244 12288 Bytes 06.10.2014 20:55:54
XBV00103.VDF : 8.11.176.250 18944 Bytes 06.10.2014 20:55:54
XBV00104.VDF : 8.11.176.254 17408 Bytes 06.10.2014 07:23:26
XBV00105.VDF : 8.11.177.0 6656 Bytes 07.10.2014 07:23:26
XBV00106.VDF : 8.11.177.4 15872 Bytes 07.10.2014 07:23:26
XBV00107.VDF : 8.11.177.6 4608 Bytes 07.10.2014 07:23:26
XBV00108.VDF : 8.11.177.12 6144 Bytes 07.10.2014 07:23:27
XBV00109.VDF : 8.11.177.16 3072 Bytes 07.10.2014 13:23:00
XBV00110.VDF : 8.11.177.20 8704 Bytes 07.10.2014 13:23:00
XBV00111.VDF : 8.11.177.24 3072 Bytes 07.10.2014 13:23:00
XBV00112.VDF : 8.11.177.26 4608 Bytes 07.10.2014 13:23:00
XBV00113.VDF : 8.11.177.30 16896 Bytes 07.10.2014 19:23:53
XBV00114.VDF : 8.11.177.32 2048 Bytes 07.10.2014 19:23:53
XBV00115.VDF : 8.11.177.34 9728 Bytes 07.10.2014 19:23:53
XBV00116.VDF : 8.11.177.36 2048 Bytes 07.10.2014 19:23:53
XBV00117.VDF : 8.11.177.40 49152 Bytes 07.10.2014 07:18:41
XBV00118.VDF : 8.11.177.42 6656 Bytes 07.10.2014 07:18:42
XBV00119.VDF : 8.11.177.46 13312 Bytes 08.10.2014 07:18:42
XBV00120.VDF : 8.11.177.48 6656 Bytes 08.10.2014 07:18:42
XBV00121.VDF : 8.11.177.50 4608 Bytes 08.10.2014 07:18:42
XBV00122.VDF : 8.11.177.52 2560 Bytes 08.10.2014 13:18:34
XBV00123.VDF : 8.11.177.70 19968 Bytes 08.10.2014 19:18:39
XBV00124.VDF : 8.11.177.78 6656 Bytes 08.10.2014 19:18:39
XBV00125.VDF : 8.11.177.86 13312 Bytes 08.10.2014 19:18:39
XBV00126.VDF : 8.11.177.88 2048 Bytes 08.10.2014 19:18:39
XBV00127.VDF : 8.11.177.90 15360 Bytes 08.10.2014 07:58:32
XBV00128.VDF : 8.11.177.92 2048 Bytes 08.10.2014 07:58:32
XBV00129.VDF : 8.11.177.94 4096 Bytes 08.10.2014 07:58:32
XBV00130.VDF : 8.11.177.96 13824 Bytes 08.10.2014 07:58:32
XBV00131.VDF : 8.11.177.98 4608 Bytes 09.10.2014 07:58:32
XBV00132.VDF : 8.11.177.100 6144 Bytes 09.10.2014 07:58:32
XBV00133.VDF : 8.11.177.102 12800 Bytes 09.10.2014 07:58:32
XBV00134.VDF : 8.11.177.104 16896 Bytes 09.10.2014 07:22:00
XBV00135.VDF : 8.11.177.106 11264 Bytes 09.10.2014 07:22:00
XBV00136.VDF : 8.11.177.108 15360 Bytes 09.10.2014 07:22:00
XBV00137.VDF : 8.11.177.110 23040 Bytes 09.10.2014 07:22:00
XBV00138.VDF : 8.11.177.112 2048 Bytes 09.10.2014 07:22:00
XBV00139.VDF : 8.11.177.116 20480 Bytes 09.10.2014 07:22:00
XBV00140.VDF : 8.11.177.118 2560 Bytes 09.10.2014 07:22:00
XBV00141.VDF : 8.11.177.122 10240 Bytes 10.10.2014 07:22:00
XBV00142.VDF : 8.11.177.124 2048 Bytes 10.10.2014 07:22:00
XBV00143.VDF : 8.11.177.126 3072 Bytes 10.10.2014 13:20:55
XBV00144.VDF : 8.11.177.134 14336 Bytes 10.10.2014 13:20:55
XBV00145.VDF : 8.11.177.146 14848 Bytes 10.10.2014 13:20:55
XBV00146.VDF : 8.11.177.156 33792 Bytes 10.10.2014 19:21:10
XBV00147.VDF : 8.11.177.158 2048 Bytes 10.10.2014 19:21:10
XBV00148.VDF : 8.11.177.162 26624 Bytes 10.10.2014 10:47:49
XBV00149.VDF : 8.11.177.164 10240 Bytes 10.10.2014 10:47:49
XBV00150.VDF : 8.11.177.168 20480 Bytes 11.10.2014 10:47:49
LOCAL000.VDF : 8.11.177.168 112385024 Bytes 11.10.2014 10:48:26
Engineversion : 8.3.24.36
AEVDF.DLL : 8.3.1.6 133992 Bytes 20.08.2014 15:31:16
AESCRIPT.DLL : 8.2.0.28 436136 Bytes 02.10.2014 09:43:27
AESCN.DLL : 8.3.2.2 139456 Bytes 21.07.2014 15:19:12
AESBX.DLL : 8.2.20.24 1409224 Bytes 08.05.2014 13:26:43
AERDL.DLL : 8.2.0.138 704888 Bytes 25.02.2014 10:41:04
AEPACK.DLL : 8.4.0.54 788392 Bytes 24.09.2014 15:54:05
AEOFFICE.DLL : 8.3.0.30 223144 Bytes 06.10.2014 14:55:44
AEHEUR.DLL : 8.1.4.1330 7613296 Bytes 09.10.2014 15:52:04
AEHELP.DLL : 8.3.1.0 278728 Bytes 28.05.2014 19:08:40
AEGEN.DLL : 8.1.7.30 453480 Bytes 26.09.2014 14:37:01
AEEXP.DLL : 8.4.2.32 247712 Bytes 02.09.2014 16:11:27
AEEMU.DLL : 8.1.3.4 399264 Bytes 07.08.2014 21:05:03
AEDROID.DLL : 8.4.2.24 442568 Bytes 04.06.2014 14:04:52
AECORE.DLL : 8.3.2.6 243712 Bytes 07.08.2014 21:05:03
AEBB.DLL : 8.1.2.0 60448 Bytes 07.08.2014 21:05:03
AVWINLL.DLL : 14.0.6.522 24144 Bytes 05.08.2014 08:43:16
AVPREF.DLL : 14.0.6.522 50256 Bytes 05.08.2014 08:43:23
AVREP.DLL : 14.0.6.522 219216 Bytes 05.08.2014 08:43:24
AVARKT.DLL : 14.0.5.368 226384 Bytes 24.06.2014 09:29:05
AVEVTLOG.DLL : 14.0.6.522 182352 Bytes 05.08.2014 08:43:21
SQLITE3.DLL : 14.0.6.522 452176 Bytes 05.08.2014 08:44:02
AVSMTP.DLL : 14.0.6.522 76368 Bytes 05.08.2014 08:43:28
NETNT.DLL : 14.0.6.522 13392 Bytes 05.08.2014 08:43:56
RCIMAGE.DLL : 14.0.6.544 4863568 Bytes 05.08.2014 08:43:17
RCTEXT.DLL : 14.0.6.558 76080 Bytes 02.09.2014 10:11:42
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Schnelle Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\quicksysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Quarantäne
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Samstag, 11. Oktober 2014 23:21
Der Suchlauf über die Bootsektoren wird begonnen:
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'nSvcAppFlt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'GregHSRW.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'ccSvcHst.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'ogmservice.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'nSvcIp.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '194' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotkeyUtility.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'FRST64.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'notepad.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'notepad.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZY-MKFTP2.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZY-MKFTP2.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-1901903680-3249174370-2502805026-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hasaejiw> konnte nicht entfernt werden.
C:\Users\Bastet\AppData\Local\Tqispkicvn\aurqvejiw.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.108810
[WARNUNG] Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004
[WARNUNG] Die Quelldatei konnte nicht gefunden werden.
[HINWEIS] Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
[WARNUNG] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[WARNUNG] Die Datei konnte nicht gelöscht werden!
[WARNUNG] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-1901903680-3249174370-2502805026-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hasaejiw> konnte nicht repariert werden.
[HINWEIS] Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
[HINWEIS] Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
[WARNUNG] Die Datei wurde ignoriert.
Die Registry wurde durchsucht ( '1953' Dateien ).
Ende des Suchlaufs: Samstag, 11. Oktober 2014 23:23
Benötigte Zeit: 01:51 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
2749 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
2748 Dateien ohne Befall
26 Archive wurden durchsucht
1 Warnungen
1 Hinweise
18 Funde in 5 Dateien. TR/Crypt Z PACK.108810 X PACK. 99925 TR/Matsnu.A.237 Phish. PayPal EZ Phish. PayPal.iema Danke im voraus, AKGI |
|
13.10.2014, 09:25
| #6 |
| /// the machine /// TB-Ausbilder | Virenscanner meldet TR/Crypt.Xpack.99996 Unsere Tools brauchen immer Adminrechte! Bankdaten, Paswörter und Zugänge von einem anderen Rechner aus ändern. Scan mit Combofix
__________________ --> Virenscanner meldet TR/Crypt.Xpack.99996 |
|
13.10.2014, 17:59
| #7 |
| | Virenscanner meldet TR/Crypt.Xpack.99996 Hallo Schrauber, ich habe Combofix durchlaufen lassen. Hier kommen die Ergebnisse. Avira musste ich komplett deinstallieren, ging nicht anders. Code:
ATTFilter ComboFix 14-10-13.01 - Admin 13.10.2014 18:01:00.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1791.467 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\emachines.ico
c:\users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Mega Browse_iels
c:\users\Admin\AppData\Roaming\.#
c:\users\Bastet\AppData\Roaming\.#
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-09-13 bis 2014-10-13 ))))))))))))))))))))))))))))))
.
.
2014-10-13 16:09 . 2014-10-13 16:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-10-13 16:09 . 2014-10-13 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-13 16:09 . 2014-10-13 16:09 -------- d-----w- c:\users\Bastet\AppData\Local\temp
2014-10-13 16:03 . 2014-10-13 16:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CB81C91-65F6-4746-89C3-6D37AD3CF333}\offreg.dll
2014-10-11 18:37 . 2014-10-11 18:40 -------- d-----w- C:\FRST
2014-10-11 15:46 . 2014-10-11 15:46 -------- d--h--w- c:\users\Bastet\AppData\Roaming\Mowilbt
2014-10-11 10:56 . 2014-10-13 09:03 -------- d--h--w- c:\users\Bastet\AppData\Roaming\Vacica
2014-10-10 12:33 . 2014-10-13 15:25 -------- d-----w- c:\programdata\vmomul
2014-10-10 07:17 . 2014-10-12 10:04 -------- d--h--w- c:\users\Bastet\AppData\Local\Tqispkicvn
2014-10-09 21:19 . 2014-10-09 21:21 -------- d--h--w- c:\users\Bastet\AppData\Roaming\Qkgjcau
2014-09-27 12:48 . 2014-09-27 12:48 -------- d-----w- C:\SIERRA
2014-09-27 12:48 . 2014-09-27 12:48 -------- d-----w- c:\program files (x86)\Sierra On-Line
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 09:18 . 2014-03-12 22:13 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 09:18 . 2014-03-12 22:13 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-02-05 00:51 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-05 39408]
"Spiele Post"="c:\program files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe" [2013-12-06 483400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2009-11-25 469536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [x]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [x]
S2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 09:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-02-05 00:51 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 9608224]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.startfenster.de
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\
FF - prefs.js: browser.search.selectedEngine - SuchMaschine
FF - prefs.js: browser.startup.homepage - hxxp://www.startfenster.de
FF - prefs.js: keyword.URL - hxxp://www.sm.de/?q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Pharao - c:\windows\IsUn0407.exe
AddRemove-S3 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1901903680-3249174370-2502805026-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:33,0e,4a,a3,6f,df,c1,25,10,c8,1d,1e,42,33,2c,2e,c3,5d,bf,37,35,81,1f,
75,f0,8f,b7,b1,53,e2,d3,4c,3e,a3,0e,6d,f4,51,98,10,b8,62,11,c6,db,82,68,35,\
"??"=hex:ee,da,bd,8e,57,3b,06,af,47,b9,e5,45,2a,5c,55,32
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-13 18:20:18
ComboFix-quarantined-files.txt 2014-10-13 16:20
.
Vor Suchlauf: 12 Verzeichnis(se), 240.479.117.312 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 240.579.842.048 Bytes frei
.
- - End Of File - - B0829CDBB9C28A4AF0FD4313F561C78D
A36C5E4F47E84449FF07ED3517B43A31
|
|
14.10.2014, 12:42
| #8 |
| /// the machine /// TB-Ausbilder | Virenscanner meldet TR/Crypt.Xpack.99996 Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.10.2014, 21:56
| #9 |
| | Virenscanner meldet TR/Crypt.Xpack.99996 Hallo Schrauber, vielen Dank für Deine Mühe. Hier kommen die Ergebnisse. Ich habe auf meinem PC 2 Bwenutzerprofile angelegt. Administrator und ein weiteres. Die suchläufe habe ich im Administratorprofil ausgeführt. Muß ich die in dem anderen Profil auch noch laufen lassen oder reicht das? Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.10.2014 Suchlauf-Zeit: 15:08:17 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.10.14.08 Rootkit Datenbank: v2014.10.11.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Admin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 402377 Verstrichene Zeit: 14 Min, 50 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 9 PUP.Optional.NewHub.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aoejbmmillcdifgagjpdlaamnalbielp, In Quarantäne, [f9a7c153dca0270fa97f8ef6d52ff907], PUP.Optional.NewHub.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aoejbmmillcdifgagjpdlaamnalbielp, In Quarantäne, [ccd473a1a2da74c20d1b9ce88183f20e], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [d0d0d73df785181e9e2bcf5817ec45bb], PUP.Optional.NewHub.A, HKU\S-1-5-21-1901903680-3249174370-2502805026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aoejbmmillcdifgagjpdlaamnalbielp, In Quarantäne, [851b4fc53547e650d0591074db29bc44], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1901903680-3249174370-2502805026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [bce4de366f0d5adc25d6dd6fbe45ea16], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1901903680-3249174370-2502805026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [c6dab75d1b616accae99263d8d7741bf], PUP.Optional.SuperFish.A, HKU\S-1-5-21-1901903680-3249174370-2502805026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [257bf61e6f0ddc5a30491b0e30d3827e], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-1901903680-3249174370-2502805026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [307030e4c4b88fa75d6b6fb8bc47b34d], PUP.Optional.Updater.A, HKU\S-1-5-21-1901903680-3249174370-2502805026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UpdaterEX, In Quarantäne, [257bd143b5c7a096390e8185fe0518e8], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-1901903680-3249174370-2502805026-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, In Quarantäne, [c6dab75d1b616accae99263d8d7741bf] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 7 PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.SystemSpeedup, C:\Users\Admin\AppData\Roaming\systweak\ssd, In Quarantäne, [e0c08c880d6f77bff06d48b99a696c94], PUP.Optional.NewHub.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp, In Quarantäne, [3f617a9aed8fd16502eb24de93701fe1], PUP.Optional.Updater.A, C:\Users\Admin\AppData\Roaming\UpdaterEX\UpdateProc, In Quarantäne, [257bd143b5c7a096390e8185fe0518e8], Dateien: 157 PUP.Downloader.ZYL, C:\Users\Bastet\Pictures\liongdownload.exe, In Quarantäne, [227eb36188f440f6bfa2a72ba65a8e72], PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\searchplugins\search-the-web.xml, In Quarantäne, [c0e051c3f488280ea3bde55dd23133cd], PUP.Optional.CrossRider.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\searchplugins\search-the-web.xml, In Quarantäne, [138df024ec90b5814a16ca78010242be], PUP.Optional.NewHub.A, C:\Users\Admin\AppData\Local\nwhb-v9.4.15.crx, In Quarantäne, [6d33d242abd141f5d651eb99e420966a], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\023aa17ac9b4d4508214460a057f2270, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\03917a36200d6b64a86e895fc26a3262, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\059d0773476e585aaab0cb05f2d35011, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\0b12654c5711f7cde49ae8c25f3da38c.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\0c82e5b864501f211be07075dc4be877, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\163418f233affe8a749c669e663c7388, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\1c78e139180d5495e3e9d918bd0491ed, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\1d8668b7112e25597794b7cebaef26b4, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\863244884c13f5f32b09296c582fbdd7.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\8ac482009c24f4e3c08ceab6ad53837b, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\946f8b91f4c2038513723ed0309837da.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\991da48f15dc91020b5b839ffbcc1ec4.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\9d79a4bcf66a9569af94bfb1e9d9fffc, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\b0d04a379326cc971538f3ecc6e4945d.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\b1f765a691d33d70d825b5ee4d82a00a, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\b4fc19616a211ba1ce6fdeb987d83986, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\b70c539aa3601c1da3539ac2f6ef9954, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\c55aafcdfbc1b6c879184ff7c971e100.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\ca778d8032bff8589c9ea58165547209, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\41579272c0627956920ac60c2f3daffa, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\49e51fe4c47d07c6a4df0cb31a1bc92d, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\4d03df8bfdede597b47e63f6714f6aa5, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\4d112a27a725b7d2d9e7487c4c114214.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\5d5ae10d9dbf6c32b9e724ee97183bb1.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\612dc44b76ebf053257ba62b314ae79c, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\76f7a8b58c0f3555093caf4d120d7b09, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\78529f8901b92f0cd38ca25e572561b4.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\7cde12a35df366d4aa534b69b453c92e.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\7f26d2753138a5ebec0c48f6ece74ecb.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\8605190db1a4b0b68eaec697f0ccabca, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\2249a842b96cba2639b51b15ab7d676e.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\2307328ea5b85f50ab61208ede74b646, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\25b1261278723124ba1019e877fb61f0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\28dca5044d0a6441e2038be08cb826f7, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\2eff0691e1573f5c0d873e9db3696c18, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\313c238dc888c75cb26d7ff7a7f4b20d.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\336bc4e68681b52d6f56a2b42c26f92b.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\3513a4759c9e63e788687765924cdf4b, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\38e57055c77d685cb6a4002b23e54fc3, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\3f10c0f0b60ea2b5efa2d3278e712442, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\cc1cadc55dcfeab42c71ddc651b9fe75.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\cfbf9dd3ed978b23c1976cf9c7fe11bc, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\d27d4ff2a66b4ce77fe249c7ab0bfa37, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\d29b31cf195edad59abbff37dc1ba2fd, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\d33f53719b1950985d633c5abf5a610c, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\d46deb45f2b0c6145a71d5ed76b9c1b3, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\e317a556707197fcc3cea7c5baa6355b.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\e451021fc5c21df4aac3dabe09e5aa56.0, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\e82234db721e302dfb76b032df6228b2, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\ec933e0432b5461997a2523f42e1a674, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\f27443640b9d518de03b5040b1aee086, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\fb278845d49896d2b3b87fdcb5103ab7, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\tb.xml, In Quarantäne, [dec26ca8a1db171f211e9c52a2602cd4], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\0100070592e1361ff0095a70e12a8e88.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\023aa17ac9b4d4508214460a057f2270, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\03917a36200d6b64a86e895fc26a3262, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\059d0773476e585aaab0cb05f2d35011, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\0879abcb0b556f43130e09a19c2167ed.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\0b12654c5711f7cde49ae8c25f3da38c.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\0c82e5b864501f211be07075dc4be877, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\163418f233affe8a749c669e663c7388, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\1c78e139180d5495e3e9d918bd0491ed, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\1d8668b7112e25597794b7cebaef26b4, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\863244884c13f5f32b09296c582fbdd7.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\899740369a631c4b8a713ccb7c49b4ab, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\8ac482009c24f4e3c08ceab6ad53837b, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\92865d0552a95b43016a83e316670757, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\93c8ae032116cafd334f3a47efa3cb4f.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\946f8b91f4c2038513723ed0309837da.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\95be336a9d1fc1c98b31a03732905b2a, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\991da48f15dc91020b5b839ffbcc1ec4.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\9cf0e3a9013019a82c4658bd3eeb538f, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\9d3c1de86141343479116b8eded49b3e.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\9d74bc233d5f4b79f8a7f331b681f261.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\9d79a4bcf66a9569af94bfb1e9d9fffc, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\41579272c0627956920ac60c2f3daffa, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\48cb8e496a08497f3ed4f8fd6a2e14c7.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\49e51fe4c47d07c6a4df0cb31a1bc92d, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\4a2b0b1be67c9f2fc2c2f10bbed4796b.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\4d03df8bfdede597b47e63f6714f6aa5, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\4d112a27a725b7d2d9e7487c4c114214.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\5b71431ff225e02a2ed19e3ca7c708a1.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\5c0fdd894ec6e7d8f1c82473519d4c40.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\5d5ae10d9dbf6c32b9e724ee97183bb1.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\612dc44b76ebf053257ba62b314ae79c, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\cc1cadc55dcfeab42c71ddc651b9fe75.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\cfbf9dd3ed978b23c1976cf9c7fe11bc, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\d27d4ff2a66b4ce77fe249c7ab0bfa37, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\d29b31cf195edad59abbff37dc1ba2fd, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\d33f53719b1950985d633c5abf5a610c, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\d42c7c2f9e879ee06554b93395fa805c.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\d46deb45f2b0c6145a71d5ed76b9c1b3, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\d5c005b2e6e2c84930ba26611ad0a8b4.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\1edc728ae2aafe4ffcc80ec906fd5451.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\2079d31e92813551c2cb0156526d49e6.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\2249a842b96cba2639b51b15ab7d676e.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\2307328ea5b85f50ab61208ede74b646, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\25b1261278723124ba1019e877fb61f0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\26082a533fcc92d401bc2561cd0ec0ed.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\27c07290d762f3198e96f5455f6ff4e1.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\28dca5044d0a6441e2038be08cb826f7, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\294e94d3b684329dad89a56c7222553b, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\3f10c0f0b60ea2b5efa2d3278e712442, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\a4febc43524335355f11b81f17d01777.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\aa1cdd458b2c615c233082744edee192.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\af684ac0d2d5530df5c289fe5a957df2.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\b0d04a379326cc971538f3ecc6e4945d.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\b1f765a691d33d70d825b5ee4d82a00a, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\b4fc19616a211ba1ce6fdeb987d83986, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\b70c539aa3601c1da3539ac2f6ef9954, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\bb9ce8b3027e9b6b8cb990fd960caeb9.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\bdc224cda67b116ee275826c5ba5fc68.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\be65b7b9edba5d8f15a170b3466c1c27.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\c55aafcdfbc1b6c879184ff7c971e100.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\c9ff927ea04fa09195723465891e22dc, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\ca778d8032bff8589c9ea58165547209, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\61dcf07d1eb17b097bf523056df61c80.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\665dd649699b9f8bec71b76234520468.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\741903e66785c0f02125fdcfa662c45b, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\76f7a8b58c0f3555093caf4d120d7b09, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\78529f8901b92f0cd38ca25e572561b4.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\7a3d01d801d2b912f9368e5461a3ebc8.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\7cde12a35df366d4aa534b69b453c92e.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\7f26d2753138a5ebec0c48f6ece74ecb.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\82583e2365b0262c58811ab05becf741.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\8605190db1a4b0b68eaec697f0ccabca, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\2eff0691e1573f5c0d873e9db3696c18, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\313c238dc888c75cb26d7ff7a7f4b20d.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\336bc4e68681b52d6f56a2b42c26f92b.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\33c9c8a5cd03db7d99db2ea8ceba5cd5, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\3513a4759c9e63e788687765924cdf4b, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\3553447953c29ec69bc189ee095c5a05.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\38e57055c77d685cb6a4002b23e54fc3, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\3d6c446c4c469af9585cf1752349a480.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\e317a556707197fcc3cea7c5baa6355b.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\e451021fc5c21df4aac3dabe09e5aa56.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\e7479970e3c4e3cf9c80b2ec4e1efd96.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\e82234db721e302dfb76b032df6228b2, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\ec933e0432b5461997a2523f42e1a674, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\efaa0b2054a1c67acd1419114e1a6cc0.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\f0097b7e4ba2bcce49b73ed0745e00d4.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\f27443640b9d518de03b5040b1aee086, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\fb278845d49896d2b3b87fdcb5103ab7, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\fddf958a148f8c337282a6f0ef5716e4.0, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.FreeCauseTB.A, C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\62781\tb.xml, In Quarantäne, [762acd47bac2a78fc778f4fa1ae827d9], PUP.Optional.SystemSpeedup, C:\Users\Admin\AppData\Roaming\systweak\ssd\SSDPTstub.exe, In Quarantäne, [e0c08c880d6f77bff06d48b99a696c94], PUP.Optional.NewHub.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoejbmmillcdifgagjpdlaamnalbielp\dt.dat, In Quarantäne, [3f617a9aed8fd16502eb24de93701fe1], PUP.Optional.Updater.A, C:\Users\Admin\AppData\Roaming\UpdaterEX\UpdateProc\config.dat, In Quarantäne, [257bd143b5c7a096390e8185fe0518e8], PUP.Optional.Updater.A, C:\Users\Admin\AppData\Roaming\UpdaterEX\UpdateProc\info.dat, In Quarantäne, [257bd143b5c7a096390e8185fe0518e8], PUP.Optional.Updater.A, C:\Users\Admin\AppData\Roaming\UpdaterEX\UpdateProc\prod.dat, In Quarantäne, [257bd143b5c7a096390e8185fe0518e8], PUP.Optional.Updater.A, C:\Users\Admin\AppData\Roaming\UpdaterEX\UpdateProc\STTL.DAT, In Quarantäne, [257bd143b5c7a096390e8185fe0518e8], PUP.Optional.Updater.A, C:\Users\Admin\AppData\Roaming\UpdaterEX\UpdateProc\TTL.DAT, In Quarantäne, [257bd143b5c7a096390e8185fe0518e8], PUP.Optional.Updater.A, C:\Users\Admin\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe, In Quarantäne, [257bd143b5c7a096390e8185fe0518e8], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.000 - Bericht erstellt am 14/10/2014 um 15:46:24
# DB v2014-10-13.5
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Admin - ANGELIKA
# Gestartet von : C:\Users\Admin\Desktop\AdwCleaner_4.000.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : Partner Service
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\FCTB
Ordner Gelöscht : C:\Users\Bastet\AppData\Roaming\Mozilla\Firefox\Profiles\sfon7koq.default\FCTB
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\iWin
Ordner Gelöscht : C:\Users\Bastet\AppData\Roaming\iWin
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Systweak
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\UpdaterEX
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Admin\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Admin\Desktop\Startfenster.lnk
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\UpdaterEX
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v32.0.3 (x86 de)
[d2wo7w4e.default] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.startfenster.de");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.AutoSearchEventData", "auto%20search");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ClearCacheDate", 14);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DNSCatch", false);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DisplayEULA", false);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DnsCatchEventData", "dns%20catch");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.FirstLaunchShown", true);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.LoadLayoutDate.62781", 14);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.NewTabSearchEventData", "tab%20search");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ShowRecommendedOptions", true);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.StateReportDate", "1413215352214");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.TopRightSearchEventData", "top%20right%20search");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeInstallSaved", true);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.homepage", "www.google.de");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.search", "Google");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.comp.affiliate.2810218.disabled", false);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.customNewTab", true);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.helpUsImprove", true);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.hideOthers", false);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.processAddrBar", true);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.restoreSearch", false);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.searchHistory", false);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.session", "58D09689DC5BE31CBE0D2859132E9A502532F67CE11E79D22F1A3F4F6C6B4BCF6DDA2C45629ABF697807A8F6D2A758BC8104320523F9EBC390AAD06D8CE4BBDD");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.showFirstLaunchOptions", false);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tb_lang", "en");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tool_id", "62781");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_id", "85119746");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_key", "2151fa21b376b217e389ef8d27c881d68d42a938");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_layouts", "62781");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_lnames", "Gamers%20Unite%21%20Snag%20Bar");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.xml_service_url", "64e3a27980eeceb34248bc3e680b4e63");
[d2wo7w4e.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.yahooSearch", true);
[d2wo7w4e.default] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://www.sm.de/?q=");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.AutoSearchEventData", "auto%20search");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ClearCacheDate", 13);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DNSCatch", false);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DisplayEULA", false);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DnsCatchEventData", "dns%20catch");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.FirstLaunchShown", true);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.LoadLayoutDate.62781", 13);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.NewTabSearchEventData", "tab%20search");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ShowDescriptiveText", true);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ShowRecommendedOptions", true);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.StateReportDate", "1413213128687");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.TopRightSearchEventData", "top%20right%20search");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeInstallSaved", true);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.homepage", "www.google.de");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.search", "Google");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.comp.affiliate.2810218.disabled", false);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.customNewTab", true);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.helpUsImprove", true);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.hideOthers", false);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.processAddrBar", true);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.restoreSearch", false);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.searchHistory", false);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.session", "58D09689DC5BE31CBE0D2859132E9A502532F67CE11E79D22F1A3F4F6C6B4BCF6DDA2C45629ABF697807A8F6D2A758BC8104320523F9EBC390AAD06D8CE4BBDD");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.showFirstLaunchOptions", false);
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tb_lang", "en");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tool_id", "62781");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_id", "85120638");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_key", "5a5a3ee5a976f354d88634260dc3ff354888aa67");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_layouts", "62781");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_lnames", "Gamers%20Unite%21%20Snag%20Bar");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.xml_service_url", "64e3a27980eeceb34248bc3e680b4e63");
[sfon7koq.default] - Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.yahooSearch", true);
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [12907 octets] - [14/10/2014 15:38:50]
AdwCleaner[S0].txt - [12624 octets] - [14/10/2014 15:46:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12685 octets] ##########
weiter gehts. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 14.10.2014 at 15:59:23,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
~~~ Files
Successfully deleted: [File] "C:\Users\Admin\favorites\links\startfenster.lnk"
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\d2wo7w4e.default\searchplugins\search-the-web.xml
Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\d2wo7w4e.default\fctb
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\d2wo7w4e.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.10.2014 at 16:03:30,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02 Ran by Admin (administrator) on ANGELIKA on 14-10-2014 16:13:08 Running from C:\Users\Admin\Desktop Loaded Profiles: Admin & UpdatusUser (Available profiles: Admin & UpdatusUser & Bastet) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2009-11-17] (Realtek Semiconductor) HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [469536 2009-11-25] () HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation) HKU\S-1-5-21-1901903680-3249174370-2502805026-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-02-05] (Google Inc.) HKU\S-1-5-21-1901903680-3249174370-2502805026-1001\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium) HKU\S-1-5-21-1901903680-3249174370-2502805026-1003\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-22] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {D4D96C01-CF46-40CF-B535-CB8D81CE1139} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE579 SearchScopes: HKCU - {D4D96C01-CF46-40CF-B535-CB8D81CE1139} URL = hxxp://www.sm.de/?q={searchTerms} BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default FF DefaultSearchEngine: SuchMaschine FF SearchEngineOrder.1: SuchMaschine FF SelectedSearchEngine: SuchMaschine FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\searchplugins\search_engine.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml Chrome: ======= CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-13] CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-13] CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-13] CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-13] CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-13] CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-13] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-11] () R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [117640 2010-02-05] (Symantec Corporation) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-11] () R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.) S2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-04] (Acer) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) S1 SRTSP; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSP64.SYS [476720 2010-02-05] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSPX64.SYS [32304 2010-02-05] (Symantec Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091101.004\ENG64.SYS [X] S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091101.004\EX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-14 16:13 - 2014-10-14 16:13 - 00013235 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-10-14 16:12 - 2014-10-14 16:12 - 02110464 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2014-10-14 16:03 - 2014-10-14 16:03 - 00001676 _____ () C:\Users\Admin\Desktop\JRT.txt 2014-10-14 15:59 - 2014-10-14 15:59 - 00000000 ____D () C:\Windows\ERUNT 2014-10-14 15:56 - 2014-10-14 15:56 - 01705698 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe 2014-10-14 15:50 - 2014-10-14 15:50 - 00012774 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt 2014-10-14 15:38 - 2014-10-14 15:46 - 00000000 ____D () C:\AdwCleaner 2014-10-14 15:37 - 2014-10-14 15:37 - 01976320 _____ () C:\Users\Admin\Desktop\AdwCleaner_4.000.exe 2014-10-14 15:04 - 2014-10-14 15:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-14 15:04 - 2014-10-14 15:04 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-14 15:04 - 2014-10-14 15:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-14 15:04 - 2014-10-14 15:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-14 15:04 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-14 15:04 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-14 15:04 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-14 14:59 - 2014-10-14 14:59 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.3.1025.exe 2014-10-13 18:20 - 2014-10-13 18:20 - 00012715 _____ () C:\ComboFix.txt 2014-10-13 17:58 - 2014-10-13 18:20 - 00000000 ____D () C:\Qoobox 2014-10-13 17:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-10-13 17:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-10-13 17:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-10-13 17:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-10-13 17:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-10-13 17:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-10-13 17:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-10-13 17:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-10-13 17:57 - 2014-10-13 18:17 - 00000000 ____D () C:\Windows\erdnt 2014-10-13 17:56 - 2014-10-13 17:57 - 05582915 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe 2014-10-13 17:19 - 2014-10-13 17:19 - 05582915 _____ (Swearware) C:\Users\Bastet\Desktop\ComboFix.exe 2014-10-11 20:40 - 2014-10-11 20:40 - 00031388 _____ () C:\Users\Bastet\Desktop\Addition.txt 2014-10-11 20:38 - 2014-10-11 20:40 - 00019687 _____ () C:\Users\Bastet\Desktop\FRST.txt 2014-10-11 20:37 - 2014-10-14 16:13 - 00000000 ____D () C:\FRST 2014-10-11 20:35 - 2014-10-11 20:35 - 02109952 _____ (Farbar) C:\Users\Bastet\Desktop\FRST64.exe 2014-10-11 20:31 - 2014-10-11 20:32 - 02109952 _____ (Farbar) C:\Users\Bastet\Downloads\FRST64(1).exe 2014-10-11 20:28 - 2014-10-11 20:28 - 02109952 _____ (Farbar) C:\Users\Bastet\Downloads\FRST64.exe 2014-10-11 17:46 - 2014-10-11 17:46 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Mowilbt 2014-10-11 12:56 - 2014-10-13 11:03 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Vacica 2014-10-10 14:33 - 2014-10-13 17:25 - 00000000 ____D () C:\ProgramData\vmomul 2014-10-10 09:17 - 2014-10-12 12:04 - 00000000 ___HD () C:\Users\Bastet\AppData\Local\Tqispkicvn 2014-10-09 23:19 - 2014-10-09 23:21 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Qkgjcau 2014-10-07 16:30 - 2014-10-07 16:30 - 00000753 _____ () C:\Users\Bastet\Desktop\Pharao.lnk 2014-10-07 16:29 - 2014-10-07 16:29 - 00000000 ____D () C:\Users\Bastet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-10-07 16:06 - 2014-10-07 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra 2014-09-27 15:01 - 2014-09-27 15:01 - 00003036 _____ () C:\Windows\System32\Tasks\{D274B684-3FD5-480A-B289-32352445C37C} 2014-09-27 14:48 - 2014-09-27 14:48 - 00000000 ____D () C:\SIERRA 2014-09-27 14:48 - 2014-09-27 14:48 - 00000000 ____D () C:\Program Files (x86)\Sierra On-Line 2014-09-27 14:47 - 2014-10-07 16:06 - 00000302 _____ () C:\Windows\SIERRA.INI 2014-09-24 22:11 - 2014-09-24 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-21 00:40 - 2014-07-13 16:33 - 00001298 _____ () C:\Users\Bastet\Desktop\Ritter Arthur 4.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-14 15:55 - 2014-03-12 16:48 - 01242619 _____ () C:\Windows\WindowsUpdate.log 2014-10-14 15:55 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-14 15:55 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-14 15:48 - 2010-02-05 02:34 - 00268766 _____ () C:\Windows\PFRO.log 2014-10-14 15:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-14 15:48 - 2009-07-14 06:51 - 00066347 _____ () C:\Windows\setupact.log 2014-10-14 15:29 - 2014-03-14 23:47 - 00000000 ____D () C:\Windows\CheckSur 2014-10-14 15:18 - 2014-03-13 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-14 15:04 - 2010-02-05 02:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines 2014-10-14 10:18 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-13 18:20 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-10-13 18:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-10-13 17:49 - 2014-03-15 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-10-13 17:32 - 2014-03-12 16:58 - 00000000 ____D () C:\Users\Admin 2014-10-10 21:49 - 2014-03-13 01:40 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-10-10 21:49 - 2014-03-13 01:40 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-10-10 21:49 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-10 21:09 - 2010-02-05 02:42 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-27 14:45 - 2010-02-05 02:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines GameZone 2014-09-27 14:45 - 2010-02-05 02:35 - 00000000 ____D () C:\Program Files (x86)\eMachines GameZone 2014-09-27 14:45 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-09-26 10:31 - 2014-03-14 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-24 11:18 - 2014-03-13 00:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 11:18 - 2014-03-13 00:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-24 11:18 - 2014-03-13 00:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-23 23:11 - 2014-03-13 00:55 - 00000000 ____D () C:\Windows\System32\Tasks\Games Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\Quarantine.exe C:\Users\Admin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-07 16:51 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by Admin at 2014-10-14 16:13:59
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.5 - INTENIUM GmbH)
Die Siedler III Gold Edition (HKLM-x32\...\S3) (Version: - )
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eMachines GameZone Console (HKLM-x32\...\{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1) (Version: 5.1.1.3 - Oberon Media, Inc.)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3006 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0812 - eMachines Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version: - Oberon Media)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.00.3005 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Kingdom For The Princess II (HKLM-x32\...\25a144fe374c4ed6e2c84fced8d6cc46) (Version: - Zylom)
My Kingdom for the Princess IV (HKLM-x32\...\58e1fbaed756aace10c08d4c1be28cce) (Version: - Zylom)
Nero 9 Essentials (HKLM-x32\...\{c0329ca4-2cf0-4a88-a397-6ce72f9fb46e}) (Version: - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.7.0.30 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.8 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7316 - NVIDIA Corporation) Hidden
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
Peggle(TM) Deluxe (HKLM-x32\...\00415396db1c66bc03a5109b1c550c8f) (Version: - Zylom)
Pharao (HKLM-x32\...\Pharao) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)
Ritter Arthur 4 (HKLM-x32\...\Ritter Arthur 4) (Version: 1.0.0.0 - INTENIUM GmbH)
Sommer Mahjong (HKLM-x32\...\Sommer Mahjong) (Version: 2.0.0.0 - INTENIUM GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1D53FB73-9826-4541-B2E0-A239C6EBA718}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{34726474-50D6-49FC-B8AC-35411459D27A}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3010 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
03-09-2014 12:06:22 Geplanter Prüfpunkt
14-09-2014 21:13:13 Geplanter Prüfpunkt
22-09-2014 16:15:22 Geplanter Prüfpunkt
04-10-2014 19:04:44 Geplanter Prüfpunkt
12-10-2014 10:04:07 Avira PC Cleaner - 12.10.2014 12:04
13-10-2014 15:09:23 Avira PC Cleaner - 13.10.2014 17:09
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-10-13 18:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {66CB720E-A9C6-4472-A388-48D638152117} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1901903680-3249174370-2502805026-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6F6D7493-C5E6-40CC-8D34-1F742AA575F1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1901903680-3249174370-2502805026-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {DB017594-BC45-4FDD-99D9-D811E324937A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-03-14 16:54 - 2013-01-31 11:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-08-11 02:01 - 2009-08-11 02:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-11 02:00 - 2009-08-11 02:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-11 02:01 - 2009-08-11 02:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2009-08-11 02:01 - 2009-08-11 02:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2009-11-25 04:39 - 2009-11-25 04:39 - 00469536 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2009-11-25 04:39 - 2009-11-25 04:39 - 00154144 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
2014-09-24 22:11 - 2014-09-24 22:11 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Bastet:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\Users\Bastet\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Bastet\Cookies:gs5sys
AlternateDataStreams: C:\Users\Bastet\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\Bastet\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Bastet\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Bastet\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Bastet\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Bastet\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Bastet\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\Bastet\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
========================= Accounts: ==========================
Admin (S-1-5-21-1901903680-3249174370-2502805026-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1901903680-3249174370-2502805026-500 - Administrator - Disabled)
Bastet (S-1-5-21-1901903680-3249174370-2502805026-1004 - Limited - Enabled) => C:\Users\Bastet
Gast (S-1-5-21-1901903680-3249174370-2502805026-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1901903680-3249174370-2502805026-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-1901903680-3249174370-2502805026-1003 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (10/10/2014 06:51:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/10/2014 06:49:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/10/2014 06:46:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/10/2014 06:45:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-10-13 18:07:08.915
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-13 18:07:08.728
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 215 Processor
Percentage of memory in use: 54%
Total physical RAM: 1791.37 MB
Available physical RAM: 810.19 MB
Total Pagefile: 3582.73 MB
Available Pagefile: 2228.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (eMachines) (Fixed) (Total:284.99 GB) (Free:223.84 GB) NTFS
Drive d: (PHARAO) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5FEEE932)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
15.10.2014, 18:37
| #10 |
| /// the machine /// TB-Ausbilder | Virenscanner meldet TR/Crypt.Xpack.99996ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.10.2014, 20:29
| #11 |
| | Virenscanner meldet TR/Crypt.Xpack.99996 Hallo Schrauber, ich hab das durchlaufen und bei eset hat er doch noch einiges gefunden. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ebf9eba21da10d4f8f8b8379545b1b46
# engine=20616
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-15 10:01:04
# local_time=2014-10-16 12:01:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 5301 165040314 0 0
# scanned=161901
# found=4
# cleaned=0
# scan_time=3642
sh=BA39F8C9886EF4AABD72262B192DB8A177C7E206 ft=1 fh=078180abaf06d010 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=D176E0CFD96B3562B5E89AE3D2C7802BDE2950A8 ft=1 fh=f76c7fb38e4b5298 vn="Win32/Trustezeb.J Trojaner" ac=I fn="C:\Users\Bastet\AppData\Roaming\Mowilbt\fqnsfquwzx.exe"
sh=DE0F453AD7E45914C2F6E2A6BC782AFB6DB94B9D ft=1 fh=1f461786edf5f19c vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\Bastet\Downloads\vlc-2.1.3-win32.exe"
sh=08FDED08826C535A6DB13E816065FD95CBE89949 ft=1 fh=e8b1ca870856da57 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bastet\Pictures\zlsSetup_70_462_000_de.exe"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014 Ran by Admin (administrator) on ANGELIKA on 16-10-2014 21:12:54 Running from C:\Users\Admin\Desktop Loaded Profiles: Admin & UpdatusUser (Available profiles: Admin & UpdatusUser & Bastet) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe (Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2009-11-17] (Realtek Semiconductor) HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [469536 2009-11-25] () HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1901903680-3249174370-2502805026-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-02-05] (Google Inc.) HKU\S-1-5-21-1901903680-3249174370-2502805026-1001\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium) HKU\S-1-5-21-1901903680-3249174370-2502805026-1003\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-22] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {D4D96C01-CF46-40CF-B535-CB8D81CE1139} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE579 SearchScopes: HKCU - {D4D96C01-CF46-40CF-B535-CB8D81CE1139} URL = hxxp://www.sm.de/?q={searchTerms} BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default FF DefaultSearchEngine: SuchMaschine FF SearchEngineOrder.1: SuchMaschine FF SelectedSearchEngine: SuchMaschine FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d2wo7w4e.default\searchplugins\search_engine.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml Chrome: ======= CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-13] CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-13] CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-13] CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-13] CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-13] CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-13] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-11] () R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [117640 2010-02-05] (Symantec Corporation) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-11] () R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.) R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-04] (Acer) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) S1 SRTSP; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSP64.SYS [476720 2010-02-05] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSPX64.SYS [32304 2010-02-05] (Symantec Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091101.004\ENG64.SYS [X] S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091101.004\EX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-16 21:12 - 2014-10-16 21:13 - 00013822 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-10-16 21:12 - 2014-10-16 21:12 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion 2014-10-16 21:10 - 2014-10-16 21:10 - 00001072 _____ () C:\Users\Admin\Desktop\checkup.txt 2014-10-16 21:05 - 2014-10-16 21:05 - 00854417 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe 2014-10-15 22:22 - 2014-10-15 22:22 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-10-15 22:19 - 2014-10-15 22:19 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-15 22:19 - 2014-10-15 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-10-15 22:19 - 2014-10-15 22:19 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-10-15 22:17 - 2014-10-15 22:20 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_deu.exe 2014-10-14 21:47 - 2014-10-14 21:47 - 00040706 _____ () C:\Users\Admin\Desktop\mbam.txt 2014-10-14 20:23 - 2014-10-14 22:37 - 00000000 ____D () C:\ProgramData\Trymedia 2014-10-14 16:12 - 2014-10-16 21:12 - 02112000 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2014-10-14 16:03 - 2014-10-14 16:03 - 00001676 _____ () C:\Users\Admin\Desktop\JRT.txt 2014-10-14 15:59 - 2014-10-14 15:59 - 00000000 ____D () C:\Windows\ERUNT 2014-10-14 15:56 - 2014-10-14 15:56 - 01705698 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe 2014-10-14 15:50 - 2014-10-14 15:50 - 00012774 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt 2014-10-14 15:38 - 2014-10-14 15:46 - 00000000 ____D () C:\AdwCleaner 2014-10-14 15:37 - 2014-10-14 15:37 - 01976320 _____ () C:\Users\Admin\Desktop\AdwCleaner_4.000.exe 2014-10-14 15:04 - 2014-10-16 20:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-14 15:04 - 2014-10-14 15:04 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-14 15:04 - 2014-10-14 15:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-14 15:04 - 2014-10-14 15:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-14 15:04 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-14 15:04 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-14 15:04 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-14 14:59 - 2014-10-14 14:59 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.3.1025.exe 2014-10-13 18:20 - 2014-10-13 18:20 - 00012715 _____ () C:\ComboFix.txt 2014-10-13 17:58 - 2014-10-13 18:20 - 00000000 ____D () C:\Qoobox 2014-10-13 17:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-10-13 17:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-10-13 17:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-10-13 17:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-10-13 17:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-10-13 17:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-10-13 17:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-10-13 17:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-10-13 17:57 - 2014-10-13 18:17 - 00000000 ____D () C:\Windows\erdnt 2014-10-13 17:56 - 2014-10-13 17:57 - 05582915 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe 2014-10-13 17:19 - 2014-10-13 17:19 - 05582915 _____ (Swearware) C:\Users\Bastet\Desktop\ComboFix.exe 2014-10-11 20:40 - 2014-10-11 20:40 - 00031388 _____ () C:\Users\Bastet\Desktop\Addition.txt 2014-10-11 20:38 - 2014-10-11 20:40 - 00019687 _____ () C:\Users\Bastet\Desktop\FRST.txt 2014-10-11 20:37 - 2014-10-16 21:12 - 00000000 ____D () C:\FRST 2014-10-11 20:35 - 2014-10-11 20:35 - 02109952 _____ (Farbar) C:\Users\Bastet\Desktop\FRST64.exe 2014-10-11 20:31 - 2014-10-11 20:32 - 02109952 _____ (Farbar) C:\Users\Bastet\Downloads\FRST64(1).exe 2014-10-11 20:28 - 2014-10-11 20:28 - 02109952 _____ (Farbar) C:\Users\Bastet\Downloads\FRST64.exe 2014-10-11 17:46 - 2014-10-11 17:46 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Mowilbt 2014-10-11 12:56 - 2014-10-13 11:03 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Vacica 2014-10-10 14:33 - 2014-10-16 18:34 - 00000000 ____D () C:\ProgramData\vmomul 2014-10-10 09:17 - 2014-10-12 12:04 - 00000000 ___HD () C:\Users\Bastet\AppData\Local\Tqispkicvn 2014-10-09 23:19 - 2014-10-09 23:21 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Qkgjcau 2014-10-07 16:30 - 2014-10-07 16:30 - 00000753 _____ () C:\Users\Bastet\Desktop\Pharao.lnk 2014-10-07 16:29 - 2014-10-07 16:29 - 00000000 ____D () C:\Users\Bastet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-10-07 16:06 - 2014-10-07 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra 2014-09-27 15:01 - 2014-09-27 15:01 - 00003036 _____ () C:\Windows\System32\Tasks\{D274B684-3FD5-480A-B289-32352445C37C} 2014-09-27 14:48 - 2014-09-27 14:48 - 00000000 ____D () C:\SIERRA 2014-09-27 14:48 - 2014-09-27 14:48 - 00000000 ____D () C:\Program Files (x86)\Sierra On-Line 2014-09-27 14:47 - 2014-10-07 16:06 - 00000302 _____ () C:\Windows\SIERRA.INI 2014-09-24 22:11 - 2014-09-24 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-21 00:40 - 2014-07-13 16:33 - 00001298 _____ () C:\Users\Bastet\Desktop\Ritter Arthur 4.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-16 21:04 - 2014-03-12 16:48 - 01420736 _____ () C:\Windows\WindowsUpdate.log 2014-10-16 21:04 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-16 21:04 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-16 20:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-16 20:56 - 2009-07-14 06:51 - 00066683 _____ () C:\Windows\setupact.log 2014-10-16 19:18 - 2014-03-13 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-15 22:20 - 2014-03-15 19:20 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-14 21:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-10-14 15:48 - 2010-02-05 02:34 - 00268766 _____ () C:\Windows\PFRO.log 2014-10-14 15:31 - 2014-03-14 23:47 - 00000000 ____D () C:\Windows\CheckSur 2014-10-14 15:04 - 2010-02-05 02:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines 2014-10-14 10:18 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-13 18:20 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-10-13 18:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-10-13 17:32 - 2014-03-12 16:58 - 00000000 ____D () C:\Users\Admin 2014-10-10 21:49 - 2014-03-13 01:40 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-10-10 21:49 - 2014-03-13 01:40 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-10-10 21:49 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-10 21:09 - 2010-02-05 02:42 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-27 14:45 - 2010-02-05 02:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines GameZone 2014-09-27 14:45 - 2010-02-05 02:35 - 00000000 ____D () C:\Program Files (x86)\eMachines GameZone 2014-09-27 14:45 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-09-26 10:31 - 2014-03-14 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-24 11:18 - 2014-03-13 00:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 11:18 - 2014-03-13 00:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-24 11:18 - 2014-03-13 00:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-23 23:11 - 2014-03-13 00:55 - 00000000 ____D () C:\Windows\System32\Tasks\Games Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\Quarantine.exe C:\Users\Admin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-07 16:51 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Admin at 2014-10-16 21:13:40
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.5 - INTENIUM GmbH)
Die Siedler III Gold Edition (HKLM-x32\...\S3) (Version: - )
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eMachines GameZone Console (HKLM-x32\...\{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1) (Version: 5.1.1.3 - Oberon Media, Inc.)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3006 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0812 - eMachines Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version: - Oberon Media)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.00.3005 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Kingdom For The Princess II (HKLM-x32\...\25a144fe374c4ed6e2c84fced8d6cc46) (Version: - Zylom)
My Kingdom for the Princess IV (HKLM-x32\...\58e1fbaed756aace10c08d4c1be28cce) (Version: - Zylom)
Nero 9 Essentials (HKLM-x32\...\{c0329ca4-2cf0-4a88-a397-6ce72f9fb46e}) (Version: - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.7.0.30 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.8 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7316 - NVIDIA Corporation) Hidden
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
Peggle(TM) Deluxe (HKLM-x32\...\00415396db1c66bc03a5109b1c550c8f) (Version: - Zylom)
Pharao (HKLM-x32\...\Pharao) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)
Ritter Arthur 4 (HKLM-x32\...\Ritter Arthur 4) (Version: 1.0.0.0 - INTENIUM GmbH)
Sommer Mahjong (HKLM-x32\...\Sommer Mahjong) (Version: 2.0.0.0 - INTENIUM GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1D53FB73-9826-4541-B2E0-A239C6EBA718}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{34726474-50D6-49FC-B8AC-35411459D27A}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3010 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
03-09-2014 12:06:22 Geplanter Prüfpunkt
14-09-2014 21:13:13 Geplanter Prüfpunkt
22-09-2014 16:15:22 Geplanter Prüfpunkt
04-10-2014 19:04:44 Geplanter Prüfpunkt
12-10-2014 10:04:07 Avira PC Cleaner - 12.10.2014 12:04
13-10-2014 15:09:23 Avira PC Cleaner - 13.10.2014 17:09
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-10-13 18:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {66CB720E-A9C6-4472-A388-48D638152117} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1901903680-3249174370-2502805026-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6F6D7493-C5E6-40CC-8D34-1F742AA575F1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1901903680-3249174370-2502805026-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {DB017594-BC45-4FDD-99D9-D811E324937A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-03-14 16:54 - 2013-01-31 11:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-08-11 02:01 - 2009-08-11 02:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-11 02:00 - 2009-08-11 02:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-11 02:01 - 2009-08-11 02:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2009-08-11 02:01 - 2009-08-11 02:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2009-11-25 04:39 - 2009-11-25 04:39 - 00469536 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
2009-11-25 04:39 - 2009-11-25 04:39 - 00154144 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
2014-09-24 22:11 - 2014-09-24 22:11 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-11 12:18 - 2014-09-11 12:18 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Bastet:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\Users\Bastet\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Bastet\Cookies:gs5sys
AlternateDataStreams: C:\Users\Bastet\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\Bastet\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Bastet\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Bastet\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Bastet\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Bastet\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Bastet\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\Bastet\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
========================= Accounts: ==========================
Admin (S-1-5-21-1901903680-3249174370-2502805026-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1901903680-3249174370-2502805026-500 - Administrator - Disabled)
Bastet (S-1-5-21-1901903680-3249174370-2502805026-1004 - Limited - Enabled) => C:\Users\Bastet
Gast (S-1-5-21-1901903680-3249174370-2502805026-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1901903680-3249174370-2502805026-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-1901903680-3249174370-2502805026-1003 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/15/2014 10:33:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/15/2014 10:32:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/15/2014 10:32:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/15/2014 10:21:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/15/2014 10:21:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/15/2014 10:21:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/15/2014 10:20:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/15/2014 02:23:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (10/15/2014 02:22:17 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (10/16/2014 08:57:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (10/16/2014 08:56:46 PM) (Source: SRTSP) (EventID: 5) (User: )
Description: Error loading Symantec real time Anti-Virus driver.
Error: (10/16/2014 08:56:46 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/16/2014 05:47:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (10/16/2014 05:47:07 PM) (Source: SRTSP) (EventID: 5) (User: )
Description: Error loading Symantec real time Anti-Virus driver.
Error: (10/16/2014 05:47:07 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/16/2014 09:50:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (10/16/2014 09:50:36 AM) (Source: SRTSP) (EventID: 5) (User: )
Description: Error loading Symantec real time Anti-Virus driver.
Error: (10/16/2014 09:50:36 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/15/2014 10:12:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Microsoft Office Sessions:
=========================
Error: (10/10/2014 06:51:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/10/2014 06:49:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/10/2014 06:46:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/10/2014 06:45:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-10-13 18:07:08.915
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-13 18:07:08.728
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 215 Processor
Percentage of memory in use: 48%
Total physical RAM: 1791.37 MB
Available physical RAM: 915.75 MB
Total Pagefile: 3582.73 MB
Available Pagefile: 2110.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (eMachines) (Fixed) (Total:284.99 GB) (Free:221.73 GB) NTFS
Drive d: (PHARAO) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5FEEE932)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Hallo, ein Ergebnis hat noch gefehlt. Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 51 Java version out of Date! Adobe Flash Player 15.0.0.152 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (32.0.3) Mozilla Thunderbird (24.5.0) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe Online Games Manager ogmservice.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
17.10.2014, 19:21
| #12 |
| /// the machine /// TB-Ausbilder | Virenscanner meldet TR/Crypt.Xpack.99996 Java und ADobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter 2014-10-11 17:46 - 2014-10-11 17:46 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Mowilbt
2014-10-11 12:56 - 2014-10-13 11:03 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Vacica
2014-10-10 14:33 - 2014-10-16 18:34 - 00000000 ____D () C:\ProgramData\vmomul
2014-10-10 09:17 - 2014-10-12 12:04 - 00000000 ___HD () C:\Users\Bastet\AppData\Local\Tqispkicvn
2014-10-09 23:19 - 2014-10-09 23:21 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Qkgjcau
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.10.2014, 14:20
| #13 |
| | Virenscanner meldet TR/Crypt.Xpack.99996 Hallo Schrauber, die nächsten Ergebnisse später. Ich brauche dazu Hilfe, die im Moment nicht verfügbar ist. Aber eine Frage vorab. Es klingt ja, als wären wir auf der Zielgerade, aber was ist mit den Sachen, die eset noch gefunden hat? Muß ich da noch was machen? Erstmal danke und bis später. |
|
19.10.2014, 08:32
| #14 |
| /// the machine /// TB-Ausbilder | Virenscanner meldet TR/Crypt.Xpack.99996 Werden durch den Fix und TFC adressiert. Die andern Funde sind in deinem Download Ordner, da wird nur PUP angemeckert
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.10.2014, 17:30
| #15 |
| | Virenscanner meldet TR/Crypt.Xpack.99996 Hallo Schrauber, hier das Ergebnis von fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
Ran by Admin at 2014-10-19 18:21:58 Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & UpdatusUser (Available profiles: Admin & UpdatusUser & Bastet)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
2014-10-11 17:46 - 2014-10-11 17:46 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Mowilbt
2014-10-11 12:56 - 2014-10-13 11:03 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Vacica
2014-10-10 14:33 - 2014-10-16 18:34 - 00000000 ____D () C:\ProgramData\vmomul
2014-10-10 09:17 - 2014-10-12 12:04 - 00000000 ___HD () C:\Users\Bastet\AppData\Local\Tqispkicvn
2014-10-09 23:19 - 2014-10-09 23:21 - 00000000 ___HD () C:\Users\Bastet\AppData\Roaming\Qkgjcau
*****************
C:\Users\Bastet\AppData\Roaming\Mowilbt => Moved successfully.
C:\Users\Bastet\AppData\Roaming\Vacica => Moved successfully.
C:\ProgramData\vmomul => Moved successfully.
C:\Users\Bastet\AppData\Local\Tqispkicvn => Moved successfully.
C:\Users\Bastet\AppData\Roaming\Qkgjcau => Moved successfully.
==== End of Fixlog ====
Erstmal vielen Dank. |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
