Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.01.2015, 08:36   #1
Jens69
 
Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



Guten Morgen,

ich hoffe, ich habe jetzt alles richtig gemacht, um mein Problem zu posten.
Seit Samstag ist es bei mir so, dass sich nach 5 bis 10 Minuten ein "Interpol"-Fenster öffnet, mit dem wohl bekannten Hinweis, dass man 100 € zahlen soll, damit der Rechner nicht gesperrt wird.
Ich habe einen Kaspersky Virenscanner, der aber den Interpol-Virus/Trojaner nicht erkannt hat.
Ich habe dann noch einen Scanner aus dem Netz geladen, der kommt aber nie ganz durch mit dem Scannen, weil sich vorher wieder das "Interpol"-Fenster öffnet. Was ich aber sehen kann, ist, dass 27 "Bedrohungen" in der Systemregistratur befinden.
vielleicht sind es auch mehr, wie gesagt, ich komme nie bis zum Abschluss, weil das Fenster von "Interpol" dann öffnet.
Ich habe auch Kaspersky untersuchen lassen, der hat, wenn ich mich recht erinnere, vier Bedrohungen gefunden und auch unschädlich gemacht.

Ich kann weitere Infos auf Fragen leider erst heute Abend beantworten, da ich tagsüber im Büro bin.

Viele Grüße und schon einmal ein Danke für die Hilfe.
Jens

Alt 26.01.2015, 08:39   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 26.01.2015, 18:11   #3
Jens69
 
Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



Hier, wie gewünscht, das Protokoll von FRST.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by SYSTEM on MINWINPC on 26-01-2015 19:01:25
Running from F:\
Platform: Windows Vista (TM) Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-17] (Synaptics, Inc.)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-23] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-06] (Acer Incorporated)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] ()
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [821768 2008-07-01] (Dritek System Inc.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google)
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-05-12] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-05-12] (CyberLink)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-05-12] (Acer Corp.)
HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-22] (Acer)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1644744 2012-08-08] (Ask)
HKLM\...\Run: [Google Updater] => C:\Program Files\Google\Google Updater\GoogleUpdater.exe [161336 2011-09-15] (Google)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\muckiwob1\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-02-19] (Google Inc.)
HKU\muckiwob1\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\muckiwob1\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\muckiwob1\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26165568 2014-12-22] (SlimWare Utilities, Inc.)
HKU\muckiwob1\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-21] (Google)
Startup: C:\Users\muckiwob1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B59FCFA17.lnk
ShortcutTarget: B59FCFA17.lnk -> C:\ProgramData\71AFCF95B.cpp ()

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] ()
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google)
S2 gupdate1c99d03c292747; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-03] ()
S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-08] ()
S2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [222016 2014-12-22] (SlimWare Utilities, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S4 0013351358452156mcinstcleanup; C:\Users\MUCKIW~1\AppData\Local\Temp\001335~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [25856 2008-04-14] (AVerMedia TECHNOLOGIES, Inc.)
S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42880 2008-04-14] (AVerMedia TECHNOLOGIES, Inc.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-12] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-21] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-12] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-06] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-06] (Kaspersky Lab ZAO)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-27] (Winbond Electronics Corporation)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-21] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\AVerA310USB.sys 02E1C46C34F2D2843533C4F223867930
C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys F5272A105F59A7B3B345D9D6D87DA7AD
C:\Windows\System32\DRIVERS\AGRSM.sys 38325C6AA8EAE011897D61CE48EC6435
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DRIVERS\b57nd60x.sys 7D0F2BFA273831124FA08526AF48AF18
C:\Windows\System32\drivers\AVerA310Cap.sys 9347A2DDEE501C242A8E21990279D688
C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\System32\DRIVERS\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\DRIVERS\DKbFltr.sys 73BAF270D24FE726B9CD7F80BB17A23D
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 5C2C209CDEFBC51D83D66E8A53B2BE89
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61
C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\System32\Drivers\fastfat.sys 4E404505B3F62ECFBDBCBBCF0A72DBC5
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys D8DF3722D5E961BAA1292AA2F12827E2
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\System32\DRIVERS\iaStor.sys 707C1692214B1C290271067197F075F6
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\int15.sys C6E5276C00EBDEB096BB5EF4B797D1B6
C:\Windows\System32\drivers\RTKVHDA.sys 3CFA12FEFEA751DAE7B8133A6EF3C0D9
C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\jmcr.sys 858C550EBBD243826A2193262C1B54A3
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\DRIVERS\kl1.sys 871C226234A48C24DFE7478F36C0050C
C:\Windows\System32\DRIVERS\klif.sys 3D4FC0A34DFDDB931D65001839D73A5F
C:\Windows\System32\DRIVERS\klim6.sys 039FB019C92A16A54FE527D93B0CFB96
C:\Windows\System32\DRIVERS\klkbdflt.sys 249A266AF74ADE44AE8424E78D145E09
C:\Windows\System32\DRIVERS\klmouflt.sys 035724BA6D5676B76FD3AFB66AB4F1E3
C:\Windows\System32\DRIVERS\kltdi.sys 8FD802F86D4AB3FB329B8E51517BFF2A
C:\Windows\System32\DRIVERS\kneps.sys 8F932DF10408BCABA2FCF6163C843F8E
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys B0584CA7DEF55929FDB5169BD28B2484
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\System32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D
C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\System32\DRIVERS\NETw5v32.sys E559EA9138C77B5D1FDA8C558764A25F
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\System32\DRIVERS\NTIDrvr.sys 2757D2BA59AEE155209E24942AB127C9
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys 547BFA3591C70674B0BFC99354AB78B3
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\System32\drivers\nvhda32v.sys 2C7AC27710E8D41C1EB7D1599187D237
C:\Windows\System32\DRIVERS\nvlddmkm.sys CB0D6F8F65B8766FF2AAAA78881FD9F8
C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\system32\drivers\pciide.sys FC175F5DDAB666D7F4D17449A547626F
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\DRIVERS\psdfilter.sys AB94285FF6C6BC5433407D8D182A4BB4
C:\Windows\System32\DRIVERS\PSDNServ.sys 2AAF9A5D7A63D26BFAEA853C5F2292BC
C:\Windows\System32\DRIVERS\PSDVdisk.sys 0EB8CEC99855BEAE5B0D02C2302619EF
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 126EA89BCC413EE45E3004FB0764888F
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys BF7AA84D5AF0FAA0978C840E63B17DBF
C:\Windows\System32\drivers\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966
C:\Windows\System32\DRIVERS\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\Drivers\UBHelper.sys F763E070843EE2803DE1395002B42938
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2
C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 44056325428A8E4C755830426E29878F
C:\Windows\System32\Drivers\usbvideo.sys 73FF24E21B690625A58109637DDA0DF7
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\winbondcir.sys 3FA87D56769838AAC82FAFC3E78FC732
C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl 4D840C6AF3C020ED3A35EFBA9025CF4A

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 19:00 - 2015-01-26 19:00 - 00000000 ____D () C:\FRST
2015-01-25 05:41 - 2015-01-25 05:41 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Nico Mak Computing
2015-01-25 05:40 - 2015-01-25 05:40 - 00000990 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2015-01-25 05:40 - 2015-01-25 05:40 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-01-25 05:40 - 2015-01-25 05:40 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2015-01-25 05:40 - 2013-03-15 08:01 - 00016384 _____ () C:\Windows\System32\wsusnative32.exe
2015-01-25 04:50 - 2015-01-25 04:50 - 00000000 ____D () C:\Users\muckiwob1\Option
2015-01-24 08:47 - 2015-01-24 08:47 - 00208896 _____ () C:\ProgramData\71AFCF95B.cpp
2015-01-24 08:15 - 2015-01-24 08:15 - 00001864 _____ () C:\Users\Public\Desktop\SlimCleaner Plus.lnk
2015-01-24 08:15 - 2015-01-24 08:15 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\Downloaded Installers
2015-01-24 08:15 - 2015-01-24 08:15 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2015-01-24 08:15 - 2015-01-24 08:15 - 00000000 ____D () C:\Program Files\SlimService
2015-01-24 08:15 - 2015-01-24 08:15 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2015-01-24 08:14 - 2015-01-24 08:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\SlimWare Utilities Inc
2015-01-24 08:14 - 2015-01-24 08:14 - 00013464 _____ () C:\Windows\System32\Drivers\SWDUMon.sys
2015-01-24 08:14 - 2015-01-24 08:14 - 00001856 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2015-01-24 08:14 - 2015-01-24 08:14 - 00000000 ____D () C:\Program Files\DriverUpdate
2015-01-24 08:13 - 2015-01-24 08:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-01-24 06:28 - 2015-01-24 06:28 - 00215475 _____ (TODO: <Company name>) C:\Windows\oem_uninst.exe
2015-01-24 06:25 - 2015-01-24 06:25 - 00000000 ____D () C:\Program Files\DLLSuite
2015-01-24 05:40 - 2015-01-24 05:40 - 00000906 _____ () C:\Users\muckiwob1\Desktop\ParetoLogic PC Health Advisor.lnk
2015-01-24 05:40 - 2015-01-24 05:40 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\ParetoLogic
2015-01-24 05:40 - 2015-01-24 05:40 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\DriverCure
2015-01-24 05:40 - 2015-01-24 05:40 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-01-24 05:40 - 2015-01-24 05:40 - 00000000 ____D () C:\Program Files\ParetoLogic
2015-01-24 05:40 - 2015-01-24 05:40 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2015-01-24 05:08 - 2015-01-25 05:11 - 00262144 _____ () C:\Windows\System32\config\elam
2015-01-18 06:23 - 2014-12-18 16:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-18 05:42 - 2014-12-05 19:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-18 05:42 - 2014-12-05 19:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2015-01-18 05:42 - 2014-12-05 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2015-01-18 05:41 - 2014-12-05 19:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 09:55 - 2013-01-17 12:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-26 09:55 - 2008-11-04 22:07 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml
2015-01-26 09:55 - 2008-04-18 01:49 - 00000147 _____ () C:\Windows\System32\agent.log
2015-01-26 09:54 - 2009-02-28 06:13 - 00028219 _____ () C:\ProgramData\nvModes.001
2015-01-26 09:53 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 09:53 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 09:52 - 2008-01-20 18:47 - 06818752 _____ () C:\Windows\PFRO.log
2015-01-25 06:22 - 2008-01-20 23:16 - 00679016 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-25 06:15 - 2008-11-04 21:13 - 01691543 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 05:19 - 2012-11-11 11:43 - 00000000 ____D () C:\Windows\Minidump
2015-01-25 05:19 - 2010-09-11 14:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\skypePM
2015-01-25 05:19 - 2010-09-11 14:16 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Skype
2015-01-25 05:19 - 2009-02-20 10:08 - 00000000 ____D () C:\Users\muckiwob1\Tracing
2015-01-25 05:19 - 2007-07-11 17:49 - 00000000 ____D () C:\Windows\Panther
2015-01-25 05:19 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\LogFiles
2015-01-25 04:58 - 2008-04-18 01:43 - 00000000 ____D () C:\Program Files\eSobi
2015-01-25 04:58 - 2008-04-18 00:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-25 04:50 - 2009-02-19 09:36 - 00000000 ____D () C:\users\muckiwob1
2015-01-24 05:07 - 2009-08-20 09:38 - 00000680 _____ () C:\Users\muckiwob1\AppData\Local\d3d9caps.dat
2015-01-18 06:23 - 2013-08-18 08:34 - 00000000 ____D () C:\Windows\System32\MRT
2015-01-18 05:44 - 2006-11-02 02:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2015-01-17 07:33 - 2012-11-21 12:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2015-01-17 07:33 - 2012-11-21 12:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2015-01-08 00:55 - 2011-04-16 09:44 - 00249488 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2015-01-04 10:55 - 2011-01-04 07:32 - 00000000 ____D () C:\Users\muckiwob1\Documents\Bärbel

Files to move or delete:
====================
C:\Users\muckiwob1\AppData\Roaming\skype.ini


Some content of TEMP:
====================
C:\Users\muckiwob1\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\muckiwob1\AppData\Local\Temp\scpD423.tmp.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-11-21 09:28:44
Restore point made on: 2014-11-22 06:46:42
Restore point made on: 2014-11-30 05:32:40
Restore point made on: 2014-12-07 05:31:30
Restore point made on: 2014-12-14 09:08:32
Restore point made on: 2014-12-20 07:55:28
Restore point made on: 2014-12-20 09:03:37
Restore point made on: 2014-12-21 04:58:35
Restore point made on: 2014-12-22 04:10:22
Restore point made on: 2014-12-23 06:00:21
Restore point made on: 2014-12-26 03:01:23
Restore point made on: 2015-01-02 05:09:41
Restore point made on: 2015-01-03 06:40:59
Restore point made on: 2015-01-04 05:40:10
Restore point made on: 2015-01-10 06:53:28
Restore point made on: 2015-01-11 06:08:55
Restore point made on: 2015-01-17 06:48:10
Restore point made on: 2015-01-18 05:41:30
Restore point made on: 2015-01-20 09:27:10
Restore point made on: 2015-01-20 10:19:14
Restore point made on: 2015-01-23 10:02:15
Restore point made on: 2015-01-24 04:13:37
Restore point made on: 2015-01-24 08:24:07
Restore point made on: 2015-01-24 09:40:39
Restore point made on: 2015-01-24 09:44:54
Restore point made on: 2015-01-25 04:41:12
Restore point made on: 2015-01-25 04:57:01

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {fdcbb73c-0d74-11dd-82e0-001e68556efb}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=X:
path                    \windows\system32\boot\winload.exe
description             Windows Recovery Environment
osdevice                partition=X:
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {fdcbb73c-0d74-11dd-82e0-001e68556efb}
nx                      OptIn
increaseuserva          2900

Resume from Hibernate
---------------------
identifier              {fdcbb73c-0d74-11dd-82e0-001e68556efb}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  unknown
path                    \ntldr
description             Frhere Windows-Version

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}


==================== Memory info =========================== 

Percentage of memory in use: 8%
Total physical RAM: 4090.07 MB
Available physical RAM: 3731.99 MB
Total Pagefile: 3955.8 MB
Available Pagefile: 3790.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.18 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:58.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:126.12 GB) NTFS
Drive f: () (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32
Drive x: (PQSERVICE) (Fixed) (Total:10 GB) (Free:1.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: F604BC3A)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)


LastRegBack: 2015-01-25 06:20

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 27.01.2015, 06:24   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\muckiwob1\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\muckiwob1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B59FCFA17.lnk
ShortcutTarget: B59FCFA17.lnk -> C:\ProgramData\71AFCF95B.cpp ()
C:\Users\muckiwob1\AppData\Roaming\skype.ini
C:\Users\muckiwob1\AppData\Roaming\skype.dat
C:\ProgramData\71AFCF95B.cpp
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Rechner normal starten, dann im normalen Modus:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.01.2015, 06:41   #5
Jens69
 
Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



Guten Morgen schrauber,

nur um nix falsch zu machen: Ich fahre den Rechner erst ganz normal hoch und drücke dann die Windows + R-Taste ? Oder in einem speziellen Modus hochfahren ?

Mein FRST befindet sich auf dem gestern benötigten stick. Dorthin auch die Fixlog kopieren und trotzdem beim späteren normalen Start des Rechners die FRST noch mal auf den Desktop runterladen

Ich muss ja mal sagen, wenn so ein Virus/Trojaner nicht so verdammt sch.... wäre, würde das hier richtig Spaß machen :-)


Alt 27.01.2015, 10:57   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



Der befallen Rechner ist in der Recovery, dort wo du auch per Stick den Scan gemacht hast.
Auf einem andern Rechner die fixlist erstellen, auf dem Stick speichern.
In der Recovery den Fix machen.

Rechner normal starten, FRST neu laden, auf den Desktop, dann den Scan.
__________________
--> Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit

Alt 27.01.2015, 17:05   #7
Jens69
 
Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



Hier schon mal der Fixlog, die anderen beiden Files kommen gleich nach.


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by SYSTEM at 2015-01-27 17:28:24 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\muckiwob1\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\muckiwob1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B59FCFA17.lnk
ShortcutTarget: B59FCFA17.lnk -> C:\ProgramData\71AFCF95B.cpp ()
C:\Users\muckiwob1\AppData\Roaming\skype.ini
C:\Users\muckiwob1\AppData\Roaming\skype.dat
C:\ProgramData\71AFCF95B.cpp
Emptytemp:

*****************

HKU\muckiwob1\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
C:\Users\muckiwob1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\B59FCFA17.lnk => Moved successfully.
C:\ProgramData\71AFCF95B.cpp => Moved successfully.
C:\Users\muckiwob1\AppData\Roaming\skype.ini => Moved successfully.
"C:\Users\muckiwob1\AppData\Roaming\skype.dat" => File/Directory not found.
"C:\ProgramData\71AFCF95B.cpp" => File/Directory not found.
Emptytemp: => Error: This directive works only outside recovery mode.

==== End of Fixlog 17:28:25 ====
         
Hier die FRST.txt.


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by muckiwob1 (administrator) on WENDSCHOTT on 27-01-2015 17:44:18
Running from C:\Users\muckiwob1\Desktop
Loaded Profiles: muckiwob1 (Available profiles: muckiwob1)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nico Mak Computing) C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\ACER\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
() C:\Windows\PLFSetI.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Realtek Semiconductor Corp.) C:\Users\muckiwob1\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_257_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-18] (Synaptics, Inc.)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-23] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-07] (Acer Incorporated)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] ()
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [821768 2008-07-02] (Dritek System Inc.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google)
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-05-12] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-05-12] (CyberLink)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-05-12] (Acer Corp.)
HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-23] (Acer)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1644744 2012-08-08] (Ask)
HKLM\...\Run: [Google Updater] => C:\Program Files\Google\Google Updater\GoogleUpdater.exe [161336 2011-09-15] (Google)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-479782255-706792591-617315946-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-02-19] (Google Inc.)
HKU\S-1-5-21-479782255-706792591-617315946-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-479782255-706792591-617315946-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-479782255-706792591-617315946-1000\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26165568 2014-12-23] (SlimWare Utilities, Inc.)
HKU\S-1-5-21-479782255-706792591-617315946-1000\...\MountPoints2: {bedf884a-6bd1-11e3-9a44-00238b004c94} - H:\DPFMate.exe
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-21] (Google)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g
HKU\S-1-5-21-479782255-706792591-617315946-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.acer.de/ac/de/DE/content/home
HKU\S-1-5-21-479782255-706792591-617315946-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g
HKU\S-1-5-21-479782255-706792591-617315946-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-479782255-706792591-617315946-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/?gws_rd=ssl
URLSearchHook: HKU\S-1-5-21-479782255-706792591-617315946-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&src=kw&tb=MNC&o=15092&locale=de_DE&apn_ptnrs=^MF&apn_dtid=^MNT001^YY^DE&p2=^MF^MNT001^YY^DE&apn_uid=aad9f123-a74e-4aff-a538-cdc9d542b220&apn_sauid=7d6052f9-cbbc-471d-9191-3b5c568ca8a7&hpds=1&hdoi=2012-11-08&q={searchTerms}
SearchScopes: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=N6Hs5uwKsg09mHRcs2HjkZPp4t8?q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-24]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-09-05]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-09-05]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-09-05]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-09-05]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-09-05]

Chrome: 
=======
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\16.0.912.77\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll No File
CHR Plugin: (McSimpleChromePlugin Dynamic Link Library) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.11.118.1_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-05]
CHR Extension: (Google-Suche) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-05]
CHR Extension: (SiteAdvisor) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2010-09-11]
CHR Extension: (Google Mail) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-05]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] () [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] () [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google)
S2 gupdate1c99d03c292747; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed]
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [222016 2014-12-23] (SlimWare Utilities, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 0013351358452156mcinstcleanup; C:\Users\MUCKIW~1\AppData\Local\Temp\001335~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [25856 2008-04-15] (AVerMedia TECHNOLOGIES, Inc.)
S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42880 2008-04-15] (AVerMedia TECHNOLOGIES, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-21] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-12] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-06] (Kaspersky Lab ZAO)
R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-16] (Cyberlink Corp.) [File not signed]
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-21] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 17:44 - 2015-01-27 17:50 - 00023334 _____ () C:\Users\muckiwob1\Desktop\FRST.txt
2015-01-27 17:41 - 2015-01-27 17:41 - 01120768 _____ (Farbar) C:\Users\muckiwob1\Desktop\FRST.exe
2015-01-27 04:00 - 2015-01-27 17:44 - 00000000 ____D () C:\FRST
2015-01-25 14:41 - 2015-01-25 14:41 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Nico Mak Computing
2015-01-25 14:40 - 2015-01-25 14:40 - 00000990 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2015-01-25 14:40 - 2015-01-25 14:40 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-01-25 14:40 - 2015-01-25 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2015-01-25 14:40 - 2015-01-25 14:40 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2015-01-25 14:40 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2015-01-25 13:50 - 2015-01-25 13:50 - 00000000 ____D () C:\Users\muckiwob1\Option
2015-01-24 17:20 - 2015-01-24 17:26 - 00000374 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - muckiwob1).job
2015-01-24 17:15 - 2015-01-24 17:15 - 00001864 _____ () C:\Users\Public\Desktop\SlimCleaner Plus.lnk
2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\Downloaded Installers
2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus
2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\Program Files\SlimService
2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2015-01-24 17:14 - 2015-01-24 17:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\SlimWare Utilities Inc
2015-01-24 17:14 - 2015-01-24 17:14 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-01-24 17:14 - 2015-01-24 17:14 - 00001856 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2015-01-24 17:14 - 2015-01-24 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2015-01-24 17:14 - 2015-01-24 17:14 - 00000000 ____D () C:\Program Files\DriverUpdate
2015-01-24 17:13 - 2015-01-24 17:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-01-24 15:28 - 2015-01-24 15:28 - 00215475 _____ (TODO: <Company name>) C:\Windows\oem_uninst.exe
2015-01-24 15:25 - 2015-01-24 15:25 - 00000000 ____D () C:\Program Files\DLLSuite
2015-01-24 14:43 - 2015-01-24 18:00 - 00000452 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2015-01-24 14:40 - 2015-01-27 17:34 - 00000478 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-01-24 14:40 - 2015-01-24 14:56 - 00000426 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2015-01-24 14:40 - 2015-01-24 14:56 - 00000384 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2015-01-24 14:40 - 2015-01-24 14:56 - 00000366 _____ () C:\Windows\Tasks\PC Health Advisor.job
2015-01-24 14:40 - 2015-01-24 14:40 - 00000906 _____ () C:\Users\muckiwob1\Desktop\ParetoLogic PC Health Advisor.lnk
2015-01-24 14:40 - 2015-01-24 14:40 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\ParetoLogic
2015-01-24 14:40 - 2015-01-24 14:40 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2015-01-24 14:40 - 2015-01-24 14:40 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\DriverCure
2015-01-24 14:40 - 2015-01-24 14:40 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-01-24 14:40 - 2015-01-24 14:40 - 00000000 ____D () C:\Program Files\ParetoLogic
2015-01-24 14:40 - 2015-01-24 14:40 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2015-01-24 14:08 - 2015-01-25 14:11 - 00262144 _____ () C:\Windows\system32\config\elam
2015-01-18 15:23 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-18 14:42 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-18 14:42 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-18 14:42 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-18 14:41 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 17:50 - 2013-01-17 21:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-27 17:44 - 2008-01-21 08:16 - 00684342 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 17:42 - 2008-11-05 06:13 - 01721189 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 17:35 - 2009-02-28 15:13 - 00028219 _____ () C:\ProgramData\nvModes.001
2015-01-27 17:35 - 2008-11-05 07:07 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-01-27 17:35 - 2008-04-18 10:49 - 00000147 _____ () C:\Windows\system32\agent.log
2015-01-27 17:34 - 2009-07-02 14:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 17:34 - 2008-01-21 03:47 - 06819296 _____ () C:\Windows\PFRO.log
2015-01-27 17:34 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 17:34 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 17:34 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 17:09 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-25 14:58 - 2009-07-02 14:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 14:34 - 2012-11-21 21:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 14:19 - 2012-11-11 20:43 - 00000000 ____D () C:\Windows\Minidump
2015-01-25 14:19 - 2010-09-11 23:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\skypePM
2015-01-25 14:19 - 2010-09-11 23:16 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Skype
2015-01-25 14:19 - 2009-02-20 19:08 - 00000000 ____D () C:\Users\muckiwob1\Tracing
2015-01-25 14:19 - 2007-07-12 02:49 - 00000000 ____D () C:\Windows\Panther
2015-01-25 14:19 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-25 13:58 - 2008-04-18 10:43 - 00000000 ____D () C:\Program Files\eSobi
2015-01-25 13:58 - 2008-04-18 09:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-25 13:50 - 2009-02-19 18:36 - 00000000 ____D () C:\Users\muckiwob1
2015-01-24 14:07 - 2009-08-20 18:38 - 00000680 _____ () C:\Users\muckiwob1\AppData\Local\d3d9caps.dat
2015-01-18 19:31 - 2010-10-24 15:52 - 00000482 ____H () C:\Windows\Tasks\Norton Security Scan for muckiwob1.job
2015-01-18 15:23 - 2013-08-18 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 14:44 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-17 16:33 - 2012-11-21 21:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-17 16:33 - 2012-11-21 21:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-08 09:55 - 2011-04-16 18:44 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 19:55 - 2011-01-04 16:32 - 00000000 ____D () C:\Users\muckiwob1\Documents\Bärbel

==================== Files in the root of some directories =======

2014-02-13 20:04 - 2014-02-13 20:04 - 49940480 _____ () C:\Program Files\GUT6CE7.tmp
2009-02-21 10:41 - 2009-02-21 10:41 - 0024206 _____ () C:\Users\muckiwob1\AppData\Roaming\UserTile.png
2009-08-20 18:38 - 2015-01-24 14:07 - 0000680 _____ () C:\Users\muckiwob1\AppData\Local\d3d9caps.dat
2009-02-21 10:39 - 2014-10-26 16:23 - 0022528 _____ () C:\Users\muckiwob1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-24 15:18 - 2012-10-24 15:21 - 0000280 _____ () C:\ProgramData\ArcadeDeluxe2.log
2010-09-11 23:19 - 2010-09-11 23:19 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-02-28 15:13 - 2015-01-27 17:35 - 0028219 _____ () C:\ProgramData\nvModes.001
2009-02-28 15:09 - 2014-10-23 17:46 - 0028219 _____ () C:\ProgramData\nvModes.dat
2012-06-21 16:42 - 2012-06-21 16:42 - 0000052 _____ () C:\ProgramData\pjyzptgqlivsclv

Some content of TEMP:
====================
C:\Users\muckiwob1\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\muckiwob1\AppData\Local\Temp\scpD423.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-27 17:40

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Und hier die Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by muckiwob1 at 2015-01-27 17:52:52
Running from C:\Users\muckiwob1\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5315 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.0.5315 - CyberLink Corp.) Hidden
Acer Crystal Eye Webcam 2.0.8 (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.8 - SuYin)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 3.0.3007 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3060 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3006 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3013 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GameZone Console 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version:  - Oberon Media, Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.12.0506 - Acer Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
ArcSoft PhotoImpression (HKLM\...\{F8BBD99F-B51F-4B6C-80A8-B1B2993B59C4}) (Version:  - )
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-479782255-706792591-617315946-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.4.0.25589 - Ask.com) <==== ATTENTION
AVerMedia A310 (MiniCard, DVB-T) 1.1.0.27 (HKLM\...\AVerMedia A310 (MiniCard, DVB-T)) (Version: 1.1.0.27 - AVerMedia TECHNOLOGIES, Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{A64A5576-D862-44F8-89DC-2B17FCC9B86E}) (Version: 11.11.03 - Broadcom Corporation)
Content Manager 2 (HKLM\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DriverUpdate (HKLM\...\{8AE269B5-4133-4FFC-9896-D718886D7D8F}) (Version: 2.2.43335 - SlimWare Utilities, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 2.15 - Philipp Winterberg)
GameShadow (HKLM\...\{B2390904-74BD-48AA-B2CC-6612F8D46379}) (Version: 2.03.0000 - GameShadow Ltd)
Garmin BaseCamp (HKLM\...\{CBB4288D-2D32-43BB-8FCE-3F102E385956}) (Version: 4.3.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.10.04 - JMicron Technology Corp.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2013 (HKLM\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Lumicron LDC-524z3 (HKLM\...\Lumicron LDC-524z3) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Norton Security Scan (HKLM\...\NSS) (Version: 2.7.3.34 - Symantec Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.503 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.503 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6322 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6322 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
ParetoLogic PC Health Advisor (HKLM\...\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}) (Version: 3.1.7.0 - ParetoLogic, Inc.)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2713 - CyberLink Corp.)
PowerDirector (Version: 6.5.2713 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5612 - Realtek Semiconductor Corp.)
Secure Download Manager (HKLM\...\{6E839820-0BBA-4310-9D06-4463BAEA6641}) (Version: 3.1.01 - Kivuto Solutions Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Silent Hunter 4 Wolves of the Pacific (HKLM\...\{0D005F09-A5F4-473B-A901-5735C6AF5628}) (Version: 1.03.0000 - Ubisoft)
Silent Hunter III (HKLM\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.4.0000 - Ubisoft)
Silent Hunter III (Version: 1.4.0000 - Ubisoft) Hidden
Skype Web Plugin (HKLM\...\{6F11BED2-859F-46C4-A9DA-A91AAD5BC849}) (Version: 2.3.12417.17599 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\{BA219F82-20BF-49AD-A279-E2D69D3B9D3F}) (Version: 1.0.26102 - SlimWare Utilities, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Winbond CIR Device Drivers (HKLM\...\{10F498FF-5392-4DF3-8F73-FE172A9F3800}) (Version: 7.60.1012 - Winbond Electronics Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinZip Malware Protector (HKLM\...\WinZip Malware Protector_is1) (Version: 2.1.1000.14260 - WinZip International LLC)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{01E62FC1-2BC2-43A7-9C7D-F1E2783CF000}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsUtils.dll (Express Solutions Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{079AA557-4A18-424A-8EEE-E39F0A8D41B9}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0AF1913F-13DB-42DA-A25E-958E8A79E9B0}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{13215D54-7340-4557-8874-7DD51AD527C9}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{168AD2AB-3A85-45A8-926D-CB7B3D293329}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsEventHandler.dll (Express Solutions Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{196117D7-6A7F-4F18-8E3B-200A7AA4D196}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{19EDAA63-117B-40FD-8E1C-92C8DC0CD725}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsConfig.dll (Express Solutions Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{1C048253-E86E-4B5A-BBB0-5B4FD327D28B}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsLocator.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{25E91008-C83E-4198-885A-3B136ACDCC54}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsUtils.dll (Express Solutions Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{2933BF90-7B36-11d2-B20E-00C04F983E60}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{2933BF91-7B36-11D2-B20E-00C04F983E60}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{2933BF94-7B36-11D2-B20E-00C04F983E60}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3124C396-FB13-4836-A6AD-1317F1713688}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{373984C9-B845-449B-91E7-45AC83036ADE}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{384FF8F0-41BF-4F52-8620-B4624BA0B12F}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3A32E43A-323A-42DD-9505-D3C20E5511F8}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3D6B2683-0E0E-4367-A91D-9F044B2EA677}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsUtils.dll (Express Solutions Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3D813DFE-6C91-4A4E-8F41-04346A841D9C}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{3E784A01-F3AE-4DC0-9354-9526B9370EBA}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{4C1E74BE-E45A-48DC-A8A0-E718B7AFEE5A}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsLocator.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{4DB26476-6787-4046-B836-E8412A9E8A27}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{4DD441AD-526D-4A77-9F1B-9841ED802FB0}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{51AF5684-A538-492B-853D-7050E5B756DE}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsCompress.dll (Express Solutions Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{550DDA30-0541-11D2-9CA9-0060B0EC3D39}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{6A63EC6D-35E0-4DA0-88F6-A268A0BB2A0F}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{6F812978-7A39-42C9-AE5E-B3D775DDEDD4}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{7449828A-155B-470F-B898-0AD0C92397EB}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsSchema.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{7ADE76BA-7AF7-44BF-B0C5-A946534F1EBA}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\ARProgBar.ocx (Alvaro Redondo)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{7D05D3E4-F18D-4D64-ABA4-FBC79589BB55}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{7D168F55-08A5-42FD-B4F0-7CA684D84950}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{7E3FCEA1-31B4-11D2-AE1F-0080C7337EA1}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{9271413F-2B9A-42D9-95ED-E5E3CF6C0072}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsLocator.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{936E555A-92C5-4880-8F5B-3E5E4B989AFE}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsTransfer.dll (Express Solutions Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{9573876E-12E2-45E1-A474-F7DFBCD42807}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsUtils.dll (Express Solutions Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{963EDF51-1209-4B6B-AC2B-55527019ED32}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{989D1DC0-B162-11D1-B6EC-D27DDCF9A923}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{9F7DC59C-80B6-48FB-A4D3-CD72BAEBC9F7}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{9FCFE650-A90A-4296-8A6C-E11542DDC472}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsBasicTimer.dll (Express Solutions Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{AFB40FFD-B609-40A3-9828-F88BBE11E4E3}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{AFBA6B42-5692-48EA-8141-DC517DCF0EF1}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{B90D6692-7CC2-44B4-AF3D-5D7D74E743D0}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsUtils.dll (Express Solutions Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{B9BE6250-1199-40C5-9F70-4CCC9D2A717B}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C58C197B-8F7C-40E1-8EE6-835944A1049F}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsLocator.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\ACTXPRXY.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{D2423620-51A0-11D2-9CAF-0060B0EC3D39}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{DBC47161-482C-4FD2-A854-412B9868AE97}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{DCFC2C95-651D-46A8-A31E-6EE58125C2E3}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsLocator.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{EFFF3436-D93B-4DEA-9593-E11C0FB74C2C}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsUtils.dll (Express Solutions Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F4C0312A-6562-407F-B924-1A224F13BD1F}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsUtils.dll (Express Solutions Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F19-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F27-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F31-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F33-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F34-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F35-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F36-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F37-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F39-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F3F-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F40-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F5078F41-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F6D90F14-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F8383852-FCD3-11D1-A6B9-006097DF5BD4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{FB0500AA-E215-4133-A3DE-B2F301126C66}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\gmsAPI.dll (GameShadow Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{FC220AD8-A72A-4EE8-926E-0B7AD152A020}\InprocServer32 -> C:\Windows\system32\msxml3.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{FD819CA3-D874-48CE-9EAD-AC7BE1D4F125}\InprocServer32 -> C:\Users\muckiwob1\Documents\GameShadow\exsConfig.dll (Express Solutions Ltd)
CustomCLSID: HKU\S-1-5-21-479782255-706792591-617315946-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points  =========================

21-11-2014 18:26:49 Windows Update
22-11-2014 15:43:51 Windows Update
30-11-2014 14:30:27 Windows Update
07-12-2014 14:29:21 Windows Update
14-12-2014 18:07:12 Windows Update
20-12-2014 16:53:56 Windows Update
20-12-2014 17:59:59 Windows Update
21-12-2014 13:56:36 Windows Update
22-12-2014 13:09:15 Windows Update
23-12-2014 14:58:44 Windows Update
26-12-2014 11:58:34 Windows Update
02-01-2015 14:07:55 Windows Update
03-01-2015 15:35:04 Windows Update
04-01-2015 14:34:14 Windows Update
10-01-2015 15:51:43 Windows Update
11-01-2015 15:07:59 Windows Update
17-01-2015 15:46:47 Windows Update
18-01-2015 14:40:09 Windows Update
20-01-2015 18:25:41 Windows Update
20-01-2015 19:18:41 Windows Update
23-01-2015 19:00:49 Windows Update
24-01-2015 13:12:20 Windows Update
24-01-2015 17:22:14 Windows Update
24-01-2015 18:35:26 Removed Adobe Reader 8.1.0
24-01-2015 18:41:22 Removed Adobe Reader 8.1.0
25-01-2015 13:38:25 Windows Update
25-01-2015 13:54:45 Entfernt eSobi v2
27-01-2015 17:38:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {065B971B-8DBE-48AF-B0BB-46BD22092E05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {08E272C8-50D7-43B5-8D3B-60789B839E08} - System32\Tasks\PC Health Advisor => C:\Program Files\ParetoLogic\PCHA\PCHA.exe [2015-01-20] (ParetoLogic, Inc.)
Task: {0EE1F92A-11F3-4932-B120-D98FE273DEFF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {138E4485-77E0-456C-A83C-19534F7ACA95} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {262D0496-525D-47D4-9F58-84E68B11642A} - System32\Tasks\{72D98D52-7371-461B-8E42-02FE0EA3DD0E} => C:\Program Files\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {55402C3D-4570-421B-88BB-F31877D8EE34} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-17] (Adobe Systems Incorporated)
Task: {5870D8F2-3DD4-4935-84AF-B4519D03C729} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {598CAEAB-42E5-4F11-9FB5-1A1C86ADAD0F} - System32\Tasks\Norton Security Scan for muckiwob1 => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-28] (Symantec Corporation)
Task: {64B5E8FB-7DEB-4ADD-B581-195DF218A376} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe [2014-12-02] (Nico Mak Computing)
Task: {93687AB8-0DC5-49A0-AA5F-B9A430916FC6} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-21] (Google)
Task: {BF830876-71E3-4152-BA15-4758B885453F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {C8552088-3810-4890-B6E9-484C7AFB5F87} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - muckiwob1) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2014-12-23] (SlimWare Utilities, Inc.)
Task: {CF284DD2-143E-4D33-B616-885DD85039AF} - System32\Tasks\PC Health Advisor Defrag => C:\Program Files\ParetoLogic\PCHA\PCHA.exe [2015-01-20] (ParetoLogic, Inc.)
Task: {D092662E-324C-4B92-A91E-6B5D22A041AC} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {D8C145E2-5A02-4759-9069-0775F78FDCA2} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-06-06] () <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for muckiwob1.job => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\PC Health Advisor Defrag.job => C:\Program Files\ParetoLogic\PCHA\PCHA.exe
Task: C:\Windows\Tasks\PC Health Advisor.job => C:\Program Files\ParetoLogic\PCHA\PCHA.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - muckiwob1).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Loaded Modules (whitelisted) =============

2008-04-18 09:56 - 2008-04-23 14:58 - 00204800 _____ () C:\Windows\System32\SysHook.dll
2015-01-25 14:40 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files\WinZip Malware Protector\System.Data.SQLite.dll
2015-01-25 14:40 - 2014-12-02 11:26 - 01717936 _____ () C:\Program Files\WinZip Malware Protector\aspsys.dll
2015-01-25 14:40 - 2013-02-28 16:53 - 00168448 _____ () C:\Program Files\WinZip Malware Protector\UNRAR.DLL
2012-08-17 20:39 - 2013-09-05 19:44 - 01310136 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2008-02-28 21:44 - 2008-02-28 21:44 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2008-02-28 21:44 - 2008-02-28 21:44 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2008-02-28 21:44 - 2008-02-28 21:44 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2008-04-18 09:52 - 2008-04-18 09:52 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
2008-04-18 09:52 - 2008-04-18 09:52 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
2008-03-04 22:38 - 2008-03-04 22:38 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-04-06 21:42 - 2008-04-06 21:42 - 00034040 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-04-04 02:00 - 2008-04-04 02:00 - 00003072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2008-11-05 07:18 - 2008-01-16 18:35 - 00081504 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2008-04-18 09:52 - 2008-03-21 12:22 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-04-18 09:52 - 2008-04-18 09:52 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3006.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-04-18 09:52 - 2008-04-18 09:52 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-04-18 09:52 - 2008-04-18 09:52 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3006.0__672b450de5a7e94a\Framework.Host.dll
2008-04-18 09:52 - 2008-04-18 09:52 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3006.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-04-18 09:59 - 2008-03-07 02:35 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eAudio\eAudioSrvPlugin.dll
2008-04-18 09:57 - 2008-05-26 14:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2008-04-18 09:57 - 2008-05-26 14:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2008-04-18 09:57 - 2008-05-26 14:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2008-04-18 09:57 - 2008-05-26 14:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2008-04-18 10:50 - 2007-12-06 15:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-04-18 10:50 - 2007-11-27 14:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-04 02:03 - 2008-04-04 02:03 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2008-04-18 10:42 - 2007-01-09 03:25 - 00272024 _____ () C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2008-11-05 07:05 - 2007-10-23 10:56 - 00200704 _____ () C:\Windows\PLFSetI.exe
2008-11-05 07:07 - 2010-06-21 20:52 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2008-05-12 22:11 - 2008-05-12 22:11 - 00753664 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2008-05-12 22:11 - 2008-05-12 22:11 - 00007680 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:E36F5B57

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 0013351358452156mcinstcleanup => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: odserv => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

========================= Accounts: ==========================

Administrator (S-1-5-21-479782255-706792591-617315946-500 - Administrator - Disabled)
Gast (S-1-5-21-479782255-706792591-617315946-501 - Limited - Disabled)
muckiwob1 (S-1-5-21-479782255-706792591-617315946-1000 - Administrator - Enabled) => C:\Users\muckiwob1

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2015 05:49:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 2b0
Anfangszeit: 01d03a4f29ed1b2b
Zeitpunkt der Beendigung: 31

Error: (01/27/2015 05:44:07 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (01/27/2015 05:44:07 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (01/27/2015 05:44:06 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (01/27/2015 05:42:06 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Product: Skype Web Plugin -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , ,

Error: (01/27/2015 05:35:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 05:05:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2015 06:55:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2015 03:22:53 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (01/25/2015 03:22:53 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16


System errors:
=============
Error: (01/27/2015 05:44:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Skype-Plugin-Aktualisierung{E22FBE58-32C4-452F-AA68-67E7A3902DC5}200

Error: (01/26/2015 06:55:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/26/2015 06:49:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 25.01.2015 um 15:24:44 unerwartet heruntergefahren.

Error: (01/25/2015 03:14:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 25.01.2015 um 15:12:57 unerwartet heruntergefahren.

Error: (01/25/2015 02:44:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (01/25/2015 02:34:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000NlaSvc

Error: (01/25/2015 02:29:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 25.01.2015 um 14:27:30 unerwartet heruntergefahren.

Error: (01/25/2015 02:13:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 25.01.2015 um 14:12:27 unerwartet heruntergefahren.

Error: (01/25/2015 01:48:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 25.01.2015 um 13:47:03 unerwartet heruntergefahren.

Error: (01/25/2015 01:44:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Skype-Plugin-Aktualisierung{E22FBE58-32C4-452F-AA68-67E7A3902DC5}200


Microsoft Office Sessions:
=========================
Error: (01/25/2015 02:44:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 185 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-01-27 17:50:06.582
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 17:50:05.178
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 17:50:03.852
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 17:50:02.636
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kneps.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 17:50:00.904
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 17:49:59.578
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 17:49:57.644
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 17:49:56.536
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\kltdi.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 17:49:54.726
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-27 17:49:52.870
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 39%
Total physical RAM: 3065.94 MB
Available physical RAM: 1862.27 MB
Total Pagefile: 6336.08 MB
Available Pagefile: 4526.87 MB
Total Virtual: 2899.88 MB
Available Virtual: 2766.66 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:58.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:126.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: F604BC3A)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 27.01.2015, 19:22   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Ask Toolbar

    Ask Toolbar Updater


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.01.2015, 06:01   #9
Jens69
 
Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



Hier ist die combofix.txt

Code:
ATTFilter
ComboFix 15-01-27.01 - muckiwob1 27.01.2015  23:36:31.2.2 - x86
ausgeführt von:: c:\users\muckiwob1\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\muckiwob1\AppData\Roaming\.#
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-27 bis 2015-01-27  ))))))))))))))))))))))))))))))
.
.
2015-01-27 19:30 . 2015-01-27 19:30	--------	d-----w-	c:\program files\VS Revo Group
2015-01-27 03:00 . 2015-01-27 16:57	--------	d-----w-	C:\FRST
2015-01-25 13:41 . 2015-01-27 22:31	--------	d-----w-	c:\users\muckiwob1\AppData\Roaming\Nico Mak Computing
2015-01-25 12:50 . 2015-01-25 12:50	--------	d-----w-	c:\users\muckiwob1\Option
2015-01-24 16:15 . 2015-01-24 16:15	--------	d-----w-	c:\programdata\SlimWare Utilities Inc
2015-01-24 16:15 . 2015-01-24 16:15	--------	d-----w-	c:\users\muckiwob1\AppData\Local\Downloaded Installers
2015-01-24 16:14 . 2015-01-24 16:14	13464	----a-w-	c:\windows\system32\drivers\SWDUMon.sys
2015-01-24 16:14 . 2015-01-24 16:19	--------	d-----w-	c:\users\muckiwob1\AppData\Local\SlimWare Utilities Inc
2015-01-24 16:14 . 2015-01-24 16:14	--------	d-----w-	c:\program files\DriverUpdate
2015-01-24 14:28 . 2015-01-24 14:28	215475	----a-w-	c:\windows\oem_uninst.exe
2015-01-24 14:25 . 2015-01-24 14:25	--------	d-----w-	c:\program files\DLLSuite
2015-01-24 13:40 . 2015-01-24 13:40	--------	d-----w-	c:\users\muckiwob1\AppData\Roaming\ParetoLogic
2015-01-24 13:40 . 2015-01-24 13:40	--------	d-----w-	c:\users\muckiwob1\AppData\Roaming\DriverCure
2015-01-24 13:40 . 2015-01-24 13:40	--------	d-----w-	c:\program files\Common Files\ParetoLogic
2015-01-24 13:40 . 2015-01-27 19:57	--------	d-----w-	c:\programdata\ParetoLogic
2015-01-18 14:23 . 2014-12-19 00:25	115200	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2015-01-18 13:42 . 2014-12-06 03:14	48640	----a-w-	c:\windows\system32\nlaapi.dll
2015-01-18 13:42 . 2014-12-06 03:14	174080	----a-w-	c:\windows\system32\nlasvc.dll
2015-01-18 13:42 . 2014-12-06 03:14	93184	----a-w-	c:\windows\system32\ncsi.dll
2015-01-18 13:41 . 2014-12-06 03:14	153600	----a-w-	c:\windows\system32\profsvc.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-17 15:33 . 2012-11-21 20:00	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-17 15:33 . 2012-11-21 20:00	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-01-08 08:55 . 2011-04-16 17:44	249488	------w-	c:\windows\system32\MpSigStub.exe
2014-12-03 02:06 . 2014-12-20 15:56	278528	----a-w-	c:\windows\system32\schannel.dll
2014-12-02 11:01 . 2015-01-20 17:51	9054624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{72F94C18-0544-4DD1-A271-D6DC7681E268}\mpengine.dll
2014-11-24 20:44 . 2014-12-14 17:30	367104	----a-w-	c:\windows\system32\html.iec
2014-11-24 20:40 . 2014-12-14 17:30	1810944	----a-w-	c:\windows\system32\jscript9.dll
2014-11-24 20:35 . 2014-12-14 17:30	1129472	----a-w-	c:\windows\system32\wininet.dll
2014-11-24 20:34 . 2014-12-14 17:30	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-24 20:33 . 2014-12-14 17:30	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2014-11-24 20:33 . 2014-12-14 17:30	421376	----a-w-	c:\windows\system32\vbscript.dll
2014-11-24 20:32 . 2014-12-14 17:30	11776	----a-w-	c:\windows\system32\mshta.exe
2014-11-24 20:32 . 2014-12-14 17:30	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-18 13:56 . 2014-11-18 13:56	1202848	----a-w-	c:\windows\system32\FM20.DLL
2014-11-07 01:33 . 2014-12-21 13:21	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-04 00:19 . 2014-12-21 13:22	2048	----a-w-	c:\windows\system32\tzres.dll
2014-02-13 19:04 . 2014-02-13 19:04	49940480	----a-w-	c:\program files\GUT6CE7.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 92704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-21 30192]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-10 356128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-03-08 02:38	40048	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 25856]
R4 0013351358452156mcinstcleanup;McAfee Application Installer Cleanup (0013351358452156);c:\users\MUCKIW~1\AppData\Local\Temp\001335~1.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 15:33]
.
2014-02-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-19 20:50]
.
2015-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 17:00]
.
2015-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 17:00]
.
2015-01-18 c:\windows\Tasks\Norton Security Scan for muckiwob1.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-24 07:48]
.
2015-01-27 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2014-12-08 18:55]
.
2015-01-27 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08 18:55]
.
2015-01-24 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08 18:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.acer.de/ac/de/DE/content/home
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-01-27 23:54
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(6212)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-28  00:03:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-27 23:03
.
Vor Suchlauf: 10 Verzeichnis(se), 64.484.397.056 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 64.245.424.128 Bytes frei
.
- - End Of File - - 400A4F749E099421F6F5A21F8C5E40C4
7BA4C7EA1EF33A92F5F01BE63EDACB6A
         
Guten Morgen,

noch zwei Dinge, die ich gestern Abend aufgrund von Müdigkeit nicht mehr erwähnte:

Der REvo uninstaller ,eldete bei dem Deinstallieren von Ask Toolbar updater, das ein Löschen nicht möglich ist. Ich habe das mit "Ok" bestätigt, es wurde jedoch trotzdem entfernt, zumindest sehe ich es nicht mehr.

Die Ausführung von combofix dauerte ewig lange, als die Stufe 50 nach über einer Stunde nicht überwunden war (Gesamtlaufzeit da schon fast 2,5 Std), habe ich abgebrochen und neu gestartet. Allerdings war es wohl meine Schuld, denn ich habe WinZip Malware Protector übersehen, der meldete mitten im scan plötzlich 36 gefundene Bedrohungen. Wie gesagt, ich habe abgebrochen, WinZip deinstalliert. Danach dauerte der gesamte scan ca. 30 Minuten mit oben angegebenem Log.

Alt 28.01.2015, 12:24   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.01.2015, 06:03   #11
Jens69
 
Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



Nabend Schrauber,

ich habe mir Malwarebytes Anti-Malware runtergeladen und gestartet. Jetzt läuft die Initialisierungssequenz (der erste Schritt: Vorbereitungs Abläufe) schon über eine Stunde.
Ist das normal oder habe ich etwas falsch gemacht ?

Jetzt sind es 2 Stunden...
Ich nehme an, das ist nicht korrekt, oder ?

Moin Schrauber,

habe die Malewarebytes Anti-Malware noch einmal über Nacht laufen lassen, aber kein anderes Ergebnis, Endlosschleife in der Initialisierung, Laufzeit über 7 Stunden.
Der Rechner war über Nacht nicht mit dem Netz verbunden und weitere Scanner waren nicht aktiv.

Gruß
Jens

Alt 29.01.2015, 11:13   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



Lass MBAM weg und mach bitte den Rest.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.01.2015, 20:18   #13
Jens69
 
Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



Nabend Schrauber,

so, ich habe jetzt glaube ich so weit alles gemacht.
Wie schon erwähnt initialisierte sich Malewarebytes zu Tode.
Bei AdwCleaner verlief der Scan problemlos, aber hing beim Löschen der Ordner und Dateien jedes Mal an der gleichen Stelle fest. Allerdings wurden die zu löschenden Daten nah jedem Neustart weniger. Zum Schluß lief er aber durch und erzeugte die Log. Die hänge ich an:

Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 29/01/2015 um 20:50:33
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : muckiwob1 - WENDSCHOTT
# Gestartet von : C:\Users\muckiwob1\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****

Task Gelöscht : paretologic registration3
Task Gelöscht : paretologic update version3
Task Gelöscht : Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\074A36B543391D44FA16C62EBD65A59E

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16599


-\\ Google Chrome v

[C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://sportbild.bild.de/kddb/cms/websearchsport.do?query={searchTerms}

*************************

AdwCleaner[R0].txt - [2643 octets] - [29/01/2015 20:32:51]
AdwCleaner[R1].txt - [2696 octets] - [29/01/2015 20:46:34]
AdwCleaner[S0].txt - [410 octets] - [29/01/2015 20:36:20]
AdwCleaner[S1].txt - [2617 octets] - [29/01/2015 20:50:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2677 octets] ##########
         
Und hier die JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by muckiwob1 on 29.01.2015 at 20:15:25,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}



~~~ Files

Successfully deleted: [File] "C:\Windows\System32\Tasks\scheduled update for ask toolbar"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\muckiwob1\AppData\Roaming\drivercure"
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{00F15895-A563-4774-B807-735931EF099E}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{02561840-87AB-4C4C-93E1-B1A7C032A90D}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{0350BF34-190F-4C1C-87AD-DC49A9924713}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{090AD786-E397-479E-8BC9-09903A771FD2}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{0A31A38D-02FF-4818-8242-E9856F374505}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{0AB710EE-6522-4EA8-A00B-F3D9204544A5}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{0E4D8449-D752-464A-A4A4-4B179D3A5AF7}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{11409070-BA80-423D-A64D-F5FC19A752C1}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{11B33341-7D91-4D70-8892-C4D19356DBDB}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{1B4A9057-76E0-4AE6-B96C-E24D729E341A}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{1C11F390-0962-4EDE-A9E0-8FD18FCADF65}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{1C8D493B-26B4-4CDE-A0AE-809E094ECA62}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{1DC6CC94-7DEE-4CD0-BCF7-46ECA484A57E}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{1E30F294-AE88-43FD-A757-EDAC7616DD08}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{20F7DF6B-6B62-4F17-99B8-F14777DD8F69}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{22194A43-F5FE-4682-ABD5-9202A736A32C}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{255C1F48-1B51-4914-8598-A530D4BC6B30}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{26940481-60FD-494E-BB1F-B8866645EF33}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{26DDF6DA-3D1C-47CD-9F7D-4DA65C1254CF}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{283B6892-FD64-4773-B7DA-2A037E22963F}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{2869B575-9595-4ED3-938F-D0B2EB1557A7}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{2D633DB7-C222-46EA-9DC8-6BC93DC27A9E}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{2F3A3BCE-7428-43A3-B8B1-5B5C48053F50}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{301B5EF3-DCC7-42C5-804B-CA668717DC69}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{304C240A-3B63-45D7-9D7A-D809A6809617}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{31984182-63BA-46E3-934E-02CDD158EDB9}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{39F9E29A-AF2B-4AE5-8951-55E9278B0217}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{3D14744F-46C6-4E00-80BB-54A707FCD80E}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{40B65F96-483F-4242-AAB3-D37672C02438}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{42246A3A-6BAE-4297-A99D-5F2E643EF21E}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{43020966-B652-4187-B96C-2766B7FF6DE9}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{4447D6BB-9CAA-4026-90EF-9CCC3D2972D3}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{4473B0ED-E062-416E-AA1B-722AF26E7A3A}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{44AA8E45-2401-4C27-B061-59DAE0B961F4}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{473F51C1-2DBE-4768-BF5C-13E853782119}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{4BCB69D3-9030-4476-BA27-DEC7CDCD9965}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{4C9CD8BA-BDA5-46E6-96B2-1E62551B50CA}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{50FF753B-5AB0-4CF7-AC5E-5B1D949BCE15}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{5190EC4C-4BEB-47ED-ABB7-3076524C1868}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{5407D384-DCD0-4C2A-9A25-D6A82BA46A16}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{54204FC3-4D0A-4550-AD81-D23B01BF4037}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{56DB0B09-EDB5-4275-8CBF-444ADFD20678}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{57CABD16-BC08-49E9-9D62-977B2C20C828}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{57E00E89-F110-40AA-959E-CD938310CD64}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{59B3E76D-FBE3-46ED-B04D-D686B3028444}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{5BCB150A-3BBF-4BEE-9E63-738FCD90700F}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{5C147451-7636-46F1-8ABD-1373D7049E31}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{5EAC08B4-0B76-4755-A09D-F560BAEB6072}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{5EE4FCCE-96B6-47FC-A716-F2300003D82A}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{5FF37F24-EB96-42BC-A2FA-64F96275C163}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{62D5E5A7-5B9A-4830-92AB-414EA181A559}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{632E5AA1-C4B0-403A-BF80-C0BF86E6AB7C}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{65349D1B-9DEE-425E-A545-D8AE073E36BB}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{65D6BA7B-E926-48AA-A11C-7049F414209E}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{681CE1FE-F1E6-4472-AFDC-08F7B4B0054D}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{69C26D25-6CC4-42E4-8675-67767B6B6266}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{6D8A75CA-3A24-4746-BE80-B6A3F697AB74}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{70F4B99F-2463-4F4F-9DA8-FC315A9FC8F1}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{71C56504-E69A-464A-ABD6-9DF49253697A}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{75125466-63FD-4049-B6AB-14933633C641}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{79DDF74C-1042-4471-95D8-E3B654D66F9A}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{7D10679F-AC96-45DD-855C-D47991F752A0}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{7D15F985-46ED-490A-BDEE-E79B341C9E1B}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{7DAE28C5-0229-4A18-A3CF-CEFAE3E7AE77}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{7E2D71FD-4FAC-4A8B-B98F-4D6C80B42B70}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{80610B93-93EC-452E-85DD-89C09477F5AA}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{81AEB925-E891-4614-8DA3-E78882E550A7}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{858305FD-FE56-4514-9ABC-9B578B8F3A25}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{86DC5658-6536-4183-9484-1692F74007B1}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{88382FC8-70D6-4B6E-8206-DF14DBC48302}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{88414EF2-216F-456D-AB0D-11A07C3BF0F5}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{88490326-F34B-45A3-A86A-567356635AE2}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{8A69316A-21B9-4761-886F-C1A3E6BD069F}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{8AF70FDC-4763-4FD4-B310-5B3AB30C8733}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{8BA75B23-C57D-470D-B226-F71D4467B5E4}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{8C68E6F8-2582-43ED-B802-7EE800F4EACE}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{8D55D82E-CC8F-4F1C-8920-5AB8836AA732}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{8F4074A8-3670-43A9-9F32-2A93FDBC6676}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{9529943E-911A-43B2-BE3C-7B82320EA675}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{95A0F3E4-CDA9-490B-8695-576BF464F803}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{978A9E15-DDAD-4D56-94B4-032543A8B4BF}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{99360997-D046-4989-B0A0-CEAC06C05F3A}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{9A711DA1-2E16-4EC0-AF9A-5E2FB19121CB}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{9A8FD8EB-2AF2-45A2-B082-A4BF107578A1}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{9B78BFAB-41A0-4DCB-AE2C-1F0D24C9E8BB}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{9C7DCA3C-7B89-4557-8837-80A63023FC3C}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{9F82100F-02ED-48D4-959C-DD796CE75F9A}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{A192C8B9-0455-4F45-A684-E81979809E1A}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{A6B556CD-5BFC-4AB6-8974-502912FE69E4}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{A79003A1-3E87-4447-81AD-ECD0120851A2}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{A79E9E3B-3F59-4A7A-9BC4-2126A5750CB6}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{A9FE9E3C-8BC6-49E2-B887-63F62F5BE7E7}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{B85939B1-FF5A-440F-99B0-EFAF3ADFE3E7}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{BBFB7F55-8F99-44D6-8419-6F0A22BA9086}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{BE6826E7-97B1-4C7D-9D5A-A15099023FF2}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{BFAC9F73-2743-4497-B9D6-87A0173ABEC6}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{C548092C-61C1-48BB-9651-7213D1402F80}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{C6210540-65E2-4DA5-8021-8FB435E95E0B}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{C995748F-E840-4A97-BF12-E994883F3F1E}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{C9D6447F-687B-42CE-8AF1-C0773176241D}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{CB0ADC2D-57CC-4C61-AE5C-A548D5CB33CD}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{CCC0280A-612B-4CE0-8217-36FD40F77CB2}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{CF9FE89F-C53E-4B4D-A29D-514F9C4BBEAB}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{CFDC7FF0-C5E4-4877-A03C-A7D884C454A1}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{D4345342-4524-415B-8910-F6E91A3C58C4}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{D5407004-CFD0-42B8-B9C8-1AC23FCE9DE7}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{D5B04E42-800B-4259-93D1-E5A1FDD60744}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{D8EDD483-FC41-404F-BF8B-8313FEA86AB2}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{DC20D164-9109-4A23-B772-D95063C57E84}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{DE52E7E4-00A6-4686-8AA3-0289D606BD16}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{DEE321E9-085F-4456-8F2E-8534771E0F44}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{E071AE3D-5EAE-4DDC-A6EE-4AA62D16513E}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{EE836450-A86E-4A0D-BF3F-EFAF89D88A4D}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{F06BBA1D-DE8F-468C-837D-51B34C6DE2DF}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{F0F20280-BDC9-47C5-8011-54F4609212FC}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{F2C5E1F7-D113-424C-A0EC-803A0D28D1EC}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{F55E10CA-46AA-40C9-8D0B-AF866F987CD2}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{F64C8396-451B-4478-8271-2CD4B10BF2CD}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{F72DA01A-33AB-4872-8F0C-C0F02B8436C9}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{F9A07398-4C2D-43BF-B2DA-D053797E0526}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{FA4A00C7-9BFC-4DD8-B30D-FCE5EAF16043}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{FC243C49-359F-47F1-8EF7-A99BBF54591A}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{FD93D6BE-22DA-4CD6-90D1-BDA6D1EE3203}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{FEA983DD-B514-491C-8121-308056DF056E}
Successfully deleted: [Empty Folder] C:\Users\muckiwob1\appdata\local\{FEE14A7D-0A21-42B4-8A11-050FBBBA6F25}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.01.2015 at 20:20:39,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und zu guter letzt die FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by SYSTEM on MINWINPC on 29-01-2015 21:03:33
Running from F:\
Platform: Windows Vista (TM) Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-17] (Synaptics, Inc.)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-23] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-06] (Acer Incorporated)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] ()
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [821768 2008-07-01] (Dritek System Inc.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-05-12] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-05-12] (CyberLink)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-05-12] (Acer Corp.)
HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-22] (Acer)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\muckiwob1\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-02-19] (Google Inc.)
HKU\muckiwob1\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\muckiwob1\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-21] (Google)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] ()
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google)
S2 gupdate1c99d03c292747; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S3 MpsSvc; . [0 ] () <==== ATTENTION (zero size file/folder)
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-03] ()
S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S4 0013351358452156mcinstcleanup; C:\Users\MUCKIW~1\AppData\Local\Temp\001335~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [25856 2008-04-14] (AVerMedia TECHNOLOGIES, Inc.)
S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42880 2008-04-14] (AVerMedia TECHNOLOGIES, Inc.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-12] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-21] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-12] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-06] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-06] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-28] (Malwarebytes Corporation)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-27] (Winbond Electronics Corporation)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)
S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-21] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 11:32 - 2015-01-29 11:50 - 00000000 ____D () C:\AdwCleaner
2015-01-29 11:32 - 2015-01-29 11:32 - 02194432 _____ () C:\Users\muckiwob1\Desktop\AdwCleaner_4.109.exe
2015-01-29 11:20 - 2015-01-29 11:20 - 00015964 _____ () C:\Users\muckiwob1\Desktop\JRT.txt
2015-01-29 11:15 - 2015-01-29 11:15 - 00000000 ____D () C:\Windows\ERUNT
2015-01-29 11:14 - 2015-01-29 11:14 - 01707939 _____ (Thisisu) C:\Users\muckiwob1\Desktop\JRT.exe
2015-01-28 08:07 - 2015-01-28 13:12 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-01-28 08:07 - 2015-01-28 13:11 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-28 08:06 - 2015-01-28 13:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-28 08:06 - 2015-01-28 08:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-28 08:06 - 2014-11-20 21:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-01-28 08:06 - 2014-11-20 21:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-01-28 08:06 - 2014-11-20 21:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-01-28 08:03 - 2015-01-28 08:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\muckiwob1\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-27 15:03 - 2015-01-27 15:03 - 00012625 _____ () C:\ComboFix.txt
2015-01-27 12:02 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-27 12:02 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-27 12:02 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-27 12:02 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-27 12:02 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-27 12:02 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-27 12:02 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-27 12:02 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-27 12:01 - 2015-01-27 15:03 - 00000000 ____D () C:\Qoobox
2015-01-27 11:58 - 2015-01-27 15:00 - 00000000 ____D () C:\Windows\erdnt
2015-01-27 11:52 - 2015-01-27 11:52 - 05610622 ____R (Swearware) C:\Users\muckiwob1\Desktop\ComboFix.exe
2015-01-27 11:30 - 2015-01-27 11:30 - 00001061 _____ () C:\Users\muckiwob1\Desktop\Revo Uninstaller.lnk
2015-01-27 11:30 - 2015-01-27 11:30 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-27 11:29 - 2015-01-27 11:29 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\muckiwob1\Downloads\revosetup95.exe
2015-01-27 08:52 - 2015-01-27 08:57 - 00064821 _____ () C:\Users\muckiwob1\Desktop\Addition.txt
2015-01-27 08:44 - 2015-01-27 08:57 - 00032975 _____ () C:\Users\muckiwob1\Desktop\FRST.txt
2015-01-27 08:41 - 2015-01-27 08:41 - 01120768 _____ (Farbar) C:\Users\muckiwob1\Desktop\FRST.exe
2015-01-26 19:00 - 2015-01-27 08:57 - 00000000 ____D () C:\FRST
2015-01-25 05:41 - 2015-01-27 14:31 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Nico Mak Computing
2015-01-25 04:50 - 2015-01-25 04:50 - 00000000 ____D () C:\Users\muckiwob1\Option
2015-01-24 08:15 - 2015-01-24 08:15 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\Downloaded Installers
2015-01-24 08:15 - 2015-01-24 08:15 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2015-01-24 08:14 - 2015-01-24 08:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\SlimWare Utilities Inc
2015-01-24 08:14 - 2015-01-24 08:14 - 00013464 _____ () C:\Windows\System32\Drivers\SWDUMon.sys
2015-01-24 08:14 - 2015-01-24 08:14 - 00001856 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2015-01-24 08:14 - 2015-01-24 08:14 - 00000000 ____D () C:\Program Files\DriverUpdate
2015-01-24 08:13 - 2015-01-24 08:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-01-24 06:28 - 2015-01-24 06:28 - 00215475 _____ (TODO: <Company name>) C:\Windows\oem_uninst.exe
2015-01-24 06:25 - 2015-01-24 06:25 - 00000000 ____D () C:\Program Files\DLLSuite
2015-01-24 05:08 - 2015-01-25 05:11 - 00262144 _____ () C:\Windows\System32\config\elam
2015-01-18 06:23 - 2014-12-18 16:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-18 05:42 - 2014-12-05 19:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-18 05:42 - 2014-12-05 19:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2015-01-18 05:42 - 2014-12-05 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2015-01-18 05:41 - 2014-12-05 19:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 11:58 - 2008-11-04 21:13 - 01942457 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 11:58 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 11:58 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 11:55 - 2013-01-17 12:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-29 11:53 - 2009-02-28 06:13 - 00028219 _____ () C:\ProgramData\nvModes.001
2015-01-29 11:53 - 2008-11-04 22:07 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml
2015-01-29 11:52 - 2008-04-18 01:49 - 00000147 _____ () C:\Windows\System32\agent.log
2015-01-29 11:52 - 2008-01-20 18:47 - 06852378 _____ () C:\Windows\PFRO.log
2015-01-29 11:32 - 2008-01-20 23:16 - 00710972 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-28 08:58 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\LogFiles
2015-01-27 15:03 - 2006-11-02 03:18 - 00000000 __RHD () C:\users\Default
2015-01-27 15:03 - 2006-11-02 03:18 - 00000000 ___RD () C:\users\Public
2015-01-27 14:55 - 2006-11-02 02:23 - 00000215 _____ () C:\Windows\system.ini
2015-01-25 05:19 - 2012-11-11 11:43 - 00000000 ____D () C:\Windows\Minidump
2015-01-25 05:19 - 2010-09-11 14:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\skypePM
2015-01-25 05:19 - 2010-09-11 14:16 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Skype
2015-01-25 05:19 - 2009-02-20 10:08 - 00000000 ____D () C:\Users\muckiwob1\Tracing
2015-01-25 05:19 - 2007-07-11 17:49 - 00000000 ____D () C:\Windows\Panther
2015-01-25 04:58 - 2008-04-18 01:43 - 00000000 ____D () C:\Program Files\eSobi
2015-01-25 04:58 - 2008-04-18 00:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-25 04:50 - 2009-02-19 09:36 - 00000000 ____D () C:\users\muckiwob1
2015-01-24 05:07 - 2009-08-20 09:38 - 00000680 _____ () C:\Users\muckiwob1\AppData\Local\d3d9caps.dat
2015-01-18 06:23 - 2013-08-18 08:34 - 00000000 ____D () C:\Windows\System32\MRT
2015-01-18 05:44 - 2006-11-02 02:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2015-01-17 07:33 - 2012-11-21 12:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2015-01-17 07:33 - 2012-11-21 12:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2015-01-08 00:55 - 2011-04-16 09:44 - 00249488 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2015-01-04 10:55 - 2011-01-04 07:32 - 00000000 ____D () C:\Users\muckiwob1\Documents\Bärbel

Some content of TEMP:
====================
C:\Users\muckiwob1\AppData\Local\Temp\Quarantine.exe
C:\Users\muckiwob1\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\muckiwob1\AppData\Local\Temp\sqlite3.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-12-23 06:00:21
Restore point made on: 2014-12-26 03:01:23
Restore point made on: 2015-01-02 05:09:41
Restore point made on: 2015-01-03 06:40:59
Restore point made on: 2015-01-04 05:40:10
Restore point made on: 2015-01-10 06:53:28
Restore point made on: 2015-01-11 06:08:55
Restore point made on: 2015-01-17 06:48:10
Restore point made on: 2015-01-18 05:41:30
Restore point made on: 2015-01-20 09:27:10
Restore point made on: 2015-01-20 10:19:14
Restore point made on: 2015-01-23 10:02:15
Restore point made on: 2015-01-24 04:13:37
Restore point made on: 2015-01-24 08:24:07
Restore point made on: 2015-01-24 09:40:39
Restore point made on: 2015-01-24 09:44:54
Restore point made on: 2015-01-25 04:41:12
Restore point made on: 2015-01-25 04:57:01
Restore point made on: 2015-01-27 08:41:31
Restore point made on: 2015-01-27 11:11:36
Restore point made on: 2015-01-27 11:33:24
Restore point made on: 2015-01-27 11:34:48
Restore point made on: 2015-01-27 11:47:47
Restore point made on: 2015-01-28 07:59:44
Restore point made on: 2015-01-28 18:00:37
Restore point made on: 2015-01-29 10:48:54
Restore point made on: 2015-01-29 10:51:57

==================== Memory info =========================== 

Percentage of memory in use: 8%
Total physical RAM: 4090.07 MB
Available physical RAM: 3734.61 MB
Total Pagefile: 3955.8 MB
Available Pagefile: 3793.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1988.37 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:59.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:126.81 GB) NTFS
Drive f: () (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32
Drive x: (PQSERVICE) (Fixed) (Total:10 GB) (Free:1.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: F604BC3A)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)


LastRegBack: 2015-01-29 11:31

==================== End Of Log ============================
         
--- --- ---


Und wie geht es jetzt weiter ??

Alt 30.01.2015, 08:41   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



FRST bitte aus dem normalen Modus
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.01.2015, 15:44   #15
Jens69
 
Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Standard

Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit



Moin Schrauber,

na das sollte mal einer wissen :-)

Hier dir FRST....aus dem normalen Modus.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by muckiwob1 (administrator) on WENDSCHOTT on 30-01-2015 16:40:12
Running from C:\Users\muckiwob1\Desktop
Loaded Profiles: muckiwob1 (Available profiles: muckiwob1)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\ACER\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Windows\PLFSetI.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Realtek Semiconductor Corp.) C:\Users\muckiwob1\AppData\Local\temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\mpas-d_bd_1.191.3347.0.exe
(Microsoft Corporation) D:\0eac610b8ead644dc15604969a981d\MpMiniSigStub.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_257_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-18] (Synaptics, Inc.)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-23] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-03-07] (Acer Incorporated)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] ()
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [821768 2008-07-02] (Dritek System Inc.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-05-12] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-05-12] (CyberLink)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-05-12] (Acer Corp.)
HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-09-23] (Acer)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKU\S-1-5-21-479782255-706792591-617315946-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-02-19] (Google Inc.)
HKU\S-1-5-21-479782255-706792591-617315946-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-479782255-706792591-617315946-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-21] (Google)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-479782255-706792591-617315946-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730g
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-479782255-706792591-617315946-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.acer.de/ac/de/DE/content/home
HKU\S-1-5-21-479782255-706792591-617315946-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-479782255-706792591-617315946-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=N6Hs5uwKsg09mHRcs2HjkZPp4t8?q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-479782255-706792591-617315946-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-24]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-09-05]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-09-05]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-09-05]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-09-05]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-09-05]

Chrome: 
=======
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\16.0.912.77\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll No File
CHR Plugin: (McSimpleChromePlugin Dynamic Link Library) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.11.118.1_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-05]
CHR Extension: (Google-Suche) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-05]
CHR Extension: (SiteAdvisor) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2010-09-11]
CHR Extension: (Google Mail) - C:\Users\muckiwob1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-05]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] () [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] () [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-21] (Google)
S2 gupdate1c99d03c292747; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
S3 MpsSvc; . [0 2015-01-30] () <==== ATTENTION (zero size file/folder)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed]
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 0013351358452156mcinstcleanup; C:\Users\MUCKIW~1\AppData\Local\Temp\001335~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [25856 2008-04-15] (AVerMedia TECHNOLOGIES, Inc.)
S3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42880 2008-04-15] (AVerMedia TECHNOLOGIES, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-21] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-12] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-06] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-28] (Malwarebytes Corporation)
R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-16] (Cyberlink Corp.) [File not signed]
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-21] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 16:39 - 2015-01-30 16:39 - 00000000 ____D () C:\Users\muckiwob1\Desktop\FRST-OlderVersion
2015-01-29 20:32 - 2015-01-29 20:50 - 00000000 ____D () C:\AdwCleaner
2015-01-29 20:32 - 2015-01-29 20:32 - 02194432 _____ () C:\Users\muckiwob1\Desktop\AdwCleaner_4.109.exe
2015-01-29 20:20 - 2015-01-29 20:20 - 00015964 _____ () C:\Users\muckiwob1\Desktop\JRT.txt
2015-01-29 20:15 - 2015-01-29 20:15 - 00000000 ____D () C:\Windows\ERUNT
2015-01-29 20:14 - 2015-01-29 20:14 - 01707939 _____ (Thisisu) C:\Users\muckiwob1\Desktop\JRT.exe
2015-01-29 19:49 - 2015-01-29 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-01-28 17:07 - 2015-01-28 22:12 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-28 17:07 - 2015-01-28 22:11 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-28 17:07 - 2015-01-28 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-28 17:06 - 2015-01-28 22:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-28 17:06 - 2015-01-28 17:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-28 17:06 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-28 17:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-28 17:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 17:03 - 2015-01-28 17:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\muckiwob1\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-28 00:03 - 2015-01-28 00:03 - 00012625 _____ () C:\ComboFix.txt
2015-01-27 21:02 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-27 21:02 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-27 21:02 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-27 21:02 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-27 21:02 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-27 21:02 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-27 21:02 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-27 21:02 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-27 21:01 - 2015-01-28 00:03 - 00000000 ____D () C:\Qoobox
2015-01-27 20:58 - 2015-01-28 00:00 - 00000000 ____D () C:\Windows\erdnt
2015-01-27 20:52 - 2015-01-27 20:52 - 05610622 ____R (Swearware) C:\Users\muckiwob1\Desktop\ComboFix.exe
2015-01-27 20:30 - 2015-01-27 20:30 - 00001061 _____ () C:\Users\muckiwob1\Desktop\Revo Uninstaller.lnk
2015-01-27 20:30 - 2015-01-27 20:30 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-27 20:29 - 2015-01-27 20:29 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\muckiwob1\Downloads\revosetup95.exe
2015-01-27 17:52 - 2015-01-27 17:57 - 00064821 _____ () C:\Users\muckiwob1\Desktop\Addition.txt
2015-01-27 17:44 - 2015-01-30 16:40 - 00021924 _____ () C:\Users\muckiwob1\Desktop\FRST.txt
2015-01-27 17:41 - 2015-01-30 16:39 - 01121792 _____ (Farbar) C:\Users\muckiwob1\Desktop\FRST.exe
2015-01-27 04:00 - 2015-01-30 16:40 - 00000000 ____D () C:\FRST
2015-01-25 14:41 - 2015-01-27 23:31 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Nico Mak Computing
2015-01-25 13:50 - 2015-01-25 13:50 - 00000000 ____D () C:\Users\muckiwob1\Option
2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\Downloaded Installers
2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2015-01-24 17:14 - 2015-01-24 17:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Local\SlimWare Utilities Inc
2015-01-24 17:14 - 2015-01-24 17:14 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-01-24 17:14 - 2015-01-24 17:14 - 00001856 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2015-01-24 17:14 - 2015-01-24 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2015-01-24 17:14 - 2015-01-24 17:14 - 00000000 ____D () C:\Program Files\DriverUpdate
2015-01-24 17:13 - 2015-01-24 17:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-01-24 15:28 - 2015-01-24 15:28 - 00215475 _____ (TODO: <Company name>) C:\Windows\oem_uninst.exe
2015-01-24 15:25 - 2015-01-24 15:25 - 00000000 ____D () C:\Program Files\DLLSuite
2015-01-24 14:40 - 2015-01-30 16:28 - 00000478 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-01-24 14:08 - 2015-01-25 14:11 - 00262144 _____ () C:\Windows\system32\config\elam
2015-01-18 15:23 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-18 14:42 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-18 14:42 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-18 14:42 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-18 14:41 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 16:37 - 2008-11-05 06:13 - 01993631 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 16:35 - 2008-01-21 08:16 - 00721624 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-30 16:33 - 2012-11-21 21:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 16:30 - 2013-01-17 21:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-30 16:28 - 2009-07-02 14:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 16:28 - 2009-02-28 15:13 - 00028219 _____ () C:\ProgramData\nvModes.001
2015-01-30 16:28 - 2008-11-05 07:07 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-01-30 16:28 - 2008-04-18 10:49 - 00000147 _____ () C:\Windows\system32\agent.log
2015-01-30 16:28 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 16:28 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 16:27 - 2008-01-21 03:47 - 06852926 _____ () C:\Windows\PFRO.log
2015-01-30 16:27 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 23:39 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-29 22:58 - 2009-07-02 14:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 17:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-28 00:03 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-01-28 00:03 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-01-27 23:55 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-01-25 14:19 - 2012-11-11 20:43 - 00000000 ____D () C:\Windows\Minidump
2015-01-25 14:19 - 2010-09-11 23:19 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\skypePM
2015-01-25 14:19 - 2010-09-11 23:16 - 00000000 ____D () C:\Users\muckiwob1\AppData\Roaming\Skype
2015-01-25 14:19 - 2009-02-20 19:08 - 00000000 ____D () C:\Users\muckiwob1\Tracing
2015-01-25 14:19 - 2007-07-12 02:49 - 00000000 ____D () C:\Windows\Panther
2015-01-25 13:58 - 2008-04-18 10:43 - 00000000 ____D () C:\Program Files\eSobi
2015-01-25 13:58 - 2008-04-18 09:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-25 13:50 - 2009-02-19 18:36 - 00000000 ____D () C:\Users\muckiwob1
2015-01-24 14:07 - 2009-08-20 18:38 - 00000680 _____ () C:\Users\muckiwob1\AppData\Local\d3d9caps.dat
2015-01-18 19:31 - 2010-10-24 15:52 - 00000482 ____H () C:\Windows\Tasks\Norton Security Scan for muckiwob1.job
2015-01-18 15:23 - 2013-08-18 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 14:44 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-17 16:33 - 2012-11-21 21:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-17 16:33 - 2012-11-21 21:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-08 09:55 - 2011-04-16 18:44 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 19:55 - 2011-01-04 16:32 - 00000000 ____D () C:\Users\muckiwob1\Documents\Bärbel

==================== Files in the root of some directories =======

2014-02-13 20:04 - 2014-02-13 20:04 - 49940480 _____ () C:\Program Files\GUT6CE7.tmp
2009-02-21 10:41 - 2009-02-21 10:41 - 0024206 _____ () C:\Users\muckiwob1\AppData\Roaming\UserTile.png
2009-08-20 18:38 - 2015-01-24 14:07 - 0000680 _____ () C:\Users\muckiwob1\AppData\Local\d3d9caps.dat
2009-02-21 10:39 - 2014-10-26 16:23 - 0022528 _____ () C:\Users\muckiwob1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-24 15:18 - 2012-10-24 15:21 - 0000280 _____ () C:\ProgramData\ArcadeDeluxe2.log
2010-09-11 23:19 - 2010-09-11 23:19 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-02-28 15:13 - 2015-01-30 16:28 - 0028219 _____ () C:\ProgramData\nvModes.001
2009-02-28 15:09 - 2014-10-23 17:46 - 0028219 _____ () C:\ProgramData\nvModes.dat
2012-06-21 16:42 - 2012-06-21 16:42 - 0000052 _____ () C:\ProgramData\pjyzptgqlivsclv

Some content of TEMP:
====================
C:\Users\muckiwob1\AppData\Local\temp\Quarantine.exe
C:\Users\muckiwob1\AppData\Local\temp\RtkBtMnt.exe
C:\Users\muckiwob1\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-30 16:41

==================== End Of Log ============================
         
--- --- ---

Antwort

Themen zu Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit
erkannt, frage, fragen, gesperrt, guten, hinweis, infos, interpol windows vista, kaspersky, laptop, nicht erkannt, problem, rechner, recht, scan, scannen, scanner, trojaner, verhindert, virenscan, virenscanner, vista, windows, windows vista, zahlen, öffnet



Ähnliche Themen: Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit


  1. Windows Vista braucht ca. 10 Minuten zum booten
    Alles rund um Windows - 16.06.2015 (21)
  2. Laptop startet sich nach 2 Minuten neu
    Alles rund um Windows - 23.09.2014 (6)
  3. Windows Vista, Interpol Virus Sperrbildschirm :(
    Plagegeister aller Art und deren Bekämpfung - 01.04.2014 (3)
  4. Windows Vista Rechner mit Interpol Trojaner befallen
    Log-Analyse und Auswertung - 20.03.2014 (3)
  5. Windows Vista 32Bit Interpol-Trojaner, Österr.
    Log-Analyse und Auswertung - 05.03.2014 (21)
  6. Windows Vista Interpol Trojana
    Log-Analyse und Auswertung - 06.02.2014 (12)
  7. Windows Vista: Interpol Trojaner
    Log-Analyse und Auswertung - 04.01.2014 (11)
  8. Laptop stürzt nach 2-3 Minuten ab
    Plagegeister aller Art und deren Bekämpfung - 03.12.2013 (1)
  9. Windows Vista: MSI Nettop: Interpol Trojaner Rechner gesperrt
    Log-Analyse und Auswertung - 01.11.2013 (14)
  10. Windows Vista - Interpol Trojaner mit Sperrschirm
    Log-Analyse und Auswertung - 24.10.2013 (11)
  11. BKA/Interpol Trojaner auf Windows 7 Laptop/ 2. Benutzkonto funktioniert normal
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (17)
  12. Laptop reagiert nach einigen Minuten nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (36)
  13. GVU Trojaner auf Laptop (Windows Vista basic)
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (8)
  14. GVU 2.07 Trojaner auf Laptop Windows Vista
    Log-Analyse und Auswertung - 26.09.2012 (12)
  15. Trojaner auf alten Laptop mit Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (7)
  16. laptop hängt sich nach paar minuten auf
    Plagegeister aller Art und deren Bekämpfung - 14.11.2009 (1)
  17. Vista nach einigen Minuten extrem lahm
    Plagegeister aller Art und deren Bekämpfung - 10.09.2009 (6)

Zum Thema Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit - Guten Morgen, ich hoffe, ich habe jetzt alles richtig gemacht, um mein Problem zu posten. Seit Samstag ist es bei mir so, dass sich nach 5 bis 10 Minuten ein - Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit...
Archiv
Du betrachtest: Laptop mit Windows Vista, Interpol Trojaner verhindert nach ca. 5 bis 10 Minuten die Weiterarbeit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.