Windows 7: BKA Trojaner - Bildschirm wird gesperrt

fkn88 · 06.11.2014, 00:18

Guten Abend!
Ich hoffe Ihr könnt mir helfen.
Nach langen suchen habe ich dieses interessante Forum gefunden, wo ich jetzt einmal meine Probleme schildern werde.

Ich habe einen Windows 7 Laptop von Acer, Updates etc werden automatisch installiert.
Nun habe ich seit heute folgendes Problem:
Der PC fährt ganz normal hoch, ich kann mich anmelden und dann braucht er schon viel länger um alles aufn Desktop darzustellen usw..
Normalerweise dauert das nicht so lang doch jetzt schon.
In der Symbolleiste kann ich nach einigen Sekunden gar nichts mehr drücken und sonst reagiert er auch nicht mehr. Erst nach 1-2 Minuten läuft er augenscheinlich wieder "normal" doch dem ist nicht so, denn dann poppt aus dem nichts ein Sperrbildschirm mit Merkel, Interpol, GVU und aktivierter Webcam auf. Die mich auffordert Geld zu überweisen mit der paysafecard.

Durch zufälliges herumprobieren habe ich es allerdings geschafft den Sperrbildschirm zu umgehen. Indem ich STRG + ALT + ENTF gedrückt habe und dann auf den Ausschaltbutton.
Dann erschien das Fenster mit Programme zwingen zu schließen (oder so ähnlich) dort drückte ich Abbrechen und dann lief der PC auch wieder normal.

Ich lies den Virenscanner durchlaufen Microsoft Security Essentials der fand auch was, dies löschte ich. Versuchte es mit einen Neustart kein erfolg.

In Abgesicherten Modus komme ich auch nicht rein-> bootet er automatisch neu

Kaspersky WindowsUnLocker CD -> blieb immer an der gleichen Stelle im Menü hängen

Da ich den Sperrbildschirm ja umgehen konnte, habe ich auch die folgenden Log-Files machen können.

schrauber · 06.11.2014, 06:05

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

fkn88 · 06.11.2014, 08:06

ah sry -.-

defogger_disable.log

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:54 on 05/11/2014 (fkn1337)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by fkn1337 (administrator) on FKN1337-LAPTOP on 05-11-2014 22:56:07
Running from C:\Users\fkn1337\Desktop
Loaded Profiles: UpdatusUser & fkn1337 (Available profiles: UpdatusUser & fkn1337)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
() C:\Program Files (x86)\Media remote\Media remote.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\JavaEditor\javaeditor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\NielsenOnline64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [Media remote] => C:\Program Files (x86)\Media remote\Media remote.exe [1535000 2011-05-18] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ACPW06DE] => C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1234120 2012-12-17] (ACD Systems)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1070160 2011-02-11] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe [189488 2011-01-11] (Egis Technology Inc. )
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [91872 2014-09-03] (The Nielsen Company)
HKLM-x32\...\Run: [uni mouse driver] => C:\Mouse driver\mouse_driver.exe [2972672 2011-11-09] ()
HKLM-x32\...\Run: [uni mouse driver tilt] => C:\Mouse driver\wh_exec.exe [147456 2010-10-05] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-707742038-2074413653-2549995330-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default øn                                   
HKU\S-1-5-21-707742038-2074413653-2549995330-1001\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-707742038-2074413653-2549995330-1001\...\MountPoints2: {529fb8fc-35a6-11e4-bacd-005056c00008} - E:\AutoRun.exe
HKU\S-1-5-21-707742038-2074413653-2549995330-1001\...\MountPoints2: {b8b7a6d2-33fe-11e3-a1cd-005056c00008} - E:\.\autorun.exe
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [Del6666531] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\fkn1337\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\fkn1337\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\fkn1337\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\ProgramData\E2C7EE97.cpp (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2750E6AEB337CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: AlxHelper Class -> {F443A627-5009-4323-9C1D-7FD598D0D712} -> C:\Program Files (x86)\Alexa Toolbar\AlexaToolbar.11.0.dll (Alexa.com)
Toolbar: HKLM-x32 - Alexa Toolbar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Alexa Toolbar\AlexaToolbar.11.0.dll (Alexa.com)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default
FF DefaultSearchEngine,S: 
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&CUI=UN39482860273249443&UM=1&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: 
FF SearchEngineOrder.1,S: 
FF SelectedSearchEngine,S: 
FF Homepage: about:home
FF Keyword.URL: hxxp://search.toolbars.alexa.com/?ver=alxf-2.21&src=ab&aid=hpsbi1Yacy000C&q=
FF NetworkProxy: "ftp", "188.165.85.115"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "188.165.85.115"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "188.165.85.115"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "188.165.85.115"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF user.js: detected! => C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\user.js
FF SearchPlugin: C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\searchplugins\web-search-powered-by-google.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SparPilot - Gutscheine &amp; mehr... - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\sparpilot@sparpilot.com [2014-10-01]
FF Extension: TabGroups Manager - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8} [2013-08-26]
FF Extension: Webmail Ad Blocker - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\gmailnoads@mywebber.com.xpi [2013-10-24]
FF Extension: Boerse.bz Bypass - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\jid1-vasLCl9ZsexfAQ@jetpack.xpi [2014-07-18]
FF Extension: PageRank - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\PageRank@addonfactory.in.xpi [2013-08-12]
FF Extension: Stealthy - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\stealthyextension@gmail.com.xpi [2013-07-19]
FF Extension: Alexa Toolbar - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\toolbar@alexa.com.xpi [2013-09-09]
FF Extension: {66003e34-9cf3-45fa-b936-cc5878bedac3} - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\{66003e34-9cf3-45fa-b936-cc5878bedac3}.xpi [2014-09-29]
FF Extension: SearchStatus - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2013-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt
FF Extension:  Password Bank Extension  - C:\Program Files (x86)\Acer Bio Protection\FFExt [2012-05-25]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF Extension: Nielsen NetSight - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi [2014-11-05]

Chrome: 
=======
CHR HKCU\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2012-05-09]
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2012-05-09]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\fkn1337\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-09-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [318000 2011-01-11] (Egis Technology Inc. )
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2932448 2014-09-03] (The Nielsen Company)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-12-18] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2012-12-18] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
S2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed]
S2 Winmgmt; C:\ProgramData\79EE7C2E.dot [331776 2014-11-04] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AppObserver; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [15584 2014-09-03] (The Nielsen Company)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [26848 2014-09-03] (The Nielsen Company)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)
R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
R3 whfltr2k; C:\Windows\SysWOW64\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 22:55 - 2014-11-05 22:56 - 00022083 _____ () C:\Users\fkn1337\Desktop\FRST.txt
2014-11-05 22:55 - 2014-11-05 22:56 - 00000000 ____D () C:\FRST
2014-11-05 22:54 - 2014-11-05 22:54 - 00000476 _____ () C:\Users\fkn1337\Desktop\defogger_disable.log
2014-11-05 22:54 - 2014-11-05 22:54 - 00000000 _____ () C:\Users\fkn1337\defogger_reenable
2014-11-05 22:54 - 2014-11-05 19:56 - 02114560 _____ (Farbar) C:\Users\fkn1337\Desktop\FRST64.exe
2014-11-05 22:53 - 2014-11-05 22:48 - 00050477 _____ () C:\Users\fkn1337\Desktop\Defogger.exe
2014-11-05 21:03 - 2014-11-05 21:03 - 00387584 _____ () C:\Users\fkn1337\Downloads\rescue2usb.exe
2014-11-05 20:56 - 2014-11-05 20:58 - 310095872 _____ () C:\Users\fkn1337\Downloads\kav_rescue_10.iso
2014-11-05 19:27 - 2014-11-05 22:48 - 00000392 _____ () C:\Windows\setupact.log
2014-11-05 19:27 - 2014-11-05 19:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-04 17:46 - 2014-11-04 18:21 - 00048128 _____ () C:\Users\fkn1337\Desktop\4.wps
2014-11-04 12:57 - 2014-11-04 12:57 - 00331776 ____T () C:\ProgramData\79EE7C2E.dot
2014-11-04 12:57 - 2014-11-04 12:57 - 00233472 _____ (Microsoft Corporation) C:\ProgramData\E2C7EE97.cpp
2014-10-28 08:23 - 2014-10-27 14:48 - 00000000 ____D () C:\Users\fkn1337\Downloads\The.Big.Bang.Theory.S07E21.Schulmaedchenreport.GERMAN.DUBBED.BLURAYRiP.x264-SOF
2014-10-28 08:21 - 2014-10-28 08:23 - 197037024 _____ () C:\Users\fkn1337\Downloads\tbbt.s07e21.rar
2014-10-27 13:10 - 2014-11-01 18:06 - 00000369 _____ () C:\Users\fkn1337\Desktop\Untitled_1.css
2014-10-27 12:56 - 2014-11-01 19:27 - 00004147 _____ () C:\Users\fkn1337\Desktop\buchwebseite.html
2014-10-27 09:15 - 2014-10-27 09:29 - 00010240 _____ () C:\Users\fkn1337\Desktop\Microsoft Excel Document (neu).xls
2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ___SD () C:\Users\fkn1337\Documents\My Web Sites
2014-10-23 10:58 - 2008-07-12 07:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-10-23 10:57 - 2014-10-23 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2014-10-23 10:57 - 2014-10-23 10:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-10-23 10:57 - 2014-10-23 10:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Expression
2014-10-23 10:25 - 2014-10-23 10:36 - 103542856 _____ (Microsoft Corporation) C:\Users\fkn1337\Downloads\Web_Trial_en.exe
2014-10-17 09:15 - 2014-10-17 09:18 - 00000000 ____D () C:\ProgramData\TrackMania
2014-10-17 09:09 - 2014-10-21 09:47 - 00000000 ____D () C:\Users\fkn1337\Documents\TrackMania
2014-10-17 09:08 - 2014-10-17 09:08 - 00001112 _____ () C:\Users\Public\Desktop\TmNationsForever.lnk
2014-10-17 09:08 - 2014-10-17 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
2014-10-17 09:07 - 2014-10-17 09:08 - 00000000 ____D () C:\Program Files (x86)\TmNationsForever
2014-10-15 15:10 - 2014-10-15 15:10 - 03666100 _____ () C:\Users\fkn1337\Downloads\Einfuehrung.Perl.rar
2014-10-15 15:09 - 2014-10-15 15:10 - 16582516 _____ () C:\Users\fkn1337\Downloads\Programmieren.lernen.Perl.rar
2014-10-15 08:39 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 08:39 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 08:39 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 08:39 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 08:39 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 08:39 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 08:39 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 08:39 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 08:39 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 08:39 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 08:39 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 08:39 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 08:39 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 08:38 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 08:38 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 08:38 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 08:38 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 08:38 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 08:38 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 08:38 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 08:38 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 08:38 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 08:38 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 08:38 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 08:38 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 08:38 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 08:38 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 08:38 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 08:38 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 08:38 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 08:38 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 08:38 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 08:38 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 08:38 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 08:38 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 08:38 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 08:38 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 08:38 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 08:38 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 08:38 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 08:38 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 08:38 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 08:38 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 08:38 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 08:38 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 08:38 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 08:38 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 08:38 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 08:38 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 08:38 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 08:38 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 08:38 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 08:38 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 08:38 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 08:38 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 08:38 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 08:38 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 08:38 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 08:38 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 08:38 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 08:38 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 08:38 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 08:38 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 08:38 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 08:38 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 08:38 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 08:38 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 08:38 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 08:38 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 08:38 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 08:38 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 08:38 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 08:38 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 08:38 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 08:38 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 08:38 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 08:38 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 08:38 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 08:38 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 08:38 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 08:38 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 08:38 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 08:38 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 08:38 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 08:38 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 08:38 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 08:38 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 08:38 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 08:38 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 08:38 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 08:38 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 08:38 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 08:38 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 08:38 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 08:38 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 08:38 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 08:33 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 08:33 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 08:33 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 08:33 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 08:33 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 08:33 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 08:33 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 08:33 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 08:33 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 08:33 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 08:33 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 08:33 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 08:33 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 08:33 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 08:33 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 08:33 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 10:59 - 2014-10-14 11:07 - 00000000 ____D () C:\Users\fkn1337\Documents\Adobe
2014-10-14 09:51 - 2014-10-14 10:13 - 00000000 ____D () C:\Users\fkn1337\Desktop\BESTofSEEED,Culcha USW
2014-10-09 06:23 - 2014-07-25 11:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-09 06:23 - 2014-07-25 11:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-09 06:23 - 2014-07-25 11:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-09 06:23 - 2014-07-25 11:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-09 06:22 - 2014-10-09 06:23 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 22:55 - 2013-05-13 12:09 - 00000000 ___RD () C:\Users\fkn1337\Dropbox
2014-11-05 22:54 - 2012-06-26 18:56 - 00000000 ____D () C:\Users\fkn1337
2014-11-05 22:53 - 2013-05-13 12:06 - 00000000 ____D () C:\Users\fkn1337\AppData\Roaming\Dropbox
2014-11-05 22:49 - 2012-05-25 09:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-11-05 22:48 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 22:21 - 2012-05-25 08:50 - 01324132 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 22:21 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 22:21 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 22:12 - 2013-06-21 10:01 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-11-05 21:46 - 2013-12-01 19:12 - 00000378 _____ () C:\Windows\Tasks\WpsUpdateTask_fkn1337.job
2014-11-05 19:43 - 2013-11-14 12:09 - 04261888 ___SH () C:\Users\fkn1337\Desktop\Thumbs.db
2014-11-05 18:27 - 2012-06-27 16:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 16:33 - 2012-10-16 06:07 - 00000000 ____D () C:\Windows\Minidump
2014-11-05 16:29 - 2012-05-25 18:43 - 00702366 _____ () C:\Windows\system32\perfh007.dat
2014-11-05 16:29 - 2012-05-25 18:43 - 00151000 _____ () C:\Windows\system32\perfc007.dat
2014-11-05 16:29 - 2009-07-14 06:13 - 01628802 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 16:20 - 2012-11-07 11:17 - 00000000 ____D () C:\Users\fkn1337\AppData\Roaming\VMware
2014-11-05 16:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-05 16:18 - 2012-11-19 09:40 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2
2014-11-05 09:20 - 2013-03-01 09:53 - 00000192 _____ () C:\Users\fkn1337\.packettracer
2014-11-03 10:32 - 2012-11-07 11:17 - 00000000 ____D () C:\Users\fkn1337\AppData\Local\VMware
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 09:33 - 2012-10-21 23:08 - 00000000 ____D () C:\Program Files (x86)\DealPly
2014-10-28 09:03 - 2012-10-21 23:08 - 00000000 ____D () C:\Users\fkn1337\AppData\Roaming\vlc
2014-10-27 11:57 - 2014-07-24 12:51 - 00000000 ____D () C:\Users\fkn1337\AppData\Local\Eclipse
2014-10-27 11:57 - 2013-03-14 07:32 - 00000000 ____D () C:\Users\fkn1337\workspace
2014-10-27 11:56 - 2014-07-24 12:49 - 00000000 ____D () C:\Users\fkn1337\Downloads\eclipse
2014-10-25 15:47 - 2013-11-12 13:21 - 00000000 ____D () C:\Users\fkn1337\AppData\Local\CutePDF Writer
2014-10-23 09:32 - 2013-10-02 12:53 - 00010112 _____ () C:\Users\fkn1337\Documents\inseln_ferienhaus_02_10_2013.mwb
2014-10-21 13:33 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-21 09:39 - 2012-06-26 18:56 - 00000000 ____D () C:\Users\fkn1337\AppData\Local\VirtualStore
2014-10-19 14:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 09:09 - 2011-07-08 10:46 - 00261727 _____ () C:\Windows\DirectX.log
2014-10-16 06:14 - 2009-07-14 05:45 - 00525704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 06:12 - 2014-05-08 09:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 06:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 06:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 19:11 - 2013-07-15 01:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 18:55 - 2012-09-16 20:40 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 11:31 - 2014-08-01 15:06 - 00001456 _____ () C:\Users\fkn1337\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-10-14 11:07 - 2012-06-26 20:31 - 00000000 ____D () C:\Users\fkn1337\AppData\Roaming\Adobe
2014-10-14 08:50 - 2013-02-12 21:43 - 00000000 ____D () C:\Users\fkn1337\RAR_DL
2014-10-14 08:49 - 2012-10-10 20:03 - 00000000 ____D () C:\Users\fkn1337\Downloads\sft-loader_2009_final
2014-10-09 07:50 - 2013-04-22 08:54 - 00000000 ____D () C:\Users\fkn1337\AppData\Roaming\Origin
2014-10-09 07:50 - 2013-04-22 08:53 - 00000000 ____D () C:\Users\fkn1337\AppData\Local\Origin
2014-10-09 07:50 - 2013-04-22 08:51 - 00000000 ____D () C:\ProgramData\Origin
2014-10-09 07:50 - 2013-04-22 08:51 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-09 07:22 - 2013-10-02 12:53 - 00009070 _____ () C:\Users\fkn1337\Documents\inseln_ferienhaus_02_10_2013.mwb.bak
2014-10-09 06:23 - 2013-10-21 17:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-09 06:23 - 2013-06-25 11:13 - 00000000 ____D () C:\Program Files (x86)\Java

Files to move or delete:
====================
C:\Users\fkn1337\Aufgabe2_OTTO.bat
C:\Users\fkn1337\aufgabe3.bat
C:\Users\fkn1337\parameter.bat
C:\Users\fkn1337\XXX.bat


Some content of TEMP:
====================
C:\Users\fkn1337\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvewvx3.dll
C:\Users\fkn1337\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-27 08:55

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by fkn1337 at 2014-11-05 22:56:53
Running from C:\Users\fkn1337\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
ACDSee Pro 6 (HKLM\...\{CAF674E0-808C-4CF4-8868-A755EBABA228}) (Version: 6.3.221 - ACD Systems International Inc.)
Acer Arcade Instant On (x32 Version: 3.1.6.1 - Acer) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)
Acer Bio Protection (HKLM-x32\...\InstallShield_{FD588AD4-9150-4A41-83E8-61596E0954E4}) (Version: 7.0.68.0 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1523 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3004 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActivePerl 5.16.3 Build 1603 (64-bit) (HKLM\...\{8C327061-E39D-4696-84A8-E84533ADDD7D}) (Version: 5.16.1603 - ActiveState)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Aiseesoft Total Video Converter Platinum 6.3.22 (HKLM-x32\...\Aiseesoft Total Video Converter Platinum_is1) (Version:  - )
Alexa工具栏 (HKLM\...\Alexa Toolbar) (Version: 11.0.2013.0827 - Alexa.com互联网)
Altdeutsch 4 OpenType (HKLM-x32\...\Altdeutsch 4 OpenType_is1) (Version:  - Will Software)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - )
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) Hidden
BioExcess (Version: 7.0.68.0 - Egis Technology Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco Packet Tracer 5.3.3 (HKLM-x32\...\Cisco Packet Tracer 5.3.3_is1) (Version:  - Cisco Systems, Inc.)
CodeBlocks (HKCU\...\CodeBlocks) (Version: 10.05 - The Code::Blocks Team)
COM Port Data Emulator (HKLM-x32\...\COM Port Data Emulator_is1) (Version: 2 - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crystal Reports 2008 Runtime (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.0.0.683 - Business Objects)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Express Burn (HKLM-x32\...\ExpressBurn) (Version:  - NCH Software)
Fingerprint Solution (x32 Version: 7.0.68.0 - Egis Technology Inc.) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Hello Engines! 7 (HKLM-x32\...\{8C151E54-94A8-4D18-9580-C2190F7FD3A8}) (Version: 7.2.2 - AceBIT)
HHD Software Free Virtual Serial Ports 2.02 (HKLM\...\{C3DC8190-A8DB-4D44-B9B2-3AF919CB7504}) (Version: 2.2.0.172 - HHD Software, Ltd.)
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
inSSIDer 3 (HKLM-x32\...\{CDF246AE-C6E3-438F-AA76-21700DCC15F6}) (Version: 3.0.6.42 - MetaGeek, LLC)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417011FF}) (Version: 7.0.110 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java SE Development Kit 7 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170110}) (Version: 1.7.0.110 - Oracle)
Java-Editor 11.29a, 2013.01.14 (HKLM-x32\...\{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1) (Version:  - Gerhard Röhner)
JDownloader 2 (HKLM-x32\...\0630-0716-3135-7887) (Version: 2 - AppWork GmbH)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kingsoft Office 2013 (9.1.0.4246) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4246 - Kingsoft Corp.)
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.2 - Acer Inc.)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{2E01C311-3ED2-42CF-B1E9-9A36D4B9E26B}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
Media remote R01.10 (HKLM-x32\...\{4292E6B0-1532-4700-BF0F-73A7367FC000}) (Version: 1.0.0.25 - SUYIN)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MixPad Audiodatei-Mixer (HKLM-x32\...\MixPad) (Version:  - NCH Software)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.25.00.03 - Huawei Technologies Co.,Ltd)
Mouse driver v1.0 (HKLM-x32\...\uni mouse driver) (Version:  - )
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MySQL Workbench 6.0 CE (HKLM-x32\...\{0BBFADE9-0CA5-4AA3-BC90-629CE53952CF}) (Version: 6.0.6 - Oracle Corporation)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Namo WebEditor 9 (HKLM-x32\...\{E4F6C5BD-023B-4352-9C1C-7851F5A3AE82}) (Version: 8.00.000 - Namo Interactive, Inc.)
NCH Tone Generator (HKLM-x32\...\ToneGen) (Version: 3.04 - NCH Software)
NetObjects Fusion 12.0 (HKLM-x32\...\{E7125D4F-D9B5-469E-8876-6F91676C6ACE}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5041 - NetObjects) Hidden
Network Stumbler 0.4.0 (remove only) (HKLM-x32\...\Network Stumbler) (Version:  - )
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nielsen (HKLM-x32\...\NetSight) (Version:  - )
nLite 1.4.9.1 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.1 - Dino Nuhagic (nuhi))
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.3 - )
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 268.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.30 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.213.1 - Tracker Software Products Ltd)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6374 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Soft-Central SC-PassUnleash (HKLM-x32\...\Soft-Central SC-PassUnleash) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
Vegas Pro 12.0 (64-bit) (HKLM\...\{8858A840-1D35-11E2-A8C7-F04DA23A5C58}) (Version: 12.0.394 - Sony)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 5.0.0 - VMware, Inc)
VMwarePlayer_x64 (Version: 5.0.0 - VMware, Inc.) Hidden
WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 5.49 - NCH Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR Archivierer (HKLM-x32\...\WinRAR archiver) (Version:  - )
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{844AB9BC-7FD9-404E-A4ED-A5E82CD418EB}) (Version: 21.01.8499 - Buhl Data Service GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-1 - BitNami)
Xirrus Wi-Fi Inspector (HKLM-x32\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)
ZOC Terminal 6.5 (HKLM-x32\...\ZOC6) (Version: 6.54 - EmTec Innovative Software)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-707742038-2074413653-2549995330-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\fkn1337\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-707742038-2074413653-2549995330-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-707742038-2074413653-2549995330-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-707742038-2074413653-2549995330-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-707742038-2074413653-2549995330-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-707742038-2074413653-2549995330-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-707742038-2074413653-2549995330-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-707742038-2074413653-2549995330-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-707742038-2074413653-2549995330-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F554083-75C4-434A-A3A0-AA9741BE1FDE} - System32\Tasks\HHD Software\Virtual Serial Ports\Configuration Loader Task
Task: {0FDEC836-1F05-4A57-8EB0-D53796BE38B1} - System32\Tasks\WpsUpdateTask_fkn1337 => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2014-08-07] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {7F26D40A-24AA-4D7B-97BD-086F41832815} - System32\Tasks\DealPly => C:\Users\fkn1337\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {807301A9-ECCD-4A30-A50E-543775A5A8C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {A717B228-5202-4E63-B5DC-53367CBE25D7} - System32\Tasks\NCH Software\ExpressBurnReminder => C:\Program Files (x86)\NCH Software\ExpressBurn\ExpressBurn.exe [2012-09-28] (NCH Software)
Task: {C3A6803B-8044-4200-AC7A-215656361CE0} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe [2012-05-09] (DealPly) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\WpsUpdateTask_fkn1337.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2009-01-22 00:45 - 2009-01-22 00:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2014-11-04 12:57 - 2014-11-04 12:57 - 00331776 ____T () c:\ProgramData\79EE7C2E.dot
2013-11-12 13:18 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2012-10-10 20:02 - 2005-06-07 11:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-09-06 10:32 - 2014-02-15 07:59 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2011-07-08 11:10 - 2011-03-26 08:29 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-25 09:46 - 2011-05-18 16:41 - 01535000 _____ () C:\Program Files (x86)\Media remote\Media remote.exe
2012-10-01 23:21 - 2012-12-18 13:00 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-10-01 23:21 - 2012-12-18 13:00 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2013-01-21 07:24 - 2013-01-14 18:22 - 04612608 _____ () C:\Program Files (x86)\JavaEditor\javaeditor.exe
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-15 19:37 - 2011-02-15 19:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-02-15 19:36 - 2011-02-15 19:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-02-15 19:37 - 2011-02-15 19:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-07-18 22:07 - 2011-07-18 22:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2011-09-21 21:46 - 2011-09-21 21:46 - 01673728 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2014-10-01 11:40 - 2014-09-03 12:56 - 00505344 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\communication.dll
2012-11-20 15:44 - 2014-09-03 13:01 - 00504832 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\nsmmc.dll
2014-10-01 11:40 - 2014-09-03 12:57 - 00596480 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npchromeinstaller.dll
2014-10-01 11:40 - 2014-09-03 12:57 - 01247232 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npffaddons.dll
2014-10-01 11:40 - 2014-09-03 12:58 - 00851968 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npfirefoxprocessor.dll
2014-10-01 11:40 - 2014-09-03 12:56 - 00150528 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npsp1.dll
2014-10-01 11:40 - 2014-09-03 12:57 - 00228864 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npsurvey.dll
2014-10-01 11:40 - 2014-09-03 12:57 - 00224768 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\npwmi.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:C46995DA
AlternateDataStreams: C:\Users\fkn1337\.DS_Store:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-707742038-2074413653-2549995330-500 - Administrator - Disabled)
fkn1337 (S-1-5-21-707742038-2074413653-2549995330-1001 - Administrator - Enabled) => C:\Users\fkn1337
Gast (S-1-5-21-707742038-2074413653-2549995330-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-707742038-2074413653-2549995330-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-707742038-2074413653-2549995330-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/05/2014 10:53:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000120b9
ID des fehlerhaften Prozesses: 0xa84
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (11/05/2014 10:04:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000120b9
ID des fehlerhaften Prozesses: 0xe54
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (11/05/2014 09:34:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000120b9
ID des fehlerhaften Prozesses: 0xdb8
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (11/05/2014 08:52:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000120b9
ID des fehlerhaften Prozesses: 0xee4
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (11/05/2014 04:22:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 10:08:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000120b9
ID des fehlerhaften Prozesses: 0xe10
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (11/05/2014 09:57:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000120b9
ID des fehlerhaften Prozesses: 0xdd0
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (11/05/2014 09:50:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000120b9
ID des fehlerhaften Prozesses: 0xdd4
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (11/05/2014 09:31:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000120b9
ID des fehlerhaften Prozesses: 0xe04
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3

Error: (11/05/2014 09:14:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Name des fehlerhaften Moduls: ePowerTray.exe, Version: 6.0.3006.0, Zeitstempel: 0x4d63b25c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000120b9
ID des fehlerhaften Prozesses: 0xdb0
Startzeit der fehlerhaften Anwendung: 0xePowerTray.exe0
Pfad der fehlerhaften Anwendung: ePowerTray.exe1
Pfad des fehlerhaften Moduls: ePowerTray.exe2
Berichtskennung: ePowerTray.exe3


System errors:
=============
Error: (11/05/2014 11:08:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (11/05/2014 11:07:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (11/05/2014 11:07:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (11/05/2014 11:06:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (11/05/2014 11:06:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (11/05/2014 11:05:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (11/05/2014 11:05:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (11/05/2014 11:04:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (11/05/2014 11:04:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (11/05/2014 11:03:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127


Microsoft Office Sessions:
=========================
Error: (11/05/2014 10:53:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe6.0.3006.04d63b25cePowerTray.exe6.0.3006.04d63b25cc000000500000000000120b9a8401cff9424878f8f0C:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exe3555305f-6536-11e4-826f-005056c00008

Error: (11/05/2014 10:04:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe6.0.3006.04d63b25cePowerTray.exe6.0.3006.04d63b25cc000000500000000000120b9e5401cff93b5bb804a3C:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exe5c45a7e5-652f-11e4-9127-005056c00008

Error: (11/05/2014 09:34:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe6.0.3006.04d63b25cePowerTray.exe6.0.3006.04d63b25cc000000500000000000120b9db801cff9373267a159C:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exe3301d8f5-652b-11e4-a408-005056c00008

Error: (11/05/2014 08:52:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe6.0.3006.04d63b25cePowerTray.exe6.0.3006.04d63b25cc000000500000000000120b9ee401cff9314ee58a95C:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exe51a94021-6525-11e4-be6e-005056c00008

Error: (11/05/2014 04:22:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2014 10:08:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe6.0.3006.04d63b25cePowerTray.exe6.0.3006.04d63b25cc000000500000000000120b9e1001cff8d771b0eb83C:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exe5998e294-64cb-11e4-ab45-005056c00008

Error: (11/05/2014 09:57:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe6.0.3006.04d63b25cePowerTray.exe6.0.3006.04d63b25cc000000500000000000120b9dd001cff8d5fdd82bc6C:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.execa1982b2-64c9-11e4-9694-005056c00008

Error: (11/05/2014 09:50:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe6.0.3006.04d63b25cePowerTray.exe6.0.3006.04d63b25cc000000500000000000120b9dd401cff8d50c42e494C:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exed7db12a0-64c8-11e4-947b-005056c00008

Error: (11/05/2014 09:31:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe6.0.3006.04d63b25cePowerTray.exe6.0.3006.04d63b25cc000000500000000000120b9e0401cff8d235b94db0C:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exe1a0bc949-64c6-11e4-a97e-005056c00008

Error: (11/05/2014 09:14:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe6.0.3006.04d63b25cePowerTray.exe6.0.3006.04d63b25cc000000500000000000120b9db001cff8d017f87626C:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exed2aa08de-64c3-11e4-8f2a-005056c00008


CodeIntegrity Errors:
===================================
  Date: 2014-11-03 09:01:01.191
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-03 09:01:01.077
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-21 10:39:31.688
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-21 10:39:31.574
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-20 07:21:12.811
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-20 07:21:12.720
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 11:58:45.170
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 11:58:45.046
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 11:55:48.289
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 11:55:48.175
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 8043.86 MB
Available physical RAM: 5861.72 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13899.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:337 GB) (Free:52.96 GB) NTFS
Drive d: (DATA) (Fixed) (Total:337.53 GB) (Free:16.62 GB) NTFS
Drive e: () (Removable) (Total:3.73 GB) (Free:1.4 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1549B0E5)
Partition 1: (Not Active) - (Size=20.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=3.5 GB) - (Type=12)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=674.5 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

So ich hoffe es passt nun.

fkn88 · 06.11.2014, 08:07

Gmer

Code:

ATTFilter

GMER Logfile:GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-05 23:39:12
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GN00 698.64GB
Running: Gmer-19357.exe; Driver: C:\Users\fkn1337\AppData\Local\Temp\awliqkod.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                 0000000075941401 2 bytes JMP 75dfb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                   0000000075941419 2 bytes JMP 75dfb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                 0000000075941431 2 bytes JMP 75e78ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                 000000007594144a 2 bytes CALL 75dd48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                * 9
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                    00000000759414dd 2 bytes JMP 75e787a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17             00000000759414f5 2 bytes JMP 75e78978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                    000000007594150d 2 bytes JMP 75e78698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17             0000000075941525 2 bytes JMP 75e78a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                   000000007594153d 2 bytes JMP 75defca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                        0000000075941555 2 bytes JMP 75df68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                 000000007594156d 2 bytes JMP 75e78f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                   0000000075941585 2 bytes JMP 75e78ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                      000000007594159d 2 bytes JMP 75e7865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                   00000000759415b5 2 bytes JMP 75defd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                 00000000759415cd 2 bytes JMP 75dfb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20             00000000759416b2 2 bytes JMP 75e78e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31             00000000759416bd 2 bytes JMP 75e785f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                 0000000075941401 2 bytes JMP 75dfb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                   0000000075941419 2 bytes JMP 75dfb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                 0000000075941431 2 bytes JMP 75e78ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                 000000007594144a 2 bytes CALL 75dd48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                * 9
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                    00000000759414dd 2 bytes JMP 75e787a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                             00000000759414f5 2 bytes JMP 75e78978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                    000000007594150d 2 bytes JMP 75e78698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                             0000000075941525 2 bytes JMP 75e78a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                   000000007594153d 2 bytes JMP 75defca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                        0000000075941555 2 bytes JMP 75df68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                 000000007594156d 2 bytes JMP 75e78f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                   0000000075941585 2 bytes JMP 75e78ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                      000000007594159d 2 bytes JMP 75e7865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                   00000000759415b5 2 bytes JMP 75defd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                 00000000759415cd 2 bytes JMP 75dfb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                             00000000759416b2 2 bytes JMP 75e78e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Media remote\Media remote.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                             00000000759416bd 2 bytes JMP 75e785f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                      0000000075941401 2 bytes JMP 75dfb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                        0000000075941419 2 bytes JMP 75dfb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                      0000000075941431 2 bytes JMP 75e78ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                      000000007594144a 2 bytes CALL 75dd48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                * 9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                         00000000759414dd 2 bytes JMP 75e787a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                  00000000759414f5 2 bytes JMP 75e78978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                         000000007594150d 2 bytes JMP 75e78698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                  0000000075941525 2 bytes JMP 75e78a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                        000000007594153d 2 bytes JMP 75defca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                             0000000075941555 2 bytes JMP 75df68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                      000000007594156d 2 bytes JMP 75e78f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                        0000000075941585 2 bytes JMP 75e78ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                           000000007594159d 2 bytes JMP 75e7865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                        00000000759415b5 2 bytes JMP 75defd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                      00000000759415cd 2 bytes JMP 75dfb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                  00000000759416b2 2 bytes JMP 75e78e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                  00000000759416bd 2 bytes JMP 75e785f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2940] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                   00000000717e17fa 2 bytes CALL 75dd11a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2940] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                               00000000717e1860 2 bytes CALL 75dd11a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2940] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                             00000000717e1942 2 bytes JMP 75cc7089 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2940] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                            00000000717e194d 2 bytes JMP 75cccba6 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                   00000000717e17fa 2 bytes CALL 75dd11a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                               00000000717e1860 2 bytes CALL 75dd11a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                             00000000717e1942 2 bytes JMP 75cc7089 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                            00000000717e194d 2 bytes JMP 75cccba6 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                     0000000075941401 2 bytes JMP 75dfb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                       0000000075941419 2 bytes JMP 75dfb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                     0000000075941431 2 bytes JMP 75e78ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                     000000007594144a 2 bytes CALL 75dd48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                * 9
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                        00000000759414dd 2 bytes JMP 75e787a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                 00000000759414f5 2 bytes JMP 75e78978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                        000000007594150d 2 bytes JMP 75e78698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                 0000000075941525 2 bytes JMP 75e78a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                       000000007594153d 2 bytes JMP 75defca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                            0000000075941555 2 bytes JMP 75df68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                     000000007594156d 2 bytes JMP 75e78f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                       0000000075941585 2 bytes JMP 75e78ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                          000000007594159d 2 bytes JMP 75e7865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                       00000000759415b5 2 bytes JMP 75defd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                     00000000759415cd 2 bytes JMP 75dfb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                 00000000759416b2 2 bytes JMP 75e78e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2980] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                 00000000759416bd 2 bytes JMP 75e785f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\vmnat.exe[2780] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4                                                          00000000745013b0 2 bytes JMP 75fd5660 C:\Windows\syswow64\SHELL32.dll
.text    C:\Windows\SysWOW64\vmnat.exe[2780] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20                                                         00000000745013c0 2 bytes CALL 77289cee C:\Windows\syswow64\msvcrt.dll
.text    ...                                                                                                                                                * 20
.text    C:\Windows\SysWOW64\vmnat.exe[2780] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22                                                         000000007450153e 2 bytes CALL 7606777c C:\Windows\syswow64\SHELL32.dll
.text    C:\Windows\SysWOW64\vmnat.exe[2780] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43                                                         0000000074501553 2 bytes CALL 75dd10ff C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                    0000000075941401 2 bytes JMP 75dfb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                      0000000075941419 2 bytes JMP 75dfb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                    0000000075941431 2 bytes JMP 75e78ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                    000000007594144a 2 bytes CALL 75dd48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                * 9
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                       00000000759414dd 2 bytes JMP 75e787a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                00000000759414f5 2 bytes JMP 75e78978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                       000000007594150d 2 bytes JMP 75e78698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                0000000075941525 2 bytes JMP 75e78a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                      000000007594153d 2 bytes JMP 75defca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                           0000000075941555 2 bytes JMP 75df68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                    000000007594156d 2 bytes JMP 75e78f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                      0000000075941585 2 bytes JMP 75e78ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                         000000007594159d 2 bytes JMP 75e7865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                      00000000759415b5 2 bytes JMP 75defd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                    00000000759415cd 2 bytes JMP 75dfb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                00000000759416b2 2 bytes JMP 75e78e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                00000000759416bd 2 bytes JMP 75e785f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                     0000000075941401 2 bytes JMP 75dfb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                       0000000075941419 2 bytes JMP 75dfb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                     0000000075941431 2 bytes JMP 75e78ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                     000000007594144a 2 bytes CALL 75dd48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                * 9
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                        00000000759414dd 2 bytes JMP 75e787a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                 00000000759414f5 2 bytes JMP 75e78978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                        000000007594150d 2 bytes JMP 75e78698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                 0000000075941525 2 bytes JMP 75e78a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                       000000007594153d 2 bytes JMP 75defca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                            0000000075941555 2 bytes JMP 75df68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                     000000007594156d 2 bytes JMP 75e78f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                       0000000075941585 2 bytes JMP 75e78ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                          000000007594159d 2 bytes JMP 75e7865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                       00000000759415b5 2 bytes JMP 75defd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                     00000000759415cd 2 bytes JMP 75dfb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                 00000000759416b2 2 bytes JMP 75e78e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                 00000000759416bd 2 bytes JMP 75e785f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 4                                                       00000000745013b0 2 bytes JMP 75fd5660 C:\Windows\syswow64\SHELL32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathW + 20                                                      00000000745013c0 2 bytes CALL 77289cee C:\Windows\syswow64\msvcrt.dll
.text    ...                                                                                                                                                * 20
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 22                                                      000000007450153e 2 bytes CALL 7606777c C:\Windows\syswow64\SHELL32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\SysWOW64\SHFolder.dll!SHGetFolderPathA + 43                                                      0000000074501553 2 bytes CALL 75dd10ff C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\SysWOW64\wsock32.dll!recv + 82                                                                   00000000717e17fa 2 bytes CALL 75dd11a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\SysWOW64\wsock32.dll!recvfrom + 88                                                               00000000717e1860 2 bytes CALL 75dd11a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 98                                                             00000000717e1942 2 bytes JMP 75cc7089 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 109                                                            00000000717e194d 2 bytes JMP 75cccba6 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                     0000000075941401 2 bytes JMP 75dfb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                       0000000075941419 2 bytes JMP 75dfb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                     0000000075941431 2 bytes JMP 75e78ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                     000000007594144a 2 bytes CALL 75dd48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                * 9
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                        00000000759414dd 2 bytes JMP 75e787a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                 00000000759414f5 2 bytes JMP 75e78978 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                        000000007594150d 2 bytes JMP 75e78698 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                 0000000075941525 2 bytes JMP 75e78a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                       000000007594153d 2 bytes JMP 75defca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                            0000000075941555 2 bytes JMP 75df68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                     000000007594156d 2 bytes JMP 75e78f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                       0000000075941585 2 bytes JMP 75e78ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                          000000007594159d 2 bytes JMP 75e7865c C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                       00000000759415b5 2 bytes JMP 75defd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                     00000000759415cd 2 bytes JMP 75dfb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                 00000000759416b2 2 bytes JMP 75e78e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\rundll32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                 00000000759416bd 2 bytes JMP 75e785f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                 0000000075941401 2 bytes JMP 75dfb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                   0000000075941419 2 bytes JMP 75dfb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                 0000000075941431 2 bytes JMP 75e78ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                 000000007594144a 2 bytes CALL 75dd48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                * 9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                    00000000759414dd 2 bytes JMP 75e787a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17             00000000759414f5 2 bytes JMP 75e78978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                    000000007594150d 2 bytes JMP 75e78698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17             0000000075941525 2 bytes JMP 75e78a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                   000000007594153d 2 bytes JMP 75defca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                        0000000075941555 2 bytes JMP 75df68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                 000000007594156d 2 bytes JMP 75e78f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                   0000000075941585 2 bytes JMP 75e78ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                      000000007594159d 2 bytes JMP 75e7865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                   00000000759415b5 2 bytes JMP 75defd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                 00000000759415cd 2 bytes JMP 75dfb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20             00000000759416b2 2 bytes JMP 75e78e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31             00000000759416bd 2 bytes JMP 75e785f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17        0000000075941401 2 bytes JMP 75dfb21b C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17          0000000075941419 2 bytes JMP 75dfb346 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17        0000000075941431 2 bytes JMP 75e78ea9 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42        000000007594144a 2 bytes CALL 75dd48ad C:\Windows\syswow64\KERNEL32.dll
.text    ...                                                                                                                                                * 9
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17           00000000759414dd 2 bytes JMP 75e787a2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17    00000000759414f5 2 bytes JMP 75e78978 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17           000000007594150d 2 bytes JMP 75e78698 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17    0000000075941525 2 bytes JMP 75e78a62 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17          000000007594153d 2 bytes JMP 75defca8 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17               0000000075941555 2 bytes JMP 75df68ef C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17        000000007594156d 2 bytes JMP 75e78f61 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17          0000000075941585 2 bytes JMP 75e78ac2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17             000000007594159d 2 bytes JMP 75e7865c C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17          00000000759415b5 2 bytes JMP 75defd41 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17        00000000759415cd 2 bytes JMP 75dfb2dc C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20    00000000759416b2 2 bytes JMP 75e78e24 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31    00000000759416bd 2 bytes JMP 75e785f1 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                 0000000075941401 2 bytes JMP 75dfb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                   0000000075941419 2 bytes JMP 75dfb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                 0000000075941431 2 bytes JMP 75e78ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                 000000007594144a 2 bytes CALL 75dd48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                * 9
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                    00000000759414dd 2 bytes JMP 75e787a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17             00000000759414f5 2 bytes JMP 75e78978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                    000000007594150d 2 bytes JMP 75e78698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17             0000000075941525 2 bytes JMP 75e78a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                   000000007594153d 2 bytes JMP 75defca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                        0000000075941555 2 bytes JMP 75df68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                 000000007594156d 2 bytes JMP 75e78f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                   0000000075941585 2 bytes JMP 75e78ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                      000000007594159d 2 bytes JMP 75e7865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                   00000000759415b5 2 bytes JMP 75defd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                 00000000759415cd 2 bytes JMP 75dfb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20             00000000759416b2 2 bytes JMP 75e78e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31             00000000759416bd 2 bytes JMP 75e785f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                 0000000075941401 2 bytes JMP 75dfb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                   0000000075941419 2 bytes JMP 75dfb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                 0000000075941431 2 bytes JMP 75e78ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                 000000007594144a 2 bytes CALL 75dd48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                * 9
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                    00000000759414dd 2 bytes JMP 75e787a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17             00000000759414f5 2 bytes JMP 75e78978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                    000000007594150d 2 bytes JMP 75e78698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17             0000000075941525 2 bytes JMP 75e78a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                   000000007594153d 2 bytes JMP 75defca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                        0000000075941555 2 bytes JMP 75df68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                 000000007594156d 2 bytes JMP 75e78f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                   0000000075941585 2 bytes JMP 75e78ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                      000000007594159d 2 bytes JMP 75e7865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                   00000000759415b5 2 bytes JMP 75defd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                 00000000759415cd 2 bytes JMP 75dfb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20             00000000759416b2 2 bytes JMP 75e78e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31             00000000759416bd 2 bytes JMP 75e785f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                 0000000075941401 2 bytes JMP 75dfb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                   0000000075941419 2 bytes JMP 75dfb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                 0000000075941431 2 bytes JMP 75e78ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                 000000007594144a 2 bytes CALL 75dd48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                * 9
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                    00000000759414dd 2 bytes JMP 75e787a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17             00000000759414f5 2 bytes JMP 75e78978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                    000000007594150d 2 bytes JMP 75e78698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17             0000000075941525 2 bytes JMP 75e78a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                   000000007594153d 2 bytes JMP 75defca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                        0000000075941555 2 bytes JMP 75df68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                 000000007594156d 2 bytes JMP 75e78f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                   0000000075941585 2 bytes JMP 75e78ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                      000000007594159d 2 bytes JMP 75e7865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                   00000000759415b5 2 bytes JMP 75defd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                 00000000759415cd 2 bytes JMP 75dfb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20             00000000759416b2 2 bytes JMP 75e78e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31             00000000759416bd 2 bytes JMP 75e785f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                              0000000075941401 2 bytes JMP 75dfb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                0000000075941419 2 bytes JMP 75dfb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                              0000000075941431 2 bytes JMP 75e78ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                              000000007594144a 2 bytes CALL 75dd48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                * 9
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                 00000000759414dd 2 bytes JMP 75e787a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                          00000000759414f5 2 bytes JMP 75e78978 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                 000000007594150d 2 bytes JMP 75e78698 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                          0000000075941525 2 bytes JMP 75e78a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                000000007594153d 2 bytes JMP 75defca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                     0000000075941555 2 bytes JMP 75df68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                              000000007594156d 2 bytes JMP 75e78f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                0000000075941585 2 bytes JMP 75e78ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                   000000007594159d 2 bytes JMP 75e7865c C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                00000000759415b5 2 bytes JMP 75defd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                              00000000759415cd 2 bytes JMP 75dfb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                          00000000759416b2 2 bytes JMP 75e78e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\fkn1337\Desktop\Gmer-19357.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                          00000000759416bd 2 bytes JMP 75e785f1 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----

Library  c:\progra~3\79ee7c2e.dot (*** suspicious ***) @ C:\Windows\system32\svchost.exe [712](2014-11-04 11:57:33)                                         000000007c000000
Library  c:\progra~3\79ee7c2e.dot (*** suspicious ***) @ C:\Windows\Explorer.EXE [1240](2014-11-04 11:57:33)                                                000000007c000000
Library  c:\progra~3\e2c7ee97.cpp (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [3604] (Crypto API32/Microsoft Corporation)(2014-11-04 11:57:28)  0000000000210000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                              unknown MBR code

---- EOF - GMER 2.1 ----
         
 --- --- ---

--- --- ---

schrauber · 06.11.2014, 20:29

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

fkn88 · 06.11.2014, 21:30

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 14-10-29.01 - fkn1337 06.11.2014  21:11:10.1.4 - x64
ausgeführt von:: c:\users\fkn1337\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\alexa toolbar
c:\program files (x86)\alexa toolbar\AlexaToolbar.11.0.dll
c:\program files (x86)\alexa toolbar\AlexaToolbar.11.0.Uninstall.exe
c:\program files (x86)\alexa toolbar\AlexaToolbarSSB2.11.0.dll
c:\program files (x86)\alexa toolbar\AlxSSB2PS.dll
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\programdata\79EE7C2E.dot
c:\programdata\Download kEEpeeR
c:\programdata\E2C7EE97.cpp
c:\users\fkn1337\AppData\Roaming\LiveSupport.exe_log.txt
c:\users\fkn1337\AppData\Roaming\regsvr32.exe_log.txt
c:\windows\wininit.ini
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-06 bis 2014-11-06  ))))))))))))))))))))))))))))))
.
.
2014-11-05 21:55 . 2014-11-05 22:08	--------	d-----w-	C:\FRST
2014-11-05 20:10 . 2014-11-05 20:10	75888	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B759B38-A6A8-4E06-BA0C-FB6E68F13E5E}\offreg.dll
2014-11-05 20:07 . 2014-09-16 18:55	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A18B7B6-A2DD-4347-86BA-71B69D20201F}\gapaengine.dll
2014-11-05 20:07 . 2014-10-14 19:59	11627712	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B759B38-A6A8-4E06-BA0C-FB6E68F13E5E}\mpengine.dll
2014-11-05 15:21 . 2014-10-14 19:59	11627712	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-23 09:58 . 2008-07-12 06:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2014-10-23 09:57 . 2014-10-23 09:57	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2014-10-23 09:57 . 2014-10-23 09:57	--------	d-----w-	c:\program files (x86)\Microsoft Expression
2014-10-17 08:15 . 2014-10-17 08:18	--------	d-----w-	c:\programdata\TrackMania
2014-10-17 08:07 . 2014-10-17 08:08	--------	d-----w-	c:\program files (x86)\TmNationsForever
2014-10-15 07:38 . 2014-07-07 02:06	1480192	----a-w-	c:\windows\system32\crypt32.dll
2014-10-15 07:33 . 2014-09-18 02:00	3241472	----a-w-	c:\windows\system32\msi.dll
2014-10-09 05:23 . 2014-10-09 05:23	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-10-09 05:23 . 2014-07-25 10:55	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:25 . 2010-11-21 03:27	275080	------w-	c:\windows\system32\MpSigStub.exe
2014-10-15 17:55 . 2012-09-16 19:40	103265616	----a-w-	c:\windows\system32\MRT.exe
2014-09-25 02:08 . 2014-10-01 10:39	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 10:39	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-24 15:27 . 2012-06-27 15:12	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 15:27 . 2012-06-27 15:12	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-16 18:55 . 2012-07-03 15:12	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-11 12:24 . 2010-06-24 18:33	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-09 22:11 . 2014-09-24 15:06	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 15:06	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-08-23 02:07 . 2014-08-30 14:00	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-30 14:00	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-05 202096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-02-11 1070160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"VitaKeyTSR"="c:\program files (x86)\Acer Bio Protection\EgisTSR.exe" [2011-01-11 189488]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816]
"NielsenOnline"="c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2014-09-03 91872]
"uni mouse driver"="c:\mouse driver\mouse_driver.exe" [2011-11-09 2972672]
"uni mouse driver tilt"="c:\mouse driver\wh_exec.exe" [2010-10-04 147456]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Del6666531"="del" [X]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\fkn1337\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\fkn1337\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
program.lnk - c:\windows\system32\rundll32.exe c:\progra~3\E2C7EE97.cpp,zSS1 [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe [2014-4-22 1430320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AppObserver;Application creation observer;c:\program files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys;c:\program files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys;c:\program files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Acer Bio Protection\EgisService.exe;c:\program files (x86)\Acer Bio Protection\EgisService.exe [x]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x]
S2 NielsenUpdate;Nielsen Update;c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe;c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys;c:\windows\SYSNATIVE\DRIVERS\whfltr2k.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 15:27]
.
2014-11-06 c:\windows\Tasks\WpsUpdateTask_fkn1337.job
- c:\program files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2013-08-11 12:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\fkn1337\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 392216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 415768]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-22 1796200]
"Media remote"="c:\program files (x86)\Media remote\Media remote.exe" [2011-05-18 1535000]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"ACPW06DE"="c:\program files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" [2012-12-17 1234120]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\fkn1337\AppData\Local\Temp\ie_script.htm
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&CUI=UN39482860273249443&UM=1&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=alxf-2.21&src=ab&aid=hpsbi1Yacy000C&q=
FF - prefs.js: network.proxy.ftp - 188.165.85.115
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 188.165.85.115
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 188.165.85.115
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 188.165.85.115
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: app.update.auto - false
FF - user.js: security.mixed_content.block_active_content - false
FF - user.js: security.mixed_content.block_display_content - false
FF - user.js: app.update.staging.enabled - true
FF - user.js: app.update.interval - 31536000
FF - user.js: app.update.idletime - 31536000
FF - user.js: browser.search.update - false
FF - user.js: browser.search.update.interval - 31536000
FF - user.js: app.update.channel - default
FF - user.js: extensions.getAddons.cache.enabled - false
FF - user.js: app.update.download.backgroundInterval - 31536000
FF - user.js: browser.safebrowsing.appRepURL - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{F443A627-5009-4323-9C1D-7FD598D0D712} - c:\program files (x86)\Alexa Toolbar\AlexaToolbar.11.0.dll
Toolbar-Locked - (no file)
Toolbar-{EA582743-9076-4178-9AA6-7393FDF4D5CE} - c:\program files (x86)\Alexa Toolbar\AlexaToolbar.11.0.dll
Wow6432Node-HKCU-Run-LiveSupport - c:\program files (x86)\LiveSupport\LiveSupport.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Soft-Central SC-PassUnleash - c:\program files (x86)\Soft-Central\SC-PassUnleash\Uninstall
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.032"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.abr"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.apd"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.arw"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.bay"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.cs1"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.dcr"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.djv"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.dng"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.erf"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.fff"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.hdr"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.icn"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.iw4"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.j2c"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jbr"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jif"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpk"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpx"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.mef"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.mos"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.mrw"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.nef"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.nrw"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.orf"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pbr"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pct"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pef"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pic"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pict"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pspbrush"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pspimage"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.raf"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.rw2"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.rwl"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.sr2"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.srf"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.srw"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.thm"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60po"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60pp"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60ppf"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wbm"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xif"
.
[HKEY_USERS\S-1-5-21-707742038-2074413653-2549995330-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\NetRatingsNetSight]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-06  21:28:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-11-06 20:28
.
Vor Suchlauf: 20 Verzeichnis(se), 57,625,272,320 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 57,992,605,696 Bytes frei
.
- - End Of File - - 4E468D13B74E9112813CFEC47C8621EA
         
 --- --- ---

schrauber · 07.11.2014, 19:22

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

fkn88 · 07.11.2014, 23:55

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 07.11.2014
Suchlauf-Zeit: 19:36:40
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.07.04
Rootkit Datenbank: v2014.11.01.02
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: fkn1337

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 387497
Verstrichene Zeit: 21 Min, 32 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 11
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}, In Quarantäne, [a749b682bebe33036c0dd21908fa50b0], 
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}, In Quarantäne, [fff1de5ad4a8a393f189bd2ec43eb54b], 
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F443A627-5009-4323-9C1D-7FD598D0D712}, In Quarantäne, [fff1de5ad4a8a393f189bd2ec43eb54b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPly, In Quarantäne, [1dd3c27647352f078d8a61ec966d51af], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, In Quarantäne, [50a059df6c10d95d99374ffe22e1f50b], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\S-5920013820, In Quarantäne, [21cfbb7d99e3d75fb7669da7b44fca36], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [06ea57e1126a68ceabb49ee19e664bb5], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-707742038-2074413653-2549995330-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, In Quarantäne, [f0002a0e2d4f48ee5f87bbc8e0242dd3], 
PUP.Optional.DealPly.A, HKU\S-1-5-21-707742038-2074413653-2549995330-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, In Quarantäne, [da16ea4e98e45bdbc8097cd1c83bf808], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-707742038-2074413653-2549995330-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, In Quarantäne, [e50b55e37507a096441a750a8084b749], 
PUP.Optional.DealPly.A, HKU\S-1-5-21-707742038-2074413653-2549995330-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, In Quarantäne, [42ae10287a02d066329f80cd43c04db3], 

Registrierungswerte: 4
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{EA582743-9076-4178-9AA6-7393FDF4D5CE}, In Quarantäne, [a749b682bebe33036c0dd21908fa50b0], 
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{EA582743-9076-4178-9AA6-7393FDF4D5CE}, In Quarantäne, [e010999f3745290d93e6905b4db505fb], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {78CC84B9-BFD3-428B-ACB6-876A0C213A58}, In Quarantäne, [06ea57e1126a68ceabb49ee19e664bb5]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-707742038-2074413653-2549995330-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {78CC84B9-BFD3-428B-ACB6-876A0C213A58}, In Quarantäne, [e50b55e37507a096441a750a8084b749]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 4
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly, In Quarantäne, [b73976c2d0acc175b11a4f2e9b69b14f], 
PUP.Optional.DealPly.A, C:\Users\fkn1337\AppData\Roaming\DealPly, In Quarantäne, [1fd142f680fc73c3097432cb9072a55b], 
PUP.Optional.DealPly.A, C:\Users\fkn1337\AppData\Roaming\DealPly\UpdateProc, In Quarantäne, [1fd142f680fc73c3097432cb9072a55b], 
PUP.Optional.Optimizerpro, C:\ProgramData\WinterSoft\OptimizerPro, In Quarantäne, [9f510434cfad1224e9e62ad4748e28d8], 

Dateien: 16
PUP.Optional.InstalleRex, C:\ProgramData\InstallMate\{C857AD14-8EA5-4C51-AEBA-C68713B48FE2}\Custom.dll, In Quarantäne, [2dc376c279038fa7bc29c6856998a55b], 
PUP.PasswordSpy, C:\Users\fkn1337\Downloads\SC-PassUnleash.exe, In Quarantäne, [549ce6526715a690df357acba35f28d8], 
PUP.RiskwareTool.CK, C:\Users\fkn1337\Downloads\WinRAR_5.01_DE_Final.zip, In Quarantäne, [b33dd3655725f541360cfc1e639faa56], 
PUP.MailPassView, C:\Users\fkn1337\Downloads\mailpv.zip, In Quarantäne, [658bdb5d4c308ea84926d4793fc660a0], 
PUP.MailPassView, C:\Users\fkn1337\Downloads\pstpassword_setup1.6.exe, In Quarantäne, [549c49ef423a5bdb3dd8c6c1a85839c7], 
PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPly, In Quarantäne, [7c74fd3b73097db9f8b8420325de6b95], 
PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyUpdate, In Quarantäne, [6c8475c33e3e60d6555b24215fa4fb05], 
PUP.Optional.SweetIM.A, C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\searchplugins\sweetim.xml, In Quarantäne, [f1ffe4547efe95a16413bf924ab9f10f], 
PUP.Optional.Conduit.A, C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\searchplugins\conduit.xml, In Quarantäne, [08e8fa3eafcd1125bcddc499659e23dd], 
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, In Quarantäne, [b73976c2d0acc175b11a4f2e9b69b14f], 
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk, In Quarantäne, [b73976c2d0acc175b11a4f2e9b69b14f], 
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk, In Quarantäne, [b73976c2d0acc175b11a4f2e9b69b14f], 
PUP.Optional.DealPly.A, C:\Users\fkn1337\AppData\Roaming\DealPly\UpdateProc\config.dat, In Quarantäne, [1fd142f680fc73c3097432cb9072a55b], 
PUP.Optional.Babylon.A, C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtkDS", 0);), Ersetzt,[13dd4cec3f3df1459d6e6d0826df619f]
PUP.Optional.Babylon.A, C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\prefs.js, Gut: (), Schlecht: (Preferences

/* Do not edit this file.
 *
 * If), Ersetzt,[7b7555e31b615fd725e6d69fd82dba46]
PUP.Optional.Conduit.A, C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&CUI=UN39482860273249443&UM=1&SearchSource=3&q={searchTerms}");), Ersetzt,[48a8300847355adc78f0babbc1440df3]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

nach dem Neustart kommt nun folgende Popup Fehlermeldung:
Fenster:RunDLL
Problem beim Starten von C:\PROGRA~3\E2C7EE97.cpp
Das angegebene Modul wurde nicht gefunden

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.002 - Bericht erstellt am 07/11/2014 um 23:18:27
# DB v2014-11-02.1
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : fkn1337 - FKN1337-LAPTOP
# Gestartet von : C:\Users\fkn1337\Desktop\AdwCleaner_4.002.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Users\fkn1337\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\fkn1337\Documents\Optimizer Pro
Ordner Gelöscht : C:\ProgramData\WinterSoft
Ordner Gelöscht : C:\ProgramData\50CoupeoonS
Ordner Gelöscht : C:\Program Files (x86)\50CoupeoonS
Ordner Gelöscht : C:\ProgramData\RandommPrrice
Ordner Gelöscht : C:\Program Files (x86)\RandommPrrice
Ordner Gelöscht : C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\sparpilot@sparpilot.com
Datei Gelöscht : C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\toolbar@alexa.com.xpi
Datei Gelöscht : C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\invalidprefs.js
Datei Gelöscht : C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\user.js

***** [ Tasks ] *****

Task Gelöscht : Dealply
Task Gelöscht : DealPlyUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\50Coupoonss.50Coupoonss
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\50Coupoonss.50Coupoonss.1.8
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RuAndOmPirice.RuAndOmPirice
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RuAndOmPirice.RuAndOmPirice.6.1
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{008F6853-9CB4-41C5-A950-39D55E5E06BA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1D491CD-49E3-3C10-1123-918F78A985CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D9BCF512-EB78-F921-C6C7-AEA63BE0CB09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1D491CD-49E3-3C10-1123-918F78A985CD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D9BCF512-EB78-F921-C6C7-AEA63BE0CB09}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C32F5BF7-6918-4F78-A97A-53CDF7D07C8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1D491CD-49E3-3C10-1123-918F78A985CD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D9BCF512-EB78-F921-C6C7-AEA63BE0CB09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1D491CD-49E3-3C10-1123-918F78A985CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D9BCF512-EB78-F921-C6C7-AEA63BE0CB09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A1D491CD-49E3-3C10-1123-918F78A985CD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{D9BCF512-EB78-F921-C6C7-AEA63BE0CB09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\SP Global
Schlüssel Gelöscht : HKLM\SOFTWARE\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.2 (x86 de)

[rypyufay.default] - Zeile gelöscht : user_pref("CT3282494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376303600108,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[rypyufay.default] - Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3282494&CUI=UN39482860273249443&UM=1&SearchSource=13");
[rypyufay.default] - Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "NCH DE Customized Web Search");
[rypyufay.default] - Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&SearchSource=2&CUI=UN39482860273249443&UM=1&q=");
[rypyufay.default] - Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.sweetim.com/search.asp?barid={78CC84B9-BFD3-428B-ACB6-876A0C213A58}&src=2&q=");
[rypyufay.default] - Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3282494");
[rypyufay.default] - Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
[rypyufay.default] - Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false);
[rypyufay.default] - Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "NCH DE Customized Web Search");
[rypyufay.default] - Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&CUI=UN39482860273249443&UM=1&SearchSource=3&q={searchTerms}");
[rypyufay.default] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
[rypyufay.default] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
[rypyufay.default] - Zeile gelöscht : user_pref("extensions.Lc1ytvB7_VKX.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3[...]
[rypyufay.default] - Zeile gelöscht : user_pref("extensions.P60Vg1M.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)re[...]
[rypyufay.default] - Zeile gelöscht : user_pref("extensions.alexa.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\n  <replacements>\n    <replacement>\n      <key><![CDATA[__REGION__PLACEHOLDER__]]></key>\n      <v[...]
[rypyufay.default] - Zeile gelöscht : user_pref("extensions.pgw6NV94ZAd.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");sc[...]
[rypyufay.default] - Zeile gelöscht : user_pref("smartbar.machineId", "EEBGGEYFCJLOCSS4BPNMZYCN5YIECA4QT1BDHCOERPPSLNN3HW4OQXMPEFNAMP1BMEI7GCTHGHDS3S1LD46P/G");
[rypyufay.default] - Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
[rypyufay.default] - Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
[rypyufay.default] - Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
[rypyufay.default] - Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[rypyufay.default] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[rypyufay.default] - Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
[rypyufay.default] - Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
[rypyufay.default] - Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R0].txt - [13845 octets] - [07/11/2014 21:31:58]
AdwCleaner[S0].txt - [13244 octets] - [07/11/2014 23:18:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13305 octets] ##########

--- --- ---

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Windows 7 Home Premium x64
Ran by fkn1337 on 07.11.2014 at 23:36:32.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\fkn1337\appdata\local\thinstall"
Successfully deleted: [Folder] "C:\Program Files (x86)\ss.helper"
Successfully deleted: [Empty Folder] C:\Users\fkn1337\appdata\local\{03946146-3A48-45A2-A9D8-A208C9D88C3B}
Successfully deleted: [Empty Folder] C:\Users\fkn1337\appdata\local\{186AD5EF-8277-42A1-8844-7E3EC77228C4}
Successfully deleted: [Empty Folder] C:\Users\fkn1337\appdata\local\{321A77FE-DEFF-4C37-A720-6C72E552692E}
Successfully deleted: [Empty Folder] C:\Users\fkn1337\appdata\local\{426CAF5F-39C3-4018-82C1-FE90B2AE8C4E}
Successfully deleted: [Empty Folder] C:\Users\fkn1337\appdata\local\{703AD049-2253-4BC0-BA24-19A877D5C4E1}
Successfully deleted: [Empty Folder] C:\Users\fkn1337\appdata\local\{7FF927BF-0C37-4FBB-A687-DEA92C30EC2A}
Successfully deleted: [Empty Folder] C:\Users\fkn1337\appdata\local\{9D377E00-EB1A-446D-9E9A-73DED8CEBE17}
Successfully deleted: [Empty Folder] C:\Users\fkn1337\appdata\local\{A9648A48-DC0A-4D6E-A121-E7CDD3687DBD}
Successfully deleted: [Empty Folder] C:\Users\fkn1337\appdata\local\{C61BBE89-2BE3-4437-8625-8C718FDECE00}
Successfully deleted: [Empty Folder] C:\Users\fkn1337\appdata\local\{D8015CB6-78F1-42D0-9FC2-630DBFF45FCF}
Successfully deleted: [Empty Folder] C:\Users\fkn1337\appdata\local\{D884FF78-0444-4898-9384-E928D64FF261}
Successfully deleted: [Empty Folder] C:\Users\fkn1337\appdata\local\{DB587F2F-56EF-4F0E-A6DC-9686D16C540D}
Successfully deleted: [Empty Folder] C:\Users\fkn1337\appdata\local\{ECE7F1F9-2E1C-4E27-927E-47C80E3A9C6A}



~~~ FireFox

Successfully deleted the following from C:\Users\fkn1337\AppData\Roaming\mozilla\firefox\profiles\rypyufay.default\prefs.js

user_pref("extensions.alexa.active-buttons.hs", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<buttons>\n  <title>Hot Searches</title>\n  <id>hs</id>\n  <button id=\"hs\">\n   
user_pref("extensions.alexa.searchconf", "{\n  \"google\" : {\n     \"urlexp\" : \"hxxp(?:s)?:\\\\/\\\\/(?:www[0-9]*\\\\.|encrypted\\\\.)(?:l\\\\.)?google\\\\..*\\\\/.*[?#&]q=
user_pref("extensions.pgw6NV94ZAd.epoch", "1382764642");
user_pref("extensions.pgw6NV94ZAd.url", "hxxp://getjpit.info/sync2/?q=hfZ9oemKA6aMCyVUojw6pjkMg708BNmGWj8wmihGheDUojwHrjaGrjw7qjs8pihIC7n0rjrFrds8rdkFqHsHtNhVCT94tMVKhd9HrTwGq
Emptied folder: C:\Users\fkn1337\AppData\Roaming\mozilla\firefox\profiles\rypyufay.default\minidumps [385 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.11.2014 at 23:39:11.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by fkn1337 (administrator) on FKN1337-LAPTOP on 07-11-2014 23:54:05
Running from C:\Users\fkn1337\Desktop\BKA Trojaner bekämpfen
Loaded Profiles: UpdatusUser & fkn1337 (Available profiles: UpdatusUser & fkn1337)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files (x86)\Media remote\Media remote.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dropbox, Inc.) C:\Users\fkn1337\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
() C:\Mouse driver\mouse_driver.exe
() C:\Mouse driver\wh_exec.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\NielsenOnline64.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [Media remote] => C:\Program Files (x86)\Media remote\Media remote.exe [1535000 2011-05-18] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ACPW06DE] => C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1234120 2012-12-17] (ACD Systems)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1070160 2011-02-11] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe [189488 2011-01-11] (Egis Technology Inc. )
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [91872 2014-09-03] (The Nielsen Company)
HKLM-x32\...\Run: [uni mouse driver] => C:\Mouse driver\mouse_driver.exe [2972672 2011-11-09] ()
HKLM-x32\...\Run: [uni mouse driver tilt] => C:\Mouse driver\wh_exec.exe [147456 2010-10-05] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-707742038-2074413653-2549995330-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default øn                                   
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [Del6666531] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\fkn1337\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\fkn1337\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\fkn1337\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\E2C7EE97.cpp (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2750E6AEB337CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-707742038-2074413653-2549995330-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default
FF DefaultSearchEngine,S: 
FF SearchEngineOrder.1: 
FF SearchEngineOrder.1,S: 
FF SelectedSearchEngine,S: 
FF Homepage: about:home
FF Keyword.URL: hxxp://search.toolbars.alexa.com/?ver=alxf-2.21&src=ab&aid=hpsbi1Yacy000C&q=
FF NetworkProxy: "ftp", "188.165.85.115"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "188.165.85.115"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "188.165.85.115"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "188.165.85.115"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\searchplugins\web-search-powered-by-google.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TabGroups Manager - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8} [2013-08-26]
FF Extension: Webmail Ad Blocker - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\gmailnoads@mywebber.com.xpi [2013-10-24]
FF Extension: Boerse.bz Bypass - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\jid1-vasLCl9ZsexfAQ@jetpack.xpi [2014-07-18]
FF Extension: PageRank - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\PageRank@addonfactory.in.xpi [2013-08-12]
FF Extension: Stealthy - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\stealthyextension@gmail.com.xpi [2013-07-19]
FF Extension: {66003e34-9cf3-45fa-b936-cc5878bedac3} - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\{66003e34-9cf3-45fa-b936-cc5878bedac3}.xpi [2014-09-29]
FF Extension: SearchStatus - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2013-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt
FF Extension:  Password Bank Extension  - C:\Program Files (x86)\Acer Bio Protection\FFExt [2012-05-25]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF Extension: Nielsen NetSight - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi [2014-11-07]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\fkn1337\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-09-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [318000 2011-01-11] (Egis Technology Inc. )
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2932448 2014-09-03] (The Nielsen Company)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-12-18] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2012-12-18] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AppObserver; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [15584 2014-09-03] (The Nielsen Company)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [26848 2014-09-03] (The Nielsen Company)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)
R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
R3 whfltr2k; C:\Windows\SysWOW64\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 23:36 - 2014-11-07 23:36 - 00000000 ____D () C:\Windows\ERUNT
2014-11-07 21:31 - 2014-11-07 23:18 - 00000000 ____D () C:\AdwCleaner
2014-11-07 19:34 - 2014-11-07 23:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-07 19:33 - 2014-11-07 19:33 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-07 19:33 - 2014-11-07 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-07 19:33 - 2014-11-07 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-07 19:33 - 2014-11-07 19:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-07 19:33 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-07 19:33 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-07 19:33 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-07 09:25 - 2014-11-07 09:18 - 00199119 _____ () C:\Users\fkn1337\Desktop\der shit.odt
2014-11-06 21:07 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-06 21:07 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-06 21:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-06 21:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-06 21:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-06 21:07 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-06 21:07 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-06 21:07 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-06 21:06 - 2014-11-06 21:28 - 00000000 ____D () C:\Qoobox
2014-11-06 21:05 - 2014-11-06 21:25 - 00000000 ____D () C:\Windows\erdnt
2014-11-06 21:04 - 2014-11-07 23:54 - 00000000 ____D () C:\Users\fkn1337\Desktop\BKA Trojaner bekämpfen
2014-11-06 10:52 - 2014-11-06 11:39 - 00000091 _____ () C:\Users\fkn1337\Desktop\Neues Textdokument (3).txt
2014-11-06 00:13 - 2014-11-06 00:13 - 00001604 _____ () C:\Users\fkn1337\Desktop\Neues Textdokument (2).txt
2014-11-05 22:55 - 2014-11-07 23:54 - 00000000 ____D () C:\FRST
2014-11-05 22:54 - 2014-11-05 22:54 - 00000000 _____ () C:\Users\fkn1337\defogger_reenable
2014-11-05 21:03 - 2014-11-05 21:03 - 00387584 _____ () C:\Users\fkn1337\Downloads\rescue2usb.exe
2014-11-05 20:56 - 2014-11-05 20:58 - 310095872 _____ () C:\Users\fkn1337\Downloads\kav_rescue_10.iso
2014-11-05 19:27 - 2014-11-07 23:19 - 00000616 _____ () C:\Windows\setupact.log
2014-11-05 19:27 - 2014-11-05 19:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-04 17:46 - 2014-11-06 12:21 - 00059392 _____ () C:\Users\fkn1337\Documents\4.wps
2014-10-28 08:23 - 2014-10-27 14:48 - 00000000 ____D () C:\Users\fkn1337\Downloads\The.Big.Bang.Theory.S07E21.Schulmaedchenreport.GERMAN.DUBBED.BLURAYRiP.x264-SOF
2014-10-28 08:21 - 2014-10-28 08:23 - 197037024 _____ () C:\Users\fkn1337\Downloads\tbbt.s07e21.rar
2014-10-27 09:15 - 2014-10-27 09:29 - 00010240 _____ () C:\Users\fkn1337\Desktop\Microsoft Excel Document (neu).xls
2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ___SD () C:\Users\fkn1337\Documents\My Web Sites
2014-10-23 10:58 - 2008-07-12 07:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-10-23 10:57 - 2014-10-23 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2014-10-23 10:57 - 2014-10-23 10:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-10-23 10:57 - 2014-10-23 10:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Expression
2014-10-23 10:25 - 2014-10-23 10:36 - 103542856 _____ (Microsoft Corporation) C:\Users\fkn1337\Downloads\Web_Trial_en.exe
2014-10-17 09:15 - 2014-10-17 09:18 - 00000000 ____D () C:\ProgramData\TrackMania
2014-10-17 09:09 - 2014-10-21 09:47 - 00000000 ____D () C:\Users\fkn1337\Documents\TrackMania
2014-10-17 09:08 - 2014-10-17 09:08 - 00001112 _____ () C:\Users\Public\Desktop\TmNationsForever.lnk
2014-10-17 09:08 - 2014-10-17 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
2014-10-17 09:07 - 2014-10-17 09:08 - 00000000 ____D () C:\Program Files (x86)\TmNationsForever
2014-10-15 15:10 - 2014-10-15 15:10 - 03666100 _____ () C:\Users\fkn1337\Downloads\Einfuehrung.Perl.rar
2014-10-15 15:09 - 2014-10-15 15:10 - 16582516 _____ () C:\Users\fkn1337\Downloads\Programmieren.lernen.Perl.rar
2014-10-15 08:39 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 08:39 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 08:39 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 08:39 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 08:39 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 08:39 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 08:39 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 08:39 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 08:39 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 08:39 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 08:39 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 08:39 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 08:39 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 08:38 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 08:38 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 08:38 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 08:38 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 08:38 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 08:38 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 08:38 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 08:38 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 08:38 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 08:38 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 08:38 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 08:38 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 08:38 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 08:38 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 08:38 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 08:38 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 08:38 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 08:38 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 08:38 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 08:38 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 08:38 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 08:38 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 08:38 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 08:38 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 08:38 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 08:38 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 08:38 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 08:38 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 08:38 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 08:38 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 08:38 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 08:38 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 08:38 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 08:38 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 08:38 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 08:38 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 08:38 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 08:38 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 08:38 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 08:38 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 08:38 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 08:38 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 08:38 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 08:38 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 08:38 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 08:38 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 08:38 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 08:38 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 08:38 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 08:38 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 08:38 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 08:38 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 08:38 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 08:38 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 08:38 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 08:38 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 08:38 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 08:38 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 08:38 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 08:38 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 08:38 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 08:38 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 08:38 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 08:38 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 08:38 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 08:38 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 08:38 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 08:38 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 08:38 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 08:38 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 08:38 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 08:38 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 08:38 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 08:38 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 08:38 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 08:38 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 08:38 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 08:38 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 08:38 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 08:38 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 08:38 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 08:38 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 08:38 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 08:33 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 08:33 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 08:33 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 08:33 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 08:33 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 08:33 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 08:33 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 08:33 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 08:33 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 08:33 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 08:33 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 08:33 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 08:33 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 08:33 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 08:33 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 08:33 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 10:59 - 2014-10-14 11:07 - 00000000 ____D () C:\Users\fkn1337\Documents\Adobe
2014-10-14 09:51 - 2014-10-14 10:13 - 00000000 ____D () C:\Users\fkn1337\Desktop\BESTofSEEED,Culcha USW
2014-10-09 06:23 - 2014-07-25 11:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-09 06:23 - 2014-07-25 11:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-09 06:23 - 2014-07-25 11:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-09 06:23 - 2014-07-25 11:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-09 06:22 - 2014-10-09 06:23 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 23:46 - 2013-12-01 19:12 - 00000378 _____ () C:\Windows\Tasks\WpsUpdateTask_fkn1337.job
2014-11-07 23:27 - 2012-06-27 16:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-07 23:27 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 23:27 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 23:25 - 2012-05-25 18:43 - 00702366 _____ () C:\Windows\system32\perfh007.dat
2014-11-07 23:25 - 2012-05-25 18:43 - 00151000 _____ () C:\Windows\system32\perfc007.dat
2014-11-07 23:25 - 2009-07-14 06:13 - 01628802 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 23:21 - 2013-05-13 12:09 - 00000000 ___RD () C:\Users\fkn1337\Dropbox
2014-11-07 23:21 - 2013-05-13 12:06 - 00000000 ____D () C:\Users\fkn1337\AppData\Roaming\Dropbox
2014-11-07 23:20 - 2012-05-25 09:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-11-07 23:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 23:19 - 2012-05-25 08:50 - 01441263 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 23:19 - 2010-11-21 04:47 - 00123588 _____ () C:\Windows\PFRO.log
2014-11-07 21:25 - 2013-11-14 12:09 - 04320256 ___SH () C:\Users\fkn1337\Desktop\Thumbs.db
2014-11-07 00:59 - 2012-10-21 23:08 - 00000000 ____D () C:\Users\fkn1337\AppData\Roaming\vlc
2014-11-06 21:28 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-06 21:21 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-06 21:17 - 2009-07-14 03:34 - 85196800 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-11-06 21:17 - 2009-07-14 03:34 - 24117248 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-11-06 21:17 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-11-06 21:17 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-11-06 21:17 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-11-06 16:58 - 2012-06-26 18:56 - 00000000 ____D () C:\Users\fkn1337
2014-11-06 11:58 - 2012-09-14 06:29 - 00000000 ____D () C:\Users\fkn1337\Documents\Schule
2014-11-05 22:12 - 2013-06-21 10:01 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-11-05 16:33 - 2012-10-16 06:07 - 00000000 ____D () C:\Windows\Minidump
2014-11-05 16:20 - 2012-11-07 11:17 - 00000000 ____D () C:\Users\fkn1337\AppData\Roaming\VMware
2014-11-05 16:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-05 16:18 - 2012-11-19 09:40 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2
2014-11-05 09:20 - 2013-03-01 09:53 - 00000192 _____ () C:\Users\fkn1337\.packettracer
2014-11-03 10:32 - 2012-11-07 11:17 - 00000000 ____D () C:\Users\fkn1337\AppData\Local\VMware
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 11:57 - 2014-07-24 12:51 - 00000000 ____D () C:\Users\fkn1337\AppData\Local\Eclipse
2014-10-27 11:57 - 2013-03-14 07:32 - 00000000 ____D () C:\Users\fkn1337\workspace
2014-10-27 11:56 - 2014-07-24 12:49 - 00000000 ____D () C:\Users\fkn1337\Downloads\eclipse
2014-10-25 15:47 - 2013-11-12 13:21 - 00000000 ____D () C:\Users\fkn1337\AppData\Local\CutePDF Writer
2014-10-23 09:32 - 2013-10-02 12:53 - 00010112 _____ () C:\Users\fkn1337\Documents\inseln_ferienhaus_02_10_2013.mwb
2014-10-21 13:33 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-21 09:39 - 2012-06-26 18:56 - 00000000 ____D () C:\Users\fkn1337\AppData\Local\VirtualStore
2014-10-19 14:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 09:09 - 2011-07-08 10:46 - 00261727 _____ () C:\Windows\DirectX.log
2014-10-16 06:14 - 2009-07-14 05:45 - 00525704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 06:12 - 2014-05-08 09:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 06:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 06:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 19:11 - 2013-07-15 01:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 18:55 - 2012-09-16 20:40 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 11:31 - 2014-08-01 15:06 - 00001456 _____ () C:\Users\fkn1337\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-10-14 11:07 - 2012-06-26 20:31 - 00000000 ____D () C:\Users\fkn1337\AppData\Roaming\Adobe
2014-10-14 08:50 - 2013-02-12 21:43 - 00000000 ____D () C:\Users\fkn1337\RAR_DL
2014-10-14 08:49 - 2012-10-10 20:03 - 00000000 ____D () C:\Users\fkn1337\Downloads\sft-loader_2009_final
2014-10-09 07:50 - 2013-04-22 08:54 - 00000000 ____D () C:\Users\fkn1337\AppData\Roaming\Origin
2014-10-09 07:50 - 2013-04-22 08:53 - 00000000 ____D () C:\Users\fkn1337\AppData\Local\Origin
2014-10-09 07:50 - 2013-04-22 08:51 - 00000000 ____D () C:\ProgramData\Origin
2014-10-09 07:50 - 2013-04-22 08:51 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-09 07:22 - 2013-10-02 12:53 - 00009070 _____ () C:\Users\fkn1337\Documents\inseln_ferienhaus_02_10_2013.mwb.bak
2014-10-09 06:23 - 2013-10-21 17:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-09 06:23 - 2013-06-25 11:13 - 00000000 ____D () C:\Program Files (x86)\Java

Files to move or delete:
====================
C:\Users\fkn1337\Aufgabe2_OTTO.bat
C:\Users\fkn1337\aufgabe3.bat
C:\Users\fkn1337\parameter.bat
C:\Users\fkn1337\XXX.bat


Some content of TEMP:
====================
C:\Users\fkn1337\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqnizzg.dll
C:\Users\fkn1337\AppData\Local\Temp\Quarantine.exe
C:\Users\fkn1337\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 23:22

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 08.11.2014, 20:13

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

fkn88 · 09.11.2014, 21:13

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=41217
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9819cd866542924c93eefb3f35198982
# engine=21002
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-09 06:48:01
# local_time=2014-11-09 07:48:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5006962 86852503 0 0
# scanned=417544
# found=15
# cleaned=0
# scan_time=11386
sh=BFD8A26181AFFB72F9FEF26B2BE1C8F3B9DE296D ft=1 fh=53e67809c66d4c97 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ToneGen\tonegen.exe.vir"
sh=F5D7AECBB87BD7BDF3A0D848650656F75E8CA259 ft=1 fh=525d7ba03b997dc8 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ToneGen\tonegensetup_v3.04.exe.vir"
sh=B18283D4AB7C4C55489170411FDA901AFD0F2000 ft=1 fh=facb85190e963a31 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\fkn1337\AppData\Roaming\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe.vir"
sh=69A35E782A90296DC01CD4184D2775CE1A35C4B2 ft=1 fh=7f4a4e7ae8724a95 vn="Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir"
sh=34F2250D95985E2EEEE0F3CA484EFBBC1B592F74 ft=0 fh=0000000000000000 vn="Win32/DealPly.E evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPly.crx.vir"
sh=649F4CCE28FE3CD7F7D0706027204193EED61493 ft=1 fh=973be198391fcc76 vn="Win32/DealPly.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdate.exe.vir"
sh=46511245FAEE07E002BCCA6BA42FE4534642C2D7 ft=1 fh=89223efb08132e7c vn="Win32/DealPly.C evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdateRun.exe.vir"
sh=9F5E851F9B8D7D64D9D3E014E4DE8BB2E8879FD2 ft=1 fh=3901385202cafc7a vn="Win32/DealPly.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\uninst.exe.vir"
sh=EF78922A3DE3DA456AD172E159DFA5B68F4A468E ft=1 fh=4ffdcf97b7e1f546 vn="Variante von Win64/Kryptik.GK Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\79EE7C2E.dot.vir"
sh=C03EB4F7D78AA5261A0BBF60C4A79DA58EF1C21B ft=1 fh=704bdf8d714e47d5 vn="Win32/Reveton.AJ Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\E2C7EE97.cpp.vir"
sh=C1108D2255ED070A9EDD319BDD36863A0444D7FA ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NHV Trojaner" ac=I fn="C:\Users\fkn1337\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5A4MEZ92\wovbalek4y[1].htm"
sh=B2583270F13E0999A8A3E97F6FB6B6F697C43ADD ft=1 fh=78322c249151abbd vn="Variante von Win32/WinloadSDA.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\fkn1337\Downloads\Android-Emulator-fr-Windows-lnstall.exe"
sh=98A47927A1DC407DF09EE8EAAEF7FE51BE5C1DDA ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\fkn1337\Downloads\NCH Express Burn v4.40\NCH_Express_Burn_v4.40.rar"
sh=7B2DAD01E834D3B9D539418B91FF11FC9AA8797F ft=1 fh=7048dab13d9b4348 vn="Variante von Win32/Toolbar.Conduit.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\fkn1337\Downloads\NCH Express Burn v4.40\NCH Express Burn 4.40\Express Burn Disc Burning Software.exe"
sh=FD8A034813BDF33E0E475DC45C7CECB6DFD42279 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\fkn1337\Downloads\NCH.WavePad.Sound.Editor.Masters.Edition.v5.48-LAXiTY\lxnws548.zip"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java-Editor 11.29a, 2013.01.14   
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 32.0.2 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 NetRatingsNetSight NetSight nielsenonline.exe  
 NetRatingsNetSight NetSight meter1 NielsenOnline64.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by fkn1337 (administrator) on FKN1337-LAPTOP on 09-11-2014 21:00:55
Running from C:\Users\fkn1337\Desktop\BKA Trojaner bekämpfen
Loaded Profiles: UpdatusUser & fkn1337 (Available profiles: UpdatusUser & fkn1337)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files (x86)\Media remote\Media remote.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dropbox, Inc.) C:\Users\fkn1337\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
() C:\Mouse driver\mouse_driver.exe
() C:\Mouse driver\wh_exec.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\NielsenOnline64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [Media remote] => C:\Program Files (x86)\Media remote\Media remote.exe [1535000 2011-05-18] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ACPW06DE] => C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1234120 2012-12-17] (ACD Systems)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1070160 2011-02-11] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe [189488 2011-01-11] (Egis Technology Inc. )
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [91872 2014-09-03] (The Nielsen Company)
HKLM-x32\...\Run: [uni mouse driver] => C:\Mouse driver\mouse_driver.exe [2972672 2011-11-09] ()
HKLM-x32\...\Run: [uni mouse driver tilt] => C:\Mouse driver\wh_exec.exe [147456 2010-10-05] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-707742038-2074413653-2549995330-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default øn                                   
HKU\S-1-5-21-707742038-2074413653-2549995330-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-09-11] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [Del6666531] => cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" <===== ATTENTION
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\fkn1337\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\fkn1337\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\fkn1337\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2750E6AEB337CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-707742038-2074413653-2549995330-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default
FF DefaultSearchEngine,S: 
FF SearchEngineOrder.1: 
FF SearchEngineOrder.1,S: 
FF SelectedSearchEngine,S: 
FF Homepage: about:home
FF Keyword.URL: hxxp://search.toolbars.alexa.com/?ver=alxf-2.21&src=ab&aid=hpsbi1Yacy000C&q=
FF NetworkProxy: "ftp", "188.165.85.115"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "188.165.85.115"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "188.165.85.115"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "188.165.85.115"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\searchplugins\web-search-powered-by-google.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TabGroups Manager - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8} [2013-08-26]
FF Extension: Webmail Ad Blocker - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\gmailnoads@mywebber.com.xpi [2013-10-24]
FF Extension: Boerse.bz Bypass - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\jid1-vasLCl9ZsexfAQ@jetpack.xpi [2014-07-18]
FF Extension: PageRank - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\PageRank@addonfactory.in.xpi [2013-08-12]
FF Extension: Stealthy - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\stealthyextension@gmail.com.xpi [2013-07-19]
FF Extension: {66003e34-9cf3-45fa-b936-cc5878bedac3} - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\{66003e34-9cf3-45fa-b936-cc5878bedac3}.xpi [2014-09-29]
FF Extension: SearchStatus - C:\Users\fkn1337\AppData\Roaming\Mozilla\Firefox\Profiles\rypyufay.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2013-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt
FF Extension:  Password Bank Extension  - C:\Program Files (x86)\Acer Bio Protection\FFExt [2012-05-25]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF Extension: Nielsen NetSight - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi [2014-11-09]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\fkn1337\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-09-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [318000 2011-01-11] (Egis Technology Inc. )
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2932448 2014-09-03] (The Nielsen Company)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-12-18] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2012-12-18] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AppObserver; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [15584 2014-09-03] (The Nielsen Company)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [26848 2014-09-03] (The Nielsen Company)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)
R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
R3 whfltr2k; C:\Windows\SysWOW64\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 21:01 - 2014-11-09 21:01 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ikeildnw.sys
2014-11-09 16:05 - 2014-11-09 16:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-07 23:36 - 2014-11-07 23:36 - 00000000 ____D () C:\Windows\ERUNT
2014-11-07 21:31 - 2014-11-07 23:18 - 00000000 ____D () C:\AdwCleaner
2014-11-07 19:33 - 2014-11-07 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-07 09:25 - 2014-11-07 09:18 - 00199119 _____ () C:\Users\fkn1337\Desktop\der shit.odt
2014-11-06 21:07 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-06 21:07 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-06 21:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-06 21:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-06 21:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-06 21:07 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-06 21:07 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-06 21:07 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-06 21:06 - 2014-11-06 21:28 - 00000000 ____D () C:\Qoobox
2014-11-06 21:05 - 2014-11-06 21:25 - 00000000 ____D () C:\Windows\erdnt
2014-11-06 21:04 - 2014-11-09 21:00 - 00000000 ____D () C:\Users\fkn1337\Desktop\BKA Trojaner bekämpfen
2014-11-06 10:52 - 2014-11-06 11:39 - 00000091 _____ () C:\Users\fkn1337\Desktop\Neues Textdokument (3).txt
2014-11-06 00:13 - 2014-11-06 00:13 - 00001604 _____ () C:\Users\fkn1337\Desktop\Neues Textdokument (2).txt
2014-11-05 22:55 - 2014-11-09 21:00 - 00000000 ____D () C:\FRST
2014-11-05 22:54 - 2014-11-05 22:54 - 00000000 _____ () C:\Users\fkn1337\defogger_reenable
2014-11-05 21:03 - 2014-11-05 21:03 - 00387584 _____ () C:\Users\fkn1337\Downloads\rescue2usb.exe
2014-11-05 20:56 - 2014-11-05 20:58 - 310095872 _____ () C:\Users\fkn1337\Downloads\kav_rescue_10.iso
2014-11-05 19:27 - 2014-11-09 15:53 - 00000672 _____ () C:\Windows\setupact.log
2014-11-05 19:27 - 2014-11-05 19:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-04 17:46 - 2014-11-06 12:21 - 00059392 _____ () C:\Users\fkn1337\Documents\4.wps
2014-10-28 08:23 - 2014-10-27 14:48 - 00000000 ____D () C:\Users\fkn1337\Downloads\The.Big.Bang.Theory.S07E21.Schulmaedchenreport.GERMAN.DUBBED.BLURAYRiP.x264-SOF
2014-10-28 08:21 - 2014-10-28 08:23 - 197037024 _____ () C:\Users\fkn1337\Downloads\tbbt.s07e21.rar
2014-10-27 09:15 - 2014-10-27 09:29 - 00010240 _____ () C:\Users\fkn1337\Desktop\Microsoft Excel Document (neu).xls
2014-10-23 11:04 - 2014-10-23 11:04 - 00000000 ___SD () C:\Users\fkn1337\Documents\My Web Sites
2014-10-23 10:58 - 2008-07-12 07:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-10-23 10:57 - 2014-10-23 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2014-10-23 10:57 - 2014-10-23 10:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-10-23 10:57 - 2014-10-23 10:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Expression
2014-10-23 10:25 - 2014-10-23 10:36 - 103542856 _____ (Microsoft Corporation) C:\Users\fkn1337\Downloads\Web_Trial_en.exe
2014-10-17 09:15 - 2014-10-17 09:18 - 00000000 ____D () C:\ProgramData\TrackMania
2014-10-17 09:09 - 2014-10-21 09:47 - 00000000 ____D () C:\Users\fkn1337\Documents\TrackMania
2014-10-17 09:08 - 2014-10-17 09:08 - 00001112 _____ () C:\Users\Public\Desktop\TmNationsForever.lnk
2014-10-17 09:08 - 2014-10-17 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
2014-10-17 09:07 - 2014-10-17 09:08 - 00000000 ____D () C:\Program Files (x86)\TmNationsForever
2014-10-15 15:10 - 2014-10-15 15:10 - 03666100 _____ () C:\Users\fkn1337\Downloads\Einfuehrung.Perl.rar
2014-10-15 15:09 - 2014-10-15 15:10 - 16582516 _____ () C:\Users\fkn1337\Downloads\Programmieren.lernen.Perl.rar
2014-10-15 08:39 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 08:39 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 08:39 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 08:39 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 08:39 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 08:39 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 08:39 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 08:39 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 08:39 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 08:39 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 08:39 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 08:39 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 08:39 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 08:39 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 08:39 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 08:39 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 08:38 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 08:38 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 08:38 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 08:38 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 08:38 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 08:38 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 08:38 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 08:38 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 08:38 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 08:38 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 08:38 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 08:38 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 08:38 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 08:38 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 08:38 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 08:38 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 08:38 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 08:38 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 08:38 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 08:38 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 08:38 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 08:38 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 08:38 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 08:38 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 08:38 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 08:38 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 08:38 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 08:38 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 08:38 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 08:38 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 08:38 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 08:38 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 08:38 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 08:38 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 08:38 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 08:38 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 08:38 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 08:38 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 08:38 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 08:38 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 08:38 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 08:38 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 08:38 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 08:38 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 08:38 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 08:38 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 08:38 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 08:38 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 08:38 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 08:38 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 08:38 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 08:38 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 08:38 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 08:38 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 08:38 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 08:38 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 08:38 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 08:38 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 08:38 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 08:38 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 08:38 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 08:38 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 08:38 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 08:38 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 08:38 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 08:38 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 08:38 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 08:38 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 08:38 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 08:38 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 08:38 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 08:38 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 08:38 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 08:38 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 08:38 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 08:38 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 08:38 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 08:38 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 08:38 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 08:38 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 08:38 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 08:38 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 08:38 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 08:38 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 08:38 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 08:33 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 08:33 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 08:33 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 08:33 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 08:33 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 08:33 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 08:33 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 08:33 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 08:33 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 08:33 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 08:33 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 08:33 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 08:33 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 08:33 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 08:33 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 08:33 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 08:33 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 10:59 - 2014-10-14 11:07 - 00000000 ____D () C:\Users\fkn1337\Documents\Adobe
2014-10-14 09:51 - 2014-10-14 10:13 - 00000000 ____D () C:\Users\fkn1337\Desktop\BESTofSEEED,Culcha USW

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 20:46 - 2013-12-01 19:12 - 00000378 _____ () C:\Windows\Tasks\WpsUpdateTask_fkn1337.job
2014-11-09 20:27 - 2012-06-27 16:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-09 18:39 - 2012-05-25 08:50 - 01496095 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 16:14 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 16:14 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 16:09 - 2012-05-25 18:43 - 00702366 _____ () C:\Windows\system32\perfh007.dat
2014-11-09 16:09 - 2012-05-25 18:43 - 00151000 _____ () C:\Windows\system32\perfc007.dat
2014-11-09 16:09 - 2009-07-14 06:13 - 01628802 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 15:55 - 2013-05-13 12:09 - 00000000 ___RD () C:\Users\fkn1337\Dropbox
2014-11-09 15:55 - 2013-05-13 12:06 - 00000000 ____D () C:\Users\fkn1337\AppData\Roaming\Dropbox
2014-11-09 15:54 - 2012-05-25 09:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-11-09 15:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 23:19 - 2010-11-21 04:47 - 00123588 _____ () C:\Windows\PFRO.log
2014-11-07 21:25 - 2013-11-14 12:09 - 04320256 ___SH () C:\Users\fkn1337\Desktop\Thumbs.db
2014-11-07 00:59 - 2012-10-21 23:08 - 00000000 ____D () C:\Users\fkn1337\AppData\Roaming\vlc
2014-11-06 21:28 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-06 21:21 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-06 21:17 - 2009-07-14 03:34 - 85196800 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-11-06 21:17 - 2009-07-14 03:34 - 24117248 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-11-06 21:17 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-11-06 21:17 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-11-06 21:17 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-11-06 16:58 - 2012-06-26 18:56 - 00000000 ____D () C:\Users\fkn1337
2014-11-06 11:58 - 2012-09-14 06:29 - 00000000 ____D () C:\Users\fkn1337\Documents\Schule
2014-11-05 22:12 - 2013-06-21 10:01 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-11-05 16:33 - 2012-10-16 06:07 - 00000000 ____D () C:\Windows\Minidump
2014-11-05 16:20 - 2012-11-07 11:17 - 00000000 ____D () C:\Users\fkn1337\AppData\Roaming\VMware
2014-11-05 16:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-05 16:18 - 2012-11-19 09:40 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2
2014-11-05 09:20 - 2013-03-01 09:53 - 00000192 _____ () C:\Users\fkn1337\.packettracer
2014-11-03 10:32 - 2012-11-07 11:17 - 00000000 ____D () C:\Users\fkn1337\AppData\Local\VMware
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 11:57 - 2014-07-24 12:51 - 00000000 ____D () C:\Users\fkn1337\AppData\Local\Eclipse
2014-10-27 11:57 - 2013-03-14 07:32 - 00000000 ____D () C:\Users\fkn1337\workspace
2014-10-27 11:56 - 2014-07-24 12:49 - 00000000 ____D () C:\Users\fkn1337\Downloads\eclipse
2014-10-25 15:47 - 2013-11-12 13:21 - 00000000 ____D () C:\Users\fkn1337\AppData\Local\CutePDF Writer
2014-10-23 09:32 - 2013-10-02 12:53 - 00010112 _____ () C:\Users\fkn1337\Documents\inseln_ferienhaus_02_10_2013.mwb
2014-10-21 13:33 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-21 09:39 - 2012-06-26 18:56 - 00000000 ____D () C:\Users\fkn1337\AppData\Local\VirtualStore
2014-10-19 14:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 09:09 - 2011-07-08 10:46 - 00261727 _____ () C:\Windows\DirectX.log
2014-10-16 06:14 - 2009-07-14 05:45 - 00525704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 06:12 - 2014-05-08 09:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 06:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 06:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 19:11 - 2013-07-15 01:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 18:55 - 2012-09-16 20:40 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 11:31 - 2014-08-01 15:06 - 00001456 _____ () C:\Users\fkn1337\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-10-14 11:07 - 2012-06-26 20:31 - 00000000 ____D () C:\Users\fkn1337\AppData\Roaming\Adobe
2014-10-14 08:50 - 2013-02-12 21:43 - 00000000 ____D () C:\Users\fkn1337\RAR_DL
2014-10-14 08:49 - 2012-10-10 20:03 - 00000000 ____D () C:\Users\fkn1337\Downloads\sft-loader_2009_final

Files to move or delete:
====================
C:\Users\fkn1337\Aufgabe2_OTTO.bat
C:\Users\fkn1337\aufgabe3.bat
C:\Users\fkn1337\parameter.bat
C:\Users\fkn1337\XXX.bat


Some content of TEMP:
====================
C:\Users\fkn1337\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpptu5cm.dll
C:\Users\fkn1337\AppData\Local\Temp\Quarantine.exe
C:\Users\fkn1337\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 23:22

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Soooo ich glaube das müsste es jetzt gewesen sein?!

Die Fehlermeldung kommt jetzt auch nicht mehr! Das ist schon mal gut.
Das BKA-Fenster ist auch nicht mehr da.
Scheint alles so wie gewünscht gelaufen zu sein.
VIELEN VIELEN DANK für deine Hilfe!!!!!!!!

PS: Langt der Microsoft Essentials eig aus oder sollte ich mir doch einen "gescheiten" Virenscanner holen?
Welchen würdest du empfehlen?

schrauber · 10.11.2014, 16:45

Adobe und Firefox updaten. Download Ordner leeren.

Ich empfehle immer Emsisoft.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

fkn88 · 11.11.2014, 09:09

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by fkn1337 at 2014-11-11 09:08:10 Run:1
Running from C:\Users\fkn1337\Desktop\BKA Trojaner bekämpfen
Loaded Profiles: UpdatusUser & fkn1337 (Available profiles: UpdatusUser & fkn1337)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

==== End of Fixlog ====

schrauber · 12.11.2014, 08:10

fertig

12.11.2014, 08:10	#13
schrauber /// the machine /// TB-Ausbilder	Windows 7: BKA Trojaner - Bildschirm wird gesperrt fertig __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 7: BKA Trojaner - Bildschirm wird gesperrt

Log-Analyse und Auswertung: Windows 7: BKA Trojaner - Bildschirm wird gesperrt