| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen AuswirkungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.09.2014, 16:59
| #1 |
 |  ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen Hallo TB Team, Ich habe mit Teamviewer einer Bekannten, bei Pc Problemem zu helfen, Die PC- Probleme sind so reichlich und vielseitig vorhanden, dass ich gar nicht weiss, wo ich anfangen soll. 1.) Windows Explorer stürzt öfters ab, so dass die Meldung des Explorers mit bis 30 Fenster eingeblendet wird und bestätigung verlangt. 2.) eine Systemwiederherstellungspunkt kann nicht erstellt werden. 3.) Diverse programme funktionieren nicht, oder frieren ein. etc. ich habe inzwischen, durch lesen hier im Board die standart Prozedur durchlaufen lassen und logs erstellt. ich hoffe, dass mir/uns Jemand weiterhelfen kann und ob der PC zu retten ist. Es sind wichtige Daten vorhanden und ich will nicht, dass diese durch umkopieren, die Infizierung etc. weitergeben. Ende Oktober besuche ich Sie und werde eine neue Festplatte einbauen und neuinstallieren, doch bis dahin, brauche ich eure Hilfe, vielleicht könnt ihr den PC retten? 1.) OTL LOGS 1.a) OTL.txt Code:
ATTFilter OTL logfile created on: 25.09.2014 13:46:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17280) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,47 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 62,02% Memory free 6,94 Gb Paging File | 5,78 Gb Available in Paging File | 83,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 499,86 Gb Total Space | 374,12 Gb Free Space | 74,85% Space Free | Partition Type: NTFS Drive D: | 1363,05 Gb Total Space | 1218,75 Gb Free Space | 89,41% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) PRC - c:\Programme\TeamViewer\Version9\TeamViewer_Desktop.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Users\Admin\AppData\Roaming\Hub Timer\hub.exe () PRC - C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.) PRC - C:\Programme\Common Files\Nuance\loggerservice.exe (Nuance Communications, Inc.) PRC - C:\Programme\T-Online\T-Online_Software_6\eMail\Mail.exe (Deutsche Telekom AG, www.t-online.de) PRC - C:\Programme\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Nuance\PDF Professional 8\PDFProFiltSrv.exe (Nuance Communications, Inc.) PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG) PRC - C:\Programme\Brownie\BrStsWnd.exe (brother) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\prevhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de) PRC - D:\lotus\smartctr\smartctr.exe (Lotus Development Corporation.) ========== Modules (No Company Name) ========== MOD - C:\Users\Admin\AppData\LocalLow\INTERN~1\bho.dll () MOD - C:\Programme\T-Online\T-Online_Software_6\eMail\libexpat.dll () MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\NCH Software\ExpressZip\ezcm.dll () MOD - C:\Programme\T-Online\T-Online_Software_6\Notifier\libcurl.dll () MOD - C:\Programme\T-Online\T-Online_Software_6\Notifier\libexpat.dll () MOD - D:\lotus\smartctr\LDAUTO.DLL () ========== Services (SafeList) ========== SRV - (SDWSCService) -- C:\Program Files\Spybot File not found SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found SRV - (SDScannerService) -- C:\Program Files\Spybot File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer9) -- C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (HubService) -- C:\Users\Admin\AppData\Roaming\Hub Timer\hub.exe () SRV - (DragonSvc) -- C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.) SRV - (DragonLoggerService) -- C:\Programme\Common Files\Nuance\loggerservice.exe (Nuance Communications, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (PDFProFiltSrv) -- C:\Programme\Nuance\PDF Professional 8\PDFProFiltSrv.exe (Nuance Communications, Inc.) SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT) SRV - (TVGOnlineUpdateSvc) -- C:\Programme\TVG\OnlineUpdate\OnlineUpdateSvc.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Admin\AppData\Local\Temp\catchme.sys File not found DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (wStLibG) -- C:\Windows\System32\drivers\wStLibG.sys (StdLib) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.) DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (iusb3xhc) -- C:\Windows\System32\drivers\iusb3xhc.sys (Intel Corporation) DRV - (iusb3hub) -- C:\Windows\System32\drivers\iusb3hub.sys (Intel Corporation) DRV - (iusb3hcs) -- C:\Windows\System32\drivers\iusb3hcs.sys (Intel Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ArvoFltr) -- C:\Windows\System32\drivers\ArvoFltr.sys (ROCCAT Development, Inc.) DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz) DRV - (BrPar) -- C:\Windows\System32\drivers\BRPAR.SYS (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=orgnl&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azyzy0A0A0CyDtCzytDyE0AtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2StAtDyBtB0E0EyDtCtGyC0FyCtCtGyEyD0AzztGtByByCtDtGyByCyB0A0AtByB0FyEtDyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0EtBtBtDzztBtGtDtDzz0CtGyEtA0BzytGyC0DzzyDtGyB0D0E0C0F0CtBtDtBtCyDtA2QtN1B1L1H1Ezu1O2U1M1B&cr=1885874306&ir= IE - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.hores,org IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 96 8F 37 F7 29 CE 01 [binary data] IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = hxxp://www.bing.com/search IE - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Speedial" FF - prefs.js..browser.search.selectedEngine: "Speedial" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.update.interval: 31536000 FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: nuance%40pdf8:8 FF - prefs.js..extensions.enabledAddons: s3google%40translator:3.01 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.2 FF - prefs.js..network.proxy.http: "www-proxy.t-online.de" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.update: false FF - user.js..browser.search.update.interval: 31536000 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\nuance.com/DgnRia2: C:\Program Files\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\cliqz@cliqz.com: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\extensions\cliqz@cliqz.com [2013.11.18 20:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2014.06.15 19:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\Admin\extensions [2014.08.19 08:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\Admin\extensions\staged [2013.10.14 03:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\Admin\AppData\Roaming\Mozilla\Profiles\fhjn28i9.Standard-Benutzer\extensions [2014.09.25 13:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\svbhpvaf.default\Extensions [2014.08.18 21:04:52 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014.01.23 19:01:13 | 000,000,000 | ---D | M] (YouTube Unblocker) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\youtubeunblocker@unblocker.yt [2013.10.28 19:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Profiles\fhjn28i9.Standard-Benutzer\extensions [2013.10.13 15:13:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Admin\AppData\Roaming\mozilla\Profiles\fhjn28i9.Standard-Benutzer\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.10.13 15:21:47 | 000,000,000 | ---D | M] (Newssitter) -- C:\Users\Admin\AppData\Roaming\mozilla\Profiles\fhjn28i9.Standard-Benutzer\extensions\newssitter@seematrix.com [2014.07.15 18:43:01 | 000,013,640 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\svbhpvaf.default\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi [2014.08.23 09:41:23 | 000,100,161 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\svbhpvaf.default\Extensions\s3google@translator.xpi [2014.09.15 16:05:27 | 000,556,429 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\svbhpvaf.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014.09.22 14:09:19 | 000,000,663 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\svbhpvaf.default\searchplugins\google-images.xml [2014.09.22 14:09:19 | 000,002,307 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\svbhpvaf.default\searchplugins\google-maps.xml [2014.09.19 12:52:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2014.09.19 12:52:25 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.07.16 10:19:04 | 000,000,000 | ---D | M] (PDF Converter) -- C:\PROGRAM FILES\NUANCE\PDF PROFESSIONAL 8\FIREFOX ========== Chrome ========== CHR - default_search_provider: (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Error reading preferences file CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\ CHR - Extension: Google Wallet = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\ O1 HOSTS File: ([2014.09.25 11:39:59 | 000,449,906 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15470 more lines... O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Dragon Web Extension For Internet Explorer) - {609C0837-8DD3-4F9B-AAC5-446F36BC0353} - C:\Programme\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {C32F5BF7-6918-4F78-A97A-53CDF7D07C8C} - C:\Users\Admin\AppData\LocalLow\INTERN~1\bho.dll () O2 - BHO: (Gaaiho PDF Conversion Toolbar Helper) - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Programme\Nuance\PDF Professional 8\bin\gzeoniefavclient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (Nuance PDF) - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Programme\Nuance\PDF Professional 8\bin\gzeoniefavclient.dll (Zeon Corporation) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.) O4 - HKLM..\Run: [PDF8 Registry Controller] C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found O4 - HKLM..\Run: [USB3MON] C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000..\Run: [SMASH] C:\Program Files\SoftMaker Office Professional 2012\SMASH.EXE (SoftMaker Software GmbH) O4 - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 03 F8 FF 03 [binary data] O8 - Extra context menu item: Mit Nuance PDF Converter 8 öffnen - C:\Program Files\Nuance\PDF Professional 8\cnvres_ger.dll (Nuance Communications, Inc.) O8 - Extra context menu item: Mit PDF Professional 8 öffnen - C:\Program Files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E579D48-9EAB-40D9-94E9-1F823C368EBD}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.09.25 13:39:09 | 005,579,290 | ---- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe [2014.09.25 13:38:01 | 001,098,240 | ---- | C] (Farbar) -- C:\Users\Admin\Desktop\FRST.exe [2014.09.25 13:37:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2014.09.23 20:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe [2014.09.22 14:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2014.09.22 14:11:45 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2014.09.22 14:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2014.09.22 14:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2014.09.22 13:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\XDMessagingv4 [2014.09.22 13:57:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Abelssoft [2014.09.22 13:57:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Abelssoft [2014.09.22 13:57:12 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll [2014.09.22 13:56:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DesktopIconGoodgame [2014.09.22 13:17:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [2014.09.22 13:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe [2014.09.22 13:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Calculator Plus [2014.09.22 13:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Calculator Plus [2014.09.22 12:56:54 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014.09.22 12:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.09.22 12:56:50 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys [2014.09.22 12:56:50 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys [2014.09.22 12:56:50 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2014.09.22 12:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\ Malwarebytes Anti-Malware [2014.09.19 12:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2014.09.15 13:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2014.09.15 12:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\My Company Name [2014.09.15 12:09:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Axialis [2014.09.11 19:22:25 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2014.09.11 19:22:24 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014.09.11 19:22:24 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll [2014.09.11 19:22:24 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014.09.11 19:22:24 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2014.09.11 19:22:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll [2014.09.11 19:22:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll [2014.09.11 19:22:23 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2014.09.11 19:22:23 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2014.09.11 19:22:23 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2014.09.11 19:22:23 | 000,365,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2014.09.11 19:22:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2014.09.11 19:22:23 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014.09.11 19:22:23 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe [2014.09.11 19:22:23 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll [2014.09.11 19:22:23 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll [2014.09.11 19:22:23 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014.09.11 19:22:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2014.09.11 19:22:22 | 000,673,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2014.09.11 19:22:22 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014.09.11 19:22:22 | 000,327,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2014.09.11 19:22:21 | 004,232,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014.09.11 19:22:21 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014.09.11 19:21:47 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2014.09.11 08:41:46 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2014.09.11 08:41:46 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll [2014.09.11 08:41:43 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2014.09.11 08:41:43 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll [2014.09.08 12:42:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\cityguide [2014.08.31 19:50:37 | 002,352,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files - Modified Within 30 Days ========== [2014.09.25 13:39:56 | 005,579,290 | ---- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe [2014.09.25 13:38:12 | 001,098,240 | ---- | M] (Farbar) -- C:\Users\Admin\Desktop\FRST.exe [2014.09.25 13:37:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2014.09.25 13:18:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.09.25 13:18:08 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.09.25 12:47:57 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk [2014.09.25 12:07:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.09.25 11:39:59 | 000,449,906 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2014.09.25 11:35:34 | 000,000,110 | ---- | M] () -- C:\Windows\wininit.ini [2014.09.25 11:04:28 | 000,026,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.09.25 11:04:28 | 000,026,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.09.25 11:03:18 | 000,701,616 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2014.09.25 11:03:18 | 000,656,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014.09.25 11:03:18 | 000,150,408 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2014.09.25 11:03:18 | 000,122,668 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014.09.25 10:57:27 | 000,000,368 | ---- | M] () -- C:\Windows\Brownie.ini [2014.09.25 10:57:10 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\YPTPNWTTU.job [2014.09.25 10:57:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.09.25 10:57:00 | 2793,529,344 | -HS- | M] () -- C:\hiberfil.sys [2014.09.25 09:23:22 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014.09.24 11:02:23 | 000,002,395 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\SAS7_000.DAT [2014.09.22 14:49:06 | 000,442,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014.09.22 14:11:47 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2014.09.22 13:56:33 | 000,001,456 | ---- | M] () -- C:\Users\Admin\Desktop\Goodgame Empire.lnk [2014.09.22 13:17:44 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk [2014.09.22 12:57:19 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.09.19 20:14:22 | 000,003,472 | ---- | M] () -- C:\bootsqm.dat [2014.09.15 13:43:46 | 000,327,680 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2014.09.05 03:52:10 | 000,445,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2014.09.05 03:47:39 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll ========== Files Created - No Company Name ========== [2014.09.25 12:47:57 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk [2014.09.25 12:47:57 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk [2014.09.25 11:35:34 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini [2014.09.22 14:11:47 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2014.09.22 14:11:47 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2014.09.22 13:57:12 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2014.09.22 13:56:33 | 000,001,456 | ---- | C] () -- C:\Users\Admin\Desktop\Goodgame Empire.lnk [2014.09.22 13:17:44 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk [2014.09.22 12:56:51 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.09.19 20:14:22 | 000,003,472 | ---- | C] () -- C:\bootsqm.dat [2014.09.15 12:48:48 | 000,001,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014.06.16 10:40:02 | 000,000,044 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\WB.CFG [2014.05.17 15:11:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2014.05.17 15:11:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2014.05.17 15:11:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2014.05.17 15:11:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2014.05.17 15:11:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.09.26 11:32:03 | 000,001,704 | ---- | C] () -- C:\Program Files\Mozilla Firefoxnation-secure-search.xml [2013.08.24 06:09:44 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2013.06.19 10:00:40 | 000,007,609 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg [2013.05.30 13:54:30 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2013.05.30 13:54:30 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2013.05.30 13:54:30 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2013.05.30 13:54:30 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2013.05.30 13:54:30 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2013.05.30 13:54:30 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2013.05.30 13:54:30 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2013.05.30 13:54:30 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2013.05.30 13:54:30 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2013.05.30 13:54:30 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2013.05.30 13:54:30 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2013.05.30 13:54:30 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2013.05.30 13:54:30 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2013.05.30 13:54:30 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2013.05.30 13:54:30 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2013.05.30 13:54:30 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2013.05.30 13:54:30 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2013.05.30 13:54:30 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2013.05.30 13:54:30 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2013.04.03 10:35:15 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini [2013.04.02 07:46:33 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2013.03.27 19:24:53 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7025.dat [2013.03.27 13:32:45 | 000,002,395 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\SAS7_000.DAT [2013.03.27 09:38:24 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.03.26 23:07:07 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2013.03.26 23:06:32 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll [2013.03.26 23:06:32 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll [2013.03.26 21:54:51 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013.03.26 21:52:16 | 000,000,013 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2013.03.26 21:52:16 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2013.03.26 21:51:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2013.03.26 21:51:38 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2013.03.26 21:51:37 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADC08A.DAT [2013.03.26 21:51:10 | 000,000,368 | ---- | C] () -- C:\Windows\Brownie.ini [2013.03.26 10:27:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2013.03.25 19:34:21 | 003,361,114 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2013.03.25 18:33:26 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2013.01.24 14:44:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2012.12.10 15:10:20 | 000,001,536 | ---- | C] () -- C:\Windows\System32\IusEventLog.dll [2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2013.09.27 03:14:40 | 000,634,880 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2013.09.27 03:11:55 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2014.09.22 13:57:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Abelssoft [2013.09.02 08:00:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\aborange [2013.05.29 20:16:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon [2013.10.29 08:35:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DasTelefonbuch Gelbe Seiten Map&Route [2013.03.26 23:18:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DataDesign [2014.09.22 13:02:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Desktopicon [2014.09.22 13:56:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DesktopIconGoodgame [2014.09.25 10:50:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2014.04.17 10:46:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla [2013.03.25 19:09:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GHISLER [2014.08.19 08:29:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Hub Timer [2013.12.17 14:02:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IMSI [2013.12.17 14:08:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IMSIDesign [2013.03.27 07:27:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lexware [2014.07.18 11:39:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\lingenio [2014.08.22 15:04:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nuance [2013.03.26 21:18:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2013.04.04 09:30:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScanSoft [2014.08.19 08:29:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Security Systems [2014.04.15 14:31:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SoftMaker [2014.07.05 11:50:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Systweak [2013.03.26 20:38:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\T-Online [2014.05.18 19:14:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer [2013.05.26 17:53:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2013.10.29 08:35:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TVG [2013.10.29 16:10:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinFunktion Mathematik 21 [2013.06.13 20:46:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Zeon [2013.04.05 10:15:12 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013.04.05 10:15:12 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 276 bytes -> C:\ProgramData\TEMP:0FF263E8 @Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:A303874F @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:AEC0AC81 < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.09.2014 13:46:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,47 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 62,02% Memory free
6,94 Gb Paging File | 5,78 Gb Available in Paging File | 83,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 499,86 Gb Total Space | 374,12 Gb Free Space | 74,85% Space Free | Partition Type: NTFS
Drive D: | 1363,05 Gb Total Space | 1218,75 Gb Free Space | 89,41% Space Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1720512716-2150718686-1536730020-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{165CC037-DA1D-4805-8803-ED46D80096F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CF73D49-570A-4E0A-8ED5-DECB2409F057}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BE43557-AB97-422D-8032-274F329D5B65}" = rport=137 | protocol=17 | dir=out | app=system |
"{5A0BAE72-FBC6-4E58-B86C-0A7784F7CB10}" = rport=138 | protocol=17 | dir=out | app=system |
"{687E1B24-2E4E-43BA-A373-03F69E4208FF}" = rport=445 | protocol=6 | dir=out | app=system |
"{6C969AE1-C7EA-4DB1-B57B-F654FA134398}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F3ABD0F-3077-41A8-86DB-E61A93E96826}" = lport=139 | protocol=6 | dir=in | app=system |
"{7299A68C-9614-4AFA-9A08-22B1E07E50B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7A22A4BC-E91B-42D6-A421-7E7CC9BF14C3}" = lport=445 | protocol=6 | dir=in | app=system |
"{91FE2355-52DD-47C6-BFD9-34CC1E35DFB3}" = lport=138 | protocol=17 | dir=in | app=system |
"{9919B716-6397-484E-B2DC-A35BC3779F06}" = lport=59419 | protocol=6 | dir=in | name=windows core service |
"{C484A55B-F5EA-4DC1-BD4D-F5786CB9B1BD}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE7ABD51-6E46-4EC9-B32C-BD68219772E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D2495EC3-0F0E-4B1A-A8AF-06EF62AE8868}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server |
"{D32D7A65-A05D-47E7-AE62-5B47730490AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F227A01F-7C99-4A64-B533-571165D3A717}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A87B851-0A0C-4874-8EC7-7DFE847E9443}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{18C2EB7F-C092-4011-9E2F-2C93BA13C5E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{374EC366-1629-451E-AF66-E4F5F2B050A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3CE95E87-0D78-4086-A4A5-A406926BE15F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4818EC96-8027-42D8-AB06-C51C5CB48849}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4A2E22B5-2144-47C0-9189-895CAC2EB442}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe |
"{5A0814F8-4C45-4F65-AC3B-3DB51CDFD9E5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe |
"{5FE061A5-D735-484C-91E5-FCEDB6A94DC2}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe |
"{81F25F86-4009-41BF-A93B-B626C1ECAF0F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BB7E7D0B-7536-431B-BD5D-5C845B27906D}" = protocol=17 | dir=in | app=c:\program files\nuance\omnipage18\omnipage18.exe |
"{CE5FCD7D-7FD9-49E0-AB69-FD09DC519911}" = protocol=6 | dir=in | app=c:\program files\nuance\omnipage18\ppmv.exe |
"{D30873AB-7285-4574-983D-0A615985439E}" = protocol=6 | dir=in | app=c:\program files\nuance\omnipage18\ereg\ereg.exe |
"{DF17A24A-C46B-499C-90BF-10D231B535D1}" = protocol=6 | dir=in | app=c:\program files\nuance\omnipage18\omnipage18.exe |
"{E1EED0EF-22FE-434F-B248-1DC7068079D5}" = protocol=17 | dir=in | app=c:\program files\nuance\omnipage18\ereg\ereg.exe |
"{E9994122-6D54-4E8B-8CF9-54879057E2A1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe |
"{EBCC8E14-6994-4C83-BD84-55046731B798}" = protocol=17 | dir=in | app=c:\program files\nuance\omnipage18\ppmv.exe |
"TCP Query User{5E91D3D3-768E-43F8-AA83-DEB774DCA04F}E:\microsoft.office.professional.plus.2010.vl.x86.sp2.german\crack\microsoft toolkit.exe" = protocol=6 | dir=in | app=e:\microsoft.office.professional.plus.2010.vl.x86.sp2.german\crack\microsoft toolkit.exe |
"UDP Query User{2F2068C1-ED06-44FA-A3F1-9F884429979F}E:\microsoft.office.professional.plus.2010.vl.x86.sp2.german\crack\microsoft toolkit.exe" = protocol=17 | dir=in | app=e:\microsoft.office.professional.plus.2010.vl.x86.sp2.german\crack\microsoft toolkit.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW(R) Graphics Suite X4 - Extra Content
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0351BD86-CC1A-400F-B70D-D8D858E0D5A3}" = Nuance PDF Converter Professional 8
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series" = Canon iP7200 series Printer Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{23430AE3-6FFF-47CF-B7E7-1552FC61DF39}" = Philips Flat Panel Adjust
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{285D04E2-FCC6-4AAC-B94D-1336EDDD4EF8}" = eM Client
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2C322D9F-8734-4937-8A94-67ED371046B6}" = WinFunktion Mathematik plus 21
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}" = Quicken 2012
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33EA20FB-5389-4938-BA59-2BCD9BB68F41}" = Dragon NaturallySpeaking 13
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4C19650D-1BF8-4459-A904-06FB692B0F8E}" = DDBAC
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52DD1288-FA17-4062-8280-532C89A7E2F2}" = QuickSteuer 2014
"{536D6172-7453-7569-7465-392E38300407}" = Lotus SmartSuite - Deutsch
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68C5B650-B0B1-422F-8451-DFE6BFFB8571}" = Intel® Trusted Connect Service Client
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"{7E6CA782-AA41-4E4C-A948-232B7FD82696}" = Nuance PDF Converter Professional 8 Update x86
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7FC74607-ED6E-49C3-87FA-56B50A2EE158}" = Quicken Import Export Server 2012
"{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW Graphics Suite X4 - Extra Content
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BF9FDB-BD5B-407C-9CAE-3542E5164783}" = Lexware Info Service
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBB8452-274B-465D-8324-00B0832FBB02}" = SoftMaker Office Professional 2012
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90538B62-F392-4DE1-B886-7B48123866E9}" = LightScribe System Software
"{90F50D38-23E4-42AA-8483-75C1D8C546AB}" = Nuance OmniPage 18
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener
"{A64DF516-9CDC-4299-BD34-2B2C80CD453B}" = Lexware online banking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) - Deutsch
"{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}" = Nero Multimedia Suite 10 Essentials
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 326.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C13FE7DE-D34D-48CC-9FA3-8DB9A3621B98}" = PHOTOfunSTUDIO 9.1 PE
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite DCP-7025
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{CB719B19-BE9E-4D47-94B1-2FFE656067EE}" = TurboCAD Professional V.15
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.16
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E60036CF-1E46-4DFE-832F-5476574B30FF}" = Quicken DELUXE 2014
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FD1C729D-EDD3-4142-8980-7EA36F19D500}" = Alcor Micro USB Card Reader
"7-Zip" = 7-Zip 9.24 alpha
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"CadViewer" = CadViewer 8.5.6b
"Canon iP7200 series On-screen Manual" = Canon iP7200 series On-screen Manual
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"DasTelefonbuch Gelbe Seiten Map & Route" = Das Telefonbuch Gelbe Seiten Map & Route
"DirPrinter_is1" = DirPrinter - Deinstallation
"eGlyphica" = eGlyphica
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressZip" = Express Zip
"FileZilla Client" = FileZilla Client 3.8.0
"Foxy Secure" = Foxy Secure
"InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox 32.0.2 (x86 de)" = Mozilla Firefox 32.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"office wörterbuch pro" = office wörterbuch pro
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC-Wecker" = PC-Wecker
"TeamViewer 9" = TeamViewer 9
"Totalcmd" = Total Commander (Remove or Repair)
"translate plus 9" = translate plus 9
"VLC media player" = VLC media player 2.1.3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.09.2014 04:46:44 | Computer Name = Admin-PC | Source = VSS | ID = 8193
Description =
Error - 25.09.2014 04:46:44 | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description =
Error - 25.09.2014 04:47:32 | Computer Name = Admin-PC | Source = VSS | ID = 13
Description =
Error - 25.09.2014 04:47:32 | Computer Name = Admin-PC | Source = VSS | ID = 12292
Description =
Error - 25.09.2014 04:47:32 | Computer Name = Admin-PC | Source = VSS | ID = 8193
Description =
Error - 25.09.2014 04:47:32 | Computer Name = Admin-PC | Source = System Restore | ID = 8193
Description =
Error - 25.09.2014 07:36:14 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wuauclt.exe, Version: 7.6.7600.320,
Zeitstempel: 0x53739709 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000626e0 ID des fehlerhaften
Prozesses: 0x14dc Startzeit der fehlerhaften Anwendung: 0x01cfd89f2788d35e Pfad der
fehlerhaften Anwendung: C:\Windows\system32\wuauclt.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\msvcrt.dll Berichtskennung: 2766c93b-44a8-11e4-9a29-3085a99aac51
Error - 25.09.2014 07:36:19 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wuauclt.exe, Version: 7.6.7600.320,
Zeitstempel: 0x53739709 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000200 ID des fehlerhaften
Prozesses: 0x14dc Startzeit der fehlerhaften Anwendung: 0x01cfd89f2788d35e Pfad der
fehlerhaften Anwendung: C:\Windows\system32\wuauclt.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 2a6897d2-44a8-11e4-9a29-3085a99aac51
Error - 25.09.2014 07:36:20 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.2723,
Zeitstempel: 0x52315a51 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
Zeitstempel: 0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000626e0 ID des fehlerhaften
Prozesses: 0x67c Startzeit der fehlerhaften Anwendung: 0x01cfd89ebc3bf76d Pfad der
fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\msvcrt.dll Berichtskennung: 2b514a37-44a8-11e4-9a29-3085a99aac51
Error - 25.09.2014 07:36:24 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.2723,
Zeitstempel: 0x52315a51 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000200 ID des fehlerhaften
Prozesses: 0x67c Startzeit der fehlerhaften Anwendung: 0x01cfd89ebc3bf76d Pfad der
fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 2d8d7ecc-44a8-11e4-9a29-3085a99aac51
[ System Events ]
Error - 20.09.2014 02:07:54 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 22.09.2014 08:05:38 | Computer Name = Admin-PC | Source = DCOM | ID = 10005
Description =
Error - 22.09.2014 08:05:38 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 22.09.2014 08:05:38 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 22.09.2014 08:05:39 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 22.09.2014 09:10:10 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description =
Error - 24.09.2014 06:34:21 | Computer Name = Admin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 24.09.2014 06:34:21 | Computer Name = Admin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 24.09.2014 06:34:22 | Computer Name = Admin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 25.09.2014 04:56:12 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description =
< End of report >
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by Admin (administrator) on ADMIN-PC on 25-09-2014 14:52:05
Running from C:\Users\Admin\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\loggerservice.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Deutsche Telekom AG, www.t-online.de) C:\Program Files\T-Online\T-Online_Software_6\eMail\Mail.exe
(Deutsche Telekom AG) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe
(Deutsche Telekom AG) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
(Deutsche Telekom AG) C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
(fun communications GmbH, hxxp://www.fun.de) C:\Program Files\T-Online\T-Online_Software_6\Notifier\Notifier.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Lotus Development Corporation.) D:\lotus\smartctr\smartctr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-04] (Intel Corporation)
HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [3618160 2011-03-25] (brother)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM\...\Run: [PDF8 Registry Controller] => C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe [178576 2012-10-23] (Nuance Communications, Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [UnlockerAssistant] => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\...\Run: [SMASH] => C:\Program Files\SoftMaker Office Professional 2012\SMASH.EXE [233507 2011-11-03] (SoftMaker Software GmbH)
HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-16] (SUPERAntiSpyware)
HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-1720512716-2150718686-1536730020-1000\...\Policies\Explorer: [NoDrives] 0x03F8FF03
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\office wörterbuch pro.lnk
ShortcutTarget: office wörterbuch pro.lnk -> C:\Program Files\OWPro\tDictPro.exe ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.hores,org
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCC968F37F729CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=orgnl&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azyzy0A0A0CyDtCzytDyE0AtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2StAtDyBtB0E0EyDtCtGyC0FyCtCtGyEyD0AzztGtByByCtDtGyByCyB0A0AtByB0FyEtDyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0EtBtBtDzztBtGtDtDzz0CtGyEtA0BzytGyC0DzzyDtGyB0D0E0C0F0CtBtDtBtCyDtA2QtN1B1L1H1Ezu1O2U1M1B&cr=1885874306&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://www.bing.com/search
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Gaaiho PDF Conversion Toolbar Helper -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default
FF DefaultSearchEngine: Speedial
FF SelectedSearchEngine: Speedial
FF Homepage: about:home
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: nuance.com/DgnRia2 -> C:\Program Files\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\user.js
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\nation-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-08-18]
FF Extension: YouTube Unblocker - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-23]
FF Extension: Remove Google Tracking - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi [2014-07-15]
FF Extension: S3.Google Translator - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\s3google@translator.xpi [2013-12-01]
FF Extension: Adblock Edge - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-05-15]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\svbhpvaf.default\extensions\cliqz@cliqz.com
FF Extension: PDF Converter - C:\Program Files\Nuance\PDF Professional 8\FireFox [2013-06-13]
Chrome:
=======
CHR HomePage: Default -> C4382D7925E387B59AFCF8581998B5BCAD7B869C4BC7A6B9E28750E7C4F89C8A
CHR DefaultSearchKeyword: Default -> speedial.com
CHR DefaultSearchProvider: Default -> Speedial
CHR DefaultSearchURL: Default -> hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=orgnl&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azyzy0A0A0CyDtCzytDyE0AtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtDtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2StAtDyBtB0E0EyDtCtGyC0FyCtCtGyEyD0AzztGtByByCtDtGyByCyB0A0AtByB0FyEtDyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0EtBtBtDzztBtGtDtDzz0CtGyEtA0BzytGyC0DzzyDtGyB0D0E0C0F0CtBtDtBtCyDtA2QtN1B1L1H1Ezu1O2U1M1B&cr=1885874306&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR CustomProfile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-22]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-14]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-17] (SUPERAntiSpyware.com)
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 DragonLoggerService; C:\Program Files\Common Files\Nuance\loggerservice.exe [137280 2014-07-23] (Nuance Communications, Inc.)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [339008 2014-07-23] (Nuance Communications, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 TVGOnlineUpdateSvc; C:\Program Files\TVG\OnlineUpdate\OnlineUpdateSvc.exe [398128 2010-12-14] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArvoFltr; C:\Windows\System32\drivers\ArvoFltr.sys [12928 2009-05-06] (ROCCAT Development, Inc.)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3109888 2013-02-19] (Qualcomm Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-04-28] (AVG Technologies)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed]
R2 BrPar; C:\Windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-04] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [351288 2012-12-04] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [796216 2012-12-04] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-23] (Intel Corporation)
R2 PMEM; C:\Windows\system32\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation) [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45744 2011-10-04] (Rovi Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-03-28] (StdLib)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-25 14:52 - 2014-09-25 14:52 - 00018741 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-09-25 14:51 - 2014-09-25 14:52 - 00000000 ____D () C:\FRST
2014-09-25 14:24 - 2014-09-25 14:24 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Sun
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-25 14:23 - 2014-09-25 14:25 - 17903792 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\install_flash_player_15_plugin.exe
2014-09-25 14:16 - 2014-09-25 14:21 - 29421992 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jre-7u67-windows-i586.exe
2014-09-25 13:51 - 2014-09-25 13:51 - 00093766 _____ () C:\Users\Admin\Desktop\OTL.Txt
2014-09-25 13:51 - 2014-09-25 13:51 - 00056162 _____ () C:\Users\Admin\Desktop\Extras.Txt
2014-09-25 13:39 - 2014-09-25 13:39 - 05579290 _____ (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-09-25 13:38 - 2014-09-25 13:38 - 01098240 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-09-25 13:37 - 2014-09-25 13:37 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2014-09-25 12:47 - 2014-09-25 12:47 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-25 12:47 - 2014-09-25 12:47 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-25 11:39 - 2014-05-17 15:15 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140925-113959.backup
2014-09-25 11:35 - 2014-09-25 11:35 - 00000110 _____ () C:\Windows\wininit.ini
2014-09-25 10:23 - 2014-09-25 10:23 - 03007700 _____ () C:\Users\Admin\Downloads\revouninstaller(1).zip
2014-09-25 10:22 - 2014-09-25 10:23 - 03007700 _____ () C:\Users\Admin\Downloads\revouninstaller.zip
2014-09-23 20:40 - 2014-09-23 20:40 - 00000000 ____D () C:\ProgramData\LightScribe
2014-09-22 14:37 - 2014-09-22 14:55 - 00004158 _____ () C:\Windows\IE11_main.log
2014-09-22 14:25 - 2014-09-22 14:30 - 37059280 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE11-Windows6.1-x86-de-de.exe
2014-09-22 14:11 - 2014-09-25 11:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-22 14:11 - 2014-09-22 14:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-22 14:11 - 2014-09-22 14:11 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-22 14:11 - 2014-09-22 14:11 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-22 14:11 - 2014-09-22 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-22 14:11 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Abelssoft
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\Users\Admin\AppData\Local\Abelssoft
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-22 13:57 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-09-22 13:57 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-09-22 13:56 - 2014-09-22 13:56 - 00001456 _____ () C:\Users\Admin\Desktop\Goodgame Empire.lnk
2014-09-22 13:56 - 2014-09-22 13:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DesktopIconGoodgame
2014-09-22 13:55 - 2014-09-22 13:55 - 01101648 _____ () C:\Users\Admin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-09-22 13:17 - 2014-09-22 13:17 - 00002007 _____ () C:\Users\Public\Desktop\LightScribe.lnk
2014-09-22 13:17 - 2014-09-22 13:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-09-22 13:17 - 2014-09-22 13:17 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
2014-09-22 13:16 - 2014-09-22 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Calculator Plus
2014-09-22 13:16 - 2014-09-22 13:16 - 00000000 ____D () C:\Program Files\Microsoft Calculator Plus
2014-09-22 12:56 - 2014-09-25 09:23 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 12:56 - 2014-09-22 12:57 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-22 12:56 - 2014-09-22 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-22 12:56 - 2014-09-22 12:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-22 12:56 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-22 12:56 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-22 12:56 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-19 20:14 - 2014-09-19 20:14 - 00003472 ____N () C:\bootsqm.dat
2014-09-19 12:52 - 2014-09-25 14:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-15 13:44 - 2014-09-25 10:57 - 00002744 _____ () C:\Windows\setupact.log
2014-09-15 13:44 - 2014-09-25 10:56 - 00031720 _____ () C:\Windows\PFRO.log
2014-09-15 13:44 - 2014-09-15 13:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-15 13:11 - 2014-09-15 13:11 - 00000000 ____D () C:\ProgramData\Corel
2014-09-15 12:09 - 2014-09-15 12:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Axialis
2014-09-15 12:09 - 2014-09-15 12:09 - 00000000 ____D () C:\Program Files\My Company Name
2014-09-11 19:22 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 19:22 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 19:22 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 19:22 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 19:22 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 19:22 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 19:22 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 19:22 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 19:22 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 19:22 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 19:22 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 19:22 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 19:22 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 19:22 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 19:22 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 19:22 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 19:22 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 19:22 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 19:22 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 19:22 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 19:22 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 19:22 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 19:22 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 19:22 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 19:22 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 19:22 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 19:22 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 19:22 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 19:22 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 19:22 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 19:21 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 08:42 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 08:42 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 08:41 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 08:41 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 08:41 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 08:41 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-08 12:42 - 2014-09-08 12:42 - 00000000 ____D () C:\Users\Admin\cityguide
2014-08-31 19:50 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-31 19:50 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-25 14:52 - 2014-09-25 14:52 - 00018741 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-09-25 14:52 - 2014-09-25 14:51 - 00000000 ____D () C:\FRST
2014-09-25 14:49 - 2009-07-14 06:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 14:49 - 2009-07-14 06:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 14:33 - 2013-03-26 23:10 - 00000000 ____D () C:\Program Files\Java
2014-09-25 14:32 - 2014-09-19 12:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 14:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-25 14:27 - 2013-03-26 11:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-25 14:27 - 2013-03-26 11:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 14:27 - 2013-03-26 11:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-25 14:25 - 2014-09-25 14:23 - 17903792 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\install_flash_player_15_plugin.exe
2014-09-25 14:24 - 2014-09-25 14:24 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Sun
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-25 14:24 - 2014-09-25 14:24 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-25 14:24 - 2013-03-26 23:11 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-25 14:24 - 2013-03-26 23:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-25 14:24 - 2013-03-26 23:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-25 14:21 - 2014-09-25 14:16 - 29421992 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jre-7u67-windows-i586.exe
2014-09-25 14:18 - 2013-03-26 09:56 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 13:51 - 2014-09-25 13:51 - 00093766 _____ () C:\Users\Admin\Desktop\OTL.Txt
2014-09-25 13:51 - 2014-09-25 13:51 - 00056162 _____ () C:\Users\Admin\Desktop\Extras.Txt
2014-09-25 13:39 - 2014-09-25 13:39 - 05579290 _____ (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2014-09-25 13:38 - 2014-09-25 13:38 - 01098240 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-09-25 13:37 - 2014-09-25 13:37 - 00602112 _____ (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2014-09-25 13:36 - 2013-03-25 16:51 - 02037007 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 12:47 - 2014-09-25 12:47 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-25 12:47 - 2014-09-25 12:47 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-25 12:07 - 2013-03-26 09:56 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 11:36 - 2014-09-22 14:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-25 11:35 - 2014-09-25 11:35 - 00000110 _____ () C:\Windows\wininit.ini
2014-09-25 11:03 - 2013-03-25 17:03 - 01627394 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 10:57 - 2014-09-15 13:44 - 00002744 _____ () C:\Windows\setupact.log
2014-09-25 10:57 - 2014-05-17 11:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-25 10:57 - 2014-02-10 17:46 - 00000300 _____ () C:\Windows\Tasks\YPTPNWTTU.job
2014-09-25 10:57 - 2013-03-26 21:51 - 00000368 _____ () C:\Windows\Brownie.ini
2014-09-25 10:57 - 2013-03-25 19:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-25 10:57 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 10:56 - 2014-09-15 13:44 - 00031720 _____ () C:\Windows\PFRO.log
2014-09-25 10:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Vss
2014-09-25 10:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-09-25 10:50 - 2014-07-18 13:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2014-09-25 10:23 - 2014-09-25 10:23 - 03007700 _____ () C:\Users\Admin\Downloads\revouninstaller(1).zip
2014-09-25 10:23 - 2014-09-25 10:22 - 03007700 _____ () C:\Users\Admin\Downloads\revouninstaller.zip
2014-09-25 09:23 - 2014-09-22 12:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 12:43 - 2013-03-27 12:40 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-24 11:02 - 2013-03-27 13:32 - 00002395 _____ () C:\Users\Admin\AppData\Roaming\SAS7_000.DAT
2014-09-23 20:40 - 2014-09-23 20:40 - 00000000 ____D () C:\ProgramData\LightScribe
2014-09-23 20:38 - 2013-12-28 13:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\Nero
2014-09-22 15:10 - 2014-08-16 11:56 - 00000000 ____D () C:\Program Files\Unlocker
2014-09-22 14:55 - 2014-09-22 14:37 - 00004158 _____ () C:\Windows\IE11_main.log
2014-09-22 14:50 - 2013-03-25 19:33 - 00127912 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 14:49 - 2009-07-14 06:33 - 00442920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-22 14:45 - 2013-03-26 09:56 - 00000000 ____D () C:\Program Files\Google
2014-09-22 14:30 - 2014-09-22 14:25 - 37059280 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\IE11-Windows6.1-x86-de-de.exe
2014-09-22 14:15 - 2014-09-22 14:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-22 14:11 - 2014-09-22 14:11 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-22 14:11 - 2014-09-22 14:11 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-22 14:11 - 2014-09-22 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Abelssoft
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\Users\Admin\AppData\Local\Abelssoft
2014-09-22 13:57 - 2014-09-22 13:57 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-22 13:56 - 2014-09-22 13:56 - 00001456 _____ () C:\Users\Admin\Desktop\Goodgame Empire.lnk
2014-09-22 13:56 - 2014-09-22 13:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DesktopIconGoodgame
2014-09-22 13:55 - 2014-09-22 13:55 - 01101648 _____ () C:\Users\Admin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-09-22 13:17 - 2014-09-22 13:17 - 00002007 _____ () C:\Users\Public\Desktop\LightScribe.lnk
2014-09-22 13:17 - 2014-09-22 13:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-09-22 13:17 - 2014-09-22 13:17 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
2014-09-22 13:16 - 2014-09-22 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Calculator Plus
2014-09-22 13:16 - 2014-09-22 13:16 - 00000000 ____D () C:\Program Files\Microsoft Calculator Plus
2014-09-22 13:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-09-22 13:02 - 2014-08-16 11:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Desktopicon
2014-09-22 12:57 - 2014-09-22 12:56 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-22 12:57 - 2014-09-22 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-22 12:57 - 2014-09-22 12:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-22 09:45 - 2013-04-03 21:19 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-09-19 20:14 - 2014-09-19 20:14 - 00003472 ____N () C:\bootsqm.dat
2014-09-19 19:17 - 2013-11-18 20:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-15 13:44 - 2014-09-15 13:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-15 13:43 - 2014-04-22 12:50 - 00327680 _____ () C:\Windows\system32\Ikeext.etl
2014-09-15 13:12 - 2013-03-26 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
2014-09-15 13:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-15 13:11 - 2014-09-15 13:11 - 00000000 ____D () C:\ProgramData\Corel
2014-09-15 12:40 - 2014-08-21 20:22 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2014-09-15 12:10 - 2014-09-15 12:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Axialis
2014-09-15 12:09 - 2014-09-15 12:09 - 00000000 ____D () C:\Program Files\My Company Name
2014-09-13 19:25 - 2013-04-30 11:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-09-12 12:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-11 19:21 - 2014-08-21 20:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 19:21 - 2014-08-14 09:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 19:15 - 2014-08-22 07:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 19:15 - 2013-03-25 21:08 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 18:23 - 2013-03-26 21:57 - 00000000 ____D () C:\Users\Admin\Documents\SoftMaker
2014-09-08 12:42 - 2014-09-08 12:42 - 00000000 ____D () C:\Users\Admin\cityguide
2014-09-08 12:42 - 2013-03-25 17:02 - 00000000 ____D () C:\Users\Admin
2014-09-05 03:52 - 2014-09-11 08:41 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-11 08:41 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {current}
resumeobject {dffda71b-955a-11e2-a4db-94c68b5bf63b}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {dffda71d-955a-11e2-a4db-94c68b5bf63b}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {dffda71b-955a-11e2-a4db-94c68b5bf63b}
nx OptIn
Windows-Startladeprogramm
-------------------------
Bezeichner {dffda71d-955a-11e2-a4db-94c68b5bf63b}
device ramdisk=[C:]\Recovery\dffda71d-955a-11e2-a4db-94c68b5bf63b\Winre.wim,{dffda71e-955a-11e2-a4db-94c68b5bf63b}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\dffda71d-955a-11e2-a4db-94c68b5bf63b\Winre.wim,{dffda71e-955a-11e2-a4db-94c68b5bf63b}
systemroot \windows
nx OptIn
winpe Yes
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {dffda71b-955a-11e2-a4db-94c68b5bf63b}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows-Speicherdiagnose
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {dffda71e-955a-11e2-a4db-94c68b5bf63b}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\dffda71d-955a-11e2-a4db-94c68b5bf63b\boot.sdi
LastRegBack: 2014-09-16 13:23
==================== End Of Log ============================
--- --- --- |
| Themen zu ESET Ponmocup.AA Trojan etc. - Pc Probleme mit verscheidenen Auswirkungen |
| bootmgr, calculator, conduit.search, conduit.search entfernen, fehlercode 0x5, fehlercode 0xc0000005, fehlercode 0xc00000fd, fehlercode 22, fehlercode windows, festplatte, flash player, install.exe, neue festplatte, nodrives, safer networking, software, superantispyware, svchost.exe, total commander, win32/browsefox.c, win32/complitly.a, win32/conduit.searchprotect.k, win32/firseriainstaller.f, win32/installcore.po, win32/ponmocup.aa, win32/pricegong.a, win32/searchplugin.a, win32/toolbar.babylon.e, win32/toolbar.babylon.f, windows, wuauclt.exe |
Baum-Darstellung