Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Viren entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.05.2015, 14:00   #1
123Hop
 
Viren entfernen - Standard

Viren entfernen



Hallo

bei meinem Rechner erscheint immer unerwünschte Werbung von obszönen Seiten, bei jedem Klick im Internet öffnet sich wieder ein Pop-Up. Weiterhin erscheint mir mein PC recht langsam, wenn ich mein Internet-Browser öffne, muss ich erst 4 Minuten warten, bis die Internetseite aufgerufen wird.
Auch ein AddBlocker verhindert die unerwünschte Werbung leider nicht.
Ich habe schon das Programm McAfee Security Scan und eine kostenlose Testversion von Avira durchlaufen lassen. Aber das Programme finden nichts und das Problem lässt sich damit leider nicht beheben.
Kann mir jemand helfen?
Danke!

Alt 11.05.2015, 14:05   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren entfernen - Standard

Viren entfernen



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 11.05.2015, 14:45   #3
123Hop
 
Viren entfernen - Standard

Viren entfernen



wie finde ich die logs bei Mcaffee? Bei Avira erscheint immer "Bitte prüfen Sie Ihre Internetverbindung"...

hier die FRS.txt:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by Huu Do (administrator) on ZU_HAUS-PC on 11-05-2015 14:38:27
Running from C:\Users\Huu Do.zu_Haus-PC\Downloads
Loaded Profiles: Quynh-Trang & Huu Do (Available profiles: Quynh-Trang & Huu Do & My-Tho & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Guillemot Corporation S.A.) C:\Program Files\Hercules\DualPix Exchange\CamService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ieuser.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nokia.) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
() C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Dropbox, Inc.) C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\wercon.exe
(Apple Inc.) C:\Program Files\Apple Software Update\SoftwareUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6281760 2008-09-09] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [FLMK08KB] => C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe [381440 2010-10-01] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [QuickTime Plugin Install] => C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2011-04-25] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-14] (Apple Inc.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [569344 2007-03-12] (Sonix)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [127792 2015-04-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Run: [BullGuard] => "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe"
HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Run: [PC Suite Tray] => C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1312256 2009-03-20] (Nokia)
HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\...\Run: [PC Suite Tray] => C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1312256 2009-03-20] (Nokia)
HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\...\MountPoints2: {816484af-be01-11dd-860a-806e6f6e6963} - E:\autoE56.exe
HKU\S-1-5-18\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012-11-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk [2013-01-12]
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2009-11-29]
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zoom Controller.lnk [2008-12-30]
ShortcutTarget: Zoom Controller.lnk -> C:\Program Files\Hercules\DualPix Exchange\CamService.exe (Guillemot Corporation S.A.)
Startup: C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk [2012-09-29]
ShortcutTarget: Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk -> C:\Users\HUUDO~1.ZU_\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon iP3300 (Kopie 1);cnmss Canon iP3300 (Kopie 1) (Local).dll;Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk (No File)
Startup: C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2012-12-02]
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk [2012-09-29]
ShortcutTarget: Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk -> C:\Users\HUUDO~1.ZU_\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon iP3300 (Kopie 1);cnmss Canon iP3300 (Kopie 1) (Local).dll;Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk (No File)
Startup: C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2012-12-02]
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\My-Tho.zu_Haus-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2013-04-23]
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Quynh-Trang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Quynh-Trang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk [2010-12-06]
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Users\Quynh-Trang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2009-11-25]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (No File)
Startup: C:\Users\Quynh-Trang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2009-03-16]
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58924;https=127.0.0.1:58924;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hppp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hppp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms}
HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hppp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740
HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hppp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740
HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms}
SearchScopes: HKLM -> {2896495D-3682-48B2-9738-9B3F41F1E321} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> {2896495D-3682-48B2-9738-9B3F41F1E321} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=vO4og-B1IM3O3TAfEl5bvI7vKrI?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&ts=1422196375&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&ts=1422196375&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {2896495D-3682-48B2-9738-9B3F41F1E321} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&ts=1422196375&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&ts=1422196375&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&ts=1422196375&type=default&q={searchTerms}
BHO: Saferwebo -> {f079a732-1fd1-4a18-ad6f-3f7b22688e7b} -> C:\Program Files\Saferwebo\zuFdmuNhUjBAzu.dll [2015-04-29] ()
Toolbar: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-21] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422196306&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740

FireFox:
========
FF ProfilePath: C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default
FF NewTab: about:blank
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hppp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740
FF Keyword.URL: https://www.google.de/#q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-08-06] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-04-14] ()
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-11-05] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-04-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-04-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-04-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009-01-22] (Apple Inc.)
FF SearchPlugin: C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\searchplugins\webssearches.xml [2015-05-11]
FF Extension: saaferWeb - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\2IbNLj@QhR.net [2015-03-14]
FF Extension: ApaptoU - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\3DR@Nnz.com [2015-04-22]
FF Extension: CooupScanner - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\eD0M11@9.org [2015-02-22]
FF Extension: FF Toolbar - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\fftoolbar2014@etech.com [2015-04-29]
FF Extension: CoeolSaleCOuapeon - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\jk9GK0sI@NHW.com [2015-04-20]
FF Extension: eaSyotoSHop - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\M@u1RggF1lae.org [2015-02-22]
FF Extension: {0a020a57-c883-421b-b9d7-4153fe33058c} - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\{0a020a57-c883-421b-b9d7-4153fe33058c}.xpi [2015-01-25]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-04-13]
FF Extension: Adblock Plus - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2010-06-30]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\extensions\fftoolbar2014@etech.com
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-23]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 3a54bf02; c:\Program Files\PathRunner\PathRunner.dll [1631744 2015-02-21] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [205616 2015-04-21] (Avira Operations GmbH & Co. KG)
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [9728 2010-03-22] (Deutsche Telekom AG) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
U2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [247152 2012-06-22] ()
R3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [621056 2009-03-04] (Nokia.) [File not signed]
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [69632 2005-01-24] (Sony Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [376937 2008-10-14] () [File not signed]
R2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [184423 2008-10-14] () [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-25] (SysTool PasSame LIMITED) [File not signed] <==== ATTENTION
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 camfilt2; C:\Windows\System32\Drivers\camfilt2.sys [94208 2007-05-29] (Guillemot Corporation)
S3 DxVGrb; C:\Windows\System32\drivers\DxVGrb.sys [179200 2012-06-22] (Dexetek )
R3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [99968 2009-02-08] (Guillemot Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [645120 2008-08-21] (Ralink Technology Corp.)
R3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1332576 2008-09-25] (NXP Semiconductors Germany GmbH)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482112 2009-04-22] ()
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [90968 2004-03-19] (VM)
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-11 14:38 - 2015-05-11 14:39 - 00032303 _____ () C:\Users\Huu Do.zu_Haus-PC\Downloads\FRST.txt
2015-05-11 14:37 - 2015-05-11 14:38 - 00000000 ____D () C:\FRST
2015-05-11 14:37 - 2015-05-11 14:37 - 01141248 _____ (Farbar) C:\Users\Huu Do.zu_Haus-PC\Downloads\FRST(1).exe
2015-05-11 14:36 - 2015-05-11 14:36 - 01141248 _____ (Farbar) C:\Users\Huu Do.zu_Haus-PC\Downloads\FRST.exe
2015-05-11 14:18 - 2015-05-11 14:18 - 00001000 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-05-11 14:17 - 2015-05-11 14:17 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-11 14:17 - 2015-05-11 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-11 14:17 - 2015-05-11 14:17 - 00000000 ____D () C:\ProgramData\Avira
2015-05-11 14:17 - 2015-05-11 14:17 - 00000000 ____D () C:\Program Files\Avira
2015-04-29 19:25 - 2015-04-29 19:25 - 00000000 ____D () C:\Program Files\Saferwebo
2015-04-23 19:11 - 2015-04-23 19:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-22 18:27 - 2015-04-29 19:25 - 00000000 ____D () C:\Program Files\PrieceDownloader
2015-04-22 18:27 - 2015-04-29 19:25 - 00000000 ____D () C:\Program Files\eASyyttoshop
2015-04-22 18:26 - 2015-04-22 18:26 - 00000000 ____D () C:\Program Files\Hot Virtual Keyboard Extension
2015-04-22 18:26 - 2015-04-22 18:26 - 00000000 ____D () C:\Program Files\ApaptoU
2015-04-20 18:26 - 2015-04-29 19:25 - 00000000 ____D () C:\Program Files\CoupScanneR
2015-04-20 18:25 - 2015-04-29 19:25 - 00000000 ____D () C:\Program Files\surofKeepIt
2015-04-20 18:25 - 2015-04-20 18:26 - 00000000 ____D () C:\Program Files\CoeolSaleCOuapeon
2015-04-20 18:25 - 2015-04-20 18:25 - 00000000 ____D () C:\Program Files\Torrents MD extension
2015-04-18 16:55 - 2015-04-29 19:08 - 00000000 ____D () C:\Program Files\greaTSaVing
2015-04-18 16:25 - 2015-04-18 16:25 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-18 16:25 - 2015-04-18 16:25 - 00000000 ___RD () C:\Program Files\Skype
2015-04-18 16:25 - 2015-04-18 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-18 16:25 - 2015-04-18 16:25 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-18 11:27 - 2015-05-03 19:38 - 86548628 _____ () C:\Users\Huu Do.zu_Haus-PC\Desktop\Sophia Pokale 126.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-11 14:40 - 2008-10-15 12:50 - 00000438 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
2015-05-11 14:26 - 2006-11-02 14:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-11 14:26 - 2006-11-02 14:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-11 14:19 - 2008-11-29 12:41 - 01543724 _____ () C:\Windows\WindowsUpdate.log
2015-05-11 13:43 - 2012-11-09 21:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-11 13:35 - 2011-11-20 17:02 - 00000000 ___RD () C:\Users\Quynh-Trang\Dropbox
2015-05-11 13:34 - 2011-11-20 16:59 - 00000000 ____D () C:\Users\Quynh-Trang\AppData\Roaming\Dropbox
2015-05-11 13:33 - 2011-11-20 17:02 - 00000941 _____ () C:\Users\Quynh-Trang\Desktop\Dropbox.lnk
2015-05-11 13:33 - 2011-11-20 17:00 - 00000000 ____D () C:\Users\Quynh-Trang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-11 13:32 - 2008-01-21 09:16 - 01445310 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-11 13:31 - 2008-12-30 16:26 - 00000384 _____ () C:\Windows\Tasks\HerculesCamService 4.job
2015-05-11 13:31 - 2008-12-30 16:26 - 00000384 _____ () C:\Windows\Tasks\HerculesCamService 3.job
2015-05-11 13:31 - 2008-12-30 16:26 - 00000384 _____ () C:\Windows\Tasks\HerculesCamService 2.job
2015-05-11 13:31 - 2008-12-30 16:26 - 00000384 _____ () C:\Windows\Tasks\HerculesCamService 1.job
2015-05-11 13:31 - 2008-12-30 16:26 - 00000384 _____ () C:\Windows\Tasks\HerculesCamService 0.job
2015-05-11 13:26 - 2009-11-11 15:48 - 00000000 ____D () C:\Users\Quynh-Trang\Tracing
2015-05-11 13:24 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-07 22:11 - 2006-11-02 15:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-04 20:39 - 2009-11-22 16:54 - 00000000 ____D () C:\Users\Gast\Tracing
2015-04-29 19:25 - 2015-03-14 16:42 - 00000000 ____D () C:\Program Files\leSs2pay
2015-04-29 19:25 - 2015-03-14 16:41 - 00000000 ____D () C:\Program Files\surfkEepit
2015-04-29 19:25 - 2015-03-07 21:16 - 00000000 ____D () C:\Program Files\KiNGCooUipon
2015-04-29 19:25 - 2015-02-22 12:53 - 00000000 ____D () C:\ProgramData\17496675703533618877
2015-04-26 15:14 - 2012-05-19 06:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-20 18:18 - 2013-08-14 21:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-20 18:09 - 2006-11-02 12:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-18 16:37 - 2013-09-20 14:49 - 00000000 ____D () C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Skype
2015-04-18 16:24 - 2013-09-17 20:35 - 00000000 ____D () C:\ProgramData\Skype
2015-04-17 17:43 - 2012-11-09 21:14 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-17 17:43 - 2012-11-09 21:14 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-03-05 20:51 - 2015-02-24 21:02 - 0007680 _____ () C:\Users\Huu Do.zu_Haus-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-25 19:53 - 2015-01-25 19:53 - 0628496 _____ (CMI Limited) C:\Users\Huu Do.zu_Haus-PC\AppData\Local\nscE79B.tmp
2012-11-15 21:53 - 2012-11-15 21:53 - 0076346 _____ () C:\ProgramData\kwrzgyxojlborsl
2010-01-04 17:12 - 2010-01-04 17:12 - 0000008 _____ () C:\ProgramData\sysReserve.ini

Files to move or delete:
====================
C:\Users\Huu Do\cnmss Canon iP3300 (Kopie 1) (Local).dll
C:\Users\Huu Do.zu_Haus-PC\cnmss Canon iP3300 (Kopie 1) (Local).dll


Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe
C:\Users\Gast\AppData\Local\Temp\install_flashplayer11x32_mssd_aih_1.exe
C:\Users\Huu Do\AppData\Local\Temp\ffunzip.exe
C:\Users\Huu Do\AppData\Local\Temp\GLFFDA6.tmp.ConduitEngineSetup.exe
C:\Users\Huu Do\AppData\Local\Temp\PC-Suite.exe
C:\Users\Huu Do\AppData\Local\Temp\prxGLFFDA6.tmp.tbDVDV.dll
C:\Users\Huu Do\AppData\Local\Temp\tbDVD0.dll
C:\Users\Huu Do.zu_Haus-PC\AppData\Local\Temp\Nokia_PC_Suite_ger.exe
C:\Users\Huu Do.zu_Haus-PC\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Huu Do.zu_Haus-PC\AppData\Local\Temp\optprosetup.exe
C:\Users\Huu Do.zu_Haus-PC\AppData\Local\Temp\PCSChecker.exe
C:\Users\Huu Do.zu_Haus-PC\AppData\Local\Temp\setacl.exe
C:\Users\Huu Do.zu_Haus-PC\AppData\Local\Temp\_is30CF.exe
C:\Users\Huu Do.zu_Haus-PC\AppData\Local\Temp\_is75F.exe
C:\Users\My Tho\AppData\Local\Temp\AskSLib.dll
C:\Users\My-Tho.zu_Haus-PC\AppData\Local\Temp\DEL1.EXE
C:\Users\My-Tho.zu_Haus-PC\AppData\Local\Temp\iA71A.tmp.exe
C:\Users\Quynh-Trang\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyadhb4.dll
C:\Users\Quynh-Trang\AppData\Local\Temp\lt1C90.exe
C:\Users\Quynh-Trang\AppData\Local\Temp\m4f9B75.exe
C:\Users\Quynh-Trang\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Quynh-Trang\AppData\Local\Temp\wlsetup-cvr.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-11 13:38

==================== End Of Log ============================
         
--- --- ---

und hier die Addition.txt:FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
Ran by Huu Do at 2015-05-11 14:40:48
Running from C:\Users\Huu Do.zu_Haus-PC\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1027308511-4091655117-3838902301-500 - Administrator - Disabled)
Gast (S-1-5-21-1027308511-4091655117-3838902301-501 - Limited - Enabled) => C:\Users\Gast
Huu Do (S-1-5-21-1027308511-4091655117-3838902301-1004 - Administrator - Enabled) => C:\Users\Huu Do.zu_Haus-PC
My-Tho (S-1-5-21-1027308511-4091655117-3838902301-1006 - Limited - Enabled) => C:\Users\My-Tho.zu_Haus-PC
Quynh-Trang (S-1-5-21-1027308511-4091655117-3838902301-1002 - Limited - Enabled) => C:\Users\Quynh-Trang

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\ShockwaveFlash) (Version: 9 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader 9 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Alfons Lernwelt (HKLM\...\Alfons Lernwelt) (Version:  - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Altova XMLSpy 2014 rel. 2 sp1 Enterprise Edition (HKLM\...\{07302FCE-72E3-4EE8-B750-D74D6922A14F}) (Version: 2014.02.01 - Altova)
ApaptoU (HKLM\...\{01B91C29-337A-1FFD-7CFC-473451D2F861}) (Version:  - ApptoU) <==== ATTENTION
Apple Application Support (HKLM\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Avira (HKLM\...\{2d044ded-ae1b-40d3-8d18-97cfda75bd69}) (Version: 1.1.37.14600 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.37.14600 - Avira Operations GmbH & Co. KG) Hidden
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
Canon iP3300 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300) (Version:  - )
Canon iP3300 Benutzerregistrierung (HKLM\...\Canon iP3300 Benutzerregistrierung) (Version:  - )
Canon Setup Utility 2.3 (HKLM\...\Canon Setup Utility 2.3) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
Canon Utilities Easy-PrintToolBox (HKLM\...\Easy-PrintToolBox) (Version:  - )
CCScore (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
CoeolSaleCOuapeon (HKLM\...\{0C516764-8CFC-C2FE-7BB0-A50A646E4DCD}) (Version:  - CoolSaleCoupon) <==== ATTENTION
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant Polaris Unused CIR Function (HKLM\...\Uninstaller5134fc380) (Version: 1.0.0.0 - Conexant Systems)
Conexant Polaris Unused CIR Function (HKLM\...\VID_1D19&PID_6109&MI_00) (Version: 1.0.0.0 - Conexant Systems)
Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.00.0000 - Corel Corporation)
CorelDRAW Essential Edition 3 (HKLM\...\_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}) (Version:  - Corel Corporation)
CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden
CoupScanneR (HKLM\...\{80E8B0A0-117D-1402-7CDE-688156237115}) (Version:  - CoupScanner) <==== ATTENTION
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.2019 - CyberLink Corp.)
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5203 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.3815a - CyberLink Corp.)
CyberLink PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - PowerDVDCorp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.1013 - CyberLink Corp.)
CyberLink TV Enhance (HKLM\...\{E4C891D6-6844-41B8-86E8-633CACCC644F}) (Version: 2.0.5814 - CyberLink Corp.)
DE (Version: 3.0 - Corel Corporation) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
eASyyttoshop (HKLM\...\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}) (Version:  - "") <==== ATTENTION
ESSBrwr (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 6.04.0000.0003 - Ihr Firmenname) Hidden
ESSgui (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (Version: 6.04.0000.0001 - Ihr Firmenname) Hidden
ESSPCD (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - Ihr Firmenname) Hidden
ESSSONIC (Version: 6.4.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Freddy:Englisch5/Englisch6 (HKLM\...\freddyEnglisch56) (Version:  - )
Free Audio CD Burner version 1.4.8 (HKLM\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free Studio version 4.2 (HKLM\...\Free Studio_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.10.9.908 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
GeoGebra (HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\GeoGebra) (Version: 3.2.0.0 - GeoGebra Inc.)
Goldfinger Junior (HKLM\...\{04FA5E93-3366-4CA0-9EAF-D31772998350}) (Version:  - )
Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google)
Hercules DualPix Exchange Webcam (HKLM\...\{04BEFF7A-DF5D-4E49-AB46-BA3D3BE49FCB}) (Version: 1.00.0000 - Hercules)
Hot Virtual Keyboard Extension (HKLM\...\{6C998B44-82D8-CC7E-D847-4CD73036412A}) (Version:  - "") <==== ATTENTION
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel(R) Network Connections 13.2.8.0 (HKLM\...\PROSetDX) (Version: 13.2.8.0 - Intel)
iTunes (HKLM\...\{353FE16B-30FE-469A-BF55-B978F4218003}) (Version: 10.2.2.12 - Apple Inc.)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
kgcbaby (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
kgchday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcmove (Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcvday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Klett Lernsoftware Mathematik - Lambacher Schweizer 6 BY (HKLM\...\Klett Lernsoftware Mathematik - Lambacher Schweizer 6 BY_is1) (Version:  - )
Kodak EasyShare Software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Lernvitamin E - Englisch 6. Klasse (HKLM\...\LVE6_15_688287) (Version:  - digital publishing AG)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MCE Software Encoder 1.1 (HKLM\...\{7655E113-C306-11D9-A373-0050BAE317E1}) (Version: 1.1.0.1918 - CyberLink Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE) (Version:  - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 37.0.2 (x86 de) (HKLM\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Muiltmedia keyboard Utility 1.3 (HKLM\...\Muiltmedia keyboard Utility 1.3) (Version:  - )
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
netbrdg (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
Netzmanager (HKLM\...\Netzmanager) (Version: 1.045 - Deutsche Telekom AG)
Netzmanager (Version: 1.045 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{82427977-8776-4087-90CA-9F65174D3C4D}) (Version: 7.1.16.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.26.0 - Nokia)
Nokia PC Suite (Version: 7.1.26.0 - Nokia) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA PhysX v8.09.19 (HKLM\...\{5079F5CA-210A-4C0C-9FBF-02CF77FB0EAC}) (Version: 8.09.19 - NVIDIA Corporation)
OfotoXMI (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
OpenOffice.org 3.0 (HKLM\...\{04B45310-A5FE-4425-BFCA-1A6D8920DE74}) (Version: 3.0.9379 - OpenOffice.org)
PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PathRunner (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{3a54bf02}) (Version:  - Software Publisher) <==== ATTENTION
PC Connectivity Solution (HKLM\...\{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}) (Version: 9.13.1.0 - Nokia)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
PrieceDownloader (HKLM\...\{2D471A31-4FA7-95BA-1880-D441113ED736}) (Version:  - "") <==== ATTENTION
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.0.4.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5700 - Realtek Semiconductor Corp.)
Saferwebo (HKLM\...\{5F488658-35A7-2AB8-A756-560BA8F103C3}) (Version:  - "") <==== ATTENTION
ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SFR (Version: 6.04.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (Version: 6.04.0000.0004 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SonicStage 3.0 (HKLM\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 3.0 - Sony Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
staticcr (Version: 6.04.0000.0005 - EASTMAN KODAK Company) Hidden
surofKeepIt (HKLM\...\{594FD08C-0622-F9B8-CB02-7C1355D33CB8}) (Version:  - "") <==== ATTENTION
tooltips (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
Torrents MD extension (HKLM\...\{3DE8A1D7-C77F-E02A-70DD-31D29EC5B988}) (Version:  - "")
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Video Grabber (HKLM\...\Uninstaller5134fc350) (Version: 1.0.0.0 - Conexant Systems)
Video Grabber (HKLM\...\VID_1D19&PID_6109&MI_01) (Version: 1.0.0.0 - Conexant Systems)
VPRINTOL (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia Modem  (02/23/2009 7.01.0.2) (HKLM\...\E7F682214B951640C9C539C41FDA1A7F836FF7B6) (Version: 02/23/2009 7.01.0.2 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/24/2009 4.0) (HKLM\...\D978F69D5F15B845BD6BC6F8BF9BCD36982A2087) (Version: 02/24/2009 4.0 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WIRELESS (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
WorldWideWebCoupon (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - WorldWideWebCoupon) <==== ATTENTION
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
ZSMC USB PC Camera (HKLM\...\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll No File
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

02-03-2015 20:00:17 Windows Update
03-03-2015 21:55:30 Windows Update
05-03-2015 20:45:37 Windows Update
07-03-2015 21:06:43 Windows Update
09-03-2015 19:22:30 Windows Update
10-03-2015 19:41:13 Windows Update
11-03-2015 20:34:36 Geplanter Prüfpunkt
11-03-2015 21:38:46 Windows Update
14-03-2015 16:24:52 Windows Update
14-03-2015 18:20:40 Windows Update
15-03-2015 20:44:47 Windows Update
17-03-2015 10:05:54 Windows Update
18-03-2015 19:55:27 Windows Update
21-03-2015 00:44:17 Windows Update
22-03-2015 20:40:29 Windows Update
24-03-2015 19:33:52 Windows Update
26-03-2015 20:59:34 Windows Update
27-03-2015 20:03:31 Geplanter Prüfpunkt
28-03-2015 21:44:04 Windows Update
31-03-2015 18:29:14 Windows Update
01-04-2015 19:30:58 Windows Update
03-04-2015 19:52:46 Windows Update
06-04-2015 09:12:33 Windows Update
10-04-2015 20:45:37 Windows Update
13-04-2015 18:46:59 Windows Update
17-04-2015 17:23:01 Windows Update
18-04-2015 16:22:58 Windows Update
20-04-2015 18:08:26 Windows Update
21-04-2015 08:01:25 Windows Update
22-04-2015 18:17:19 Windows Update
23-04-2015 19:00:11 Windows Update
26-04-2015 15:26:46 Windows Update
29-04-2015 19:16:39 Windows Update
01-05-2015 09:34:41 Windows Update
03-05-2015 14:05:44 Windows Update
04-05-2015 18:12:51 Windows Update
05-05-2015 18:23:40 Windows Update
06-05-2015 19:05:53 Windows Update
07-05-2015 21:08:49 Windows Update
11-05-2015 13:42:29 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1EA16200-D7BC-4857-91E8-20FA84FFA9B9} - \{7B02EF0B-A410-4938-8480-9BA26420A627} No Task File <==== ATTENTION
Task: {2CFED7E4-6C0D-4756-992C-C911134A2E20} - System32\Tasks\AdobeAAMUpdater-1.0-zu_Haus-PC-Quynh-Trang => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {4E8EEEF0-6C94-42B7-ACDC-7C0D7A81CB26} - System32\Tasks\HerculesCamService 0 => C:\Program Files\Hercules\DualPix Exchange\CamService.exe [2007-06-05] (Guillemot Corporation S.A.)
Task: {62B4A5C5-75D7-4246-9FEA-8C72D79F2067} - System32\Tasks\HerculesCamService 3 => C:\Program Files\Hercules\DualPix Exchange\CamService.exe [2007-06-05] (Guillemot Corporation S.A.)
Task: {72D36FFE-9EF9-4F42-B162-DFBBF01553B5} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {7E4E6EA0-3776-48D7-A35B-70EF3A8A4AE2} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {80D0DDD8-30D0-425D-A291-A1FF4CFADCD4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {8ABFE885-2E9F-4973-A981-1D0DF98D7414} - System32\Tasks\HerculesCamService 4 => C:\Program Files\Hercules\DualPix Exchange\CamService.exe [2007-06-05] (Guillemot Corporation S.A.)
Task: {979BF1EC-80DB-4384-B680-E7741D18B969} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A1EF67CE-4CE6-437D-96DD-D39FD14E53C5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files\TuneUp Utilities 2010\OneClick.exe
Task: {B72A3DA2-EC41-4E16-B7D1-0FF9B3C06CCC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {B7343D23-5616-4C63-BAF8-99EF6C7A530E} - System32\Tasks\AdobeAAMUpdater-1.0-zu_Haus-PC-My Tho => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {D72770C1-0DE6-4B20-9FCF-A271EFFF79A6} - System32\Tasks\HerculesCamService 1 => C:\Program Files\Hercules\DualPix Exchange\CamService.exe [2007-06-05] (Guillemot Corporation S.A.)
Task: {D94C6BC1-6497-44D4-9A40-61D8F8607498} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {DB17E582-CBBB-4B0F-ADAD-722BDC50202D} - System32\Tasks\HerculesCamService 2 => C:\Program Files\Hercules\DualPix Exchange\CamService.exe [2007-06-05] (Guillemot Corporation S.A.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\HerculesCamService 0.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 1.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 10.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 11.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 2.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 3.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 4.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 5.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 6.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 7.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 8.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 9.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-21 17:30 - 2015-02-21 17:30 - 01631744 _____ () c:\Program Files\PathRunner\PathRunner.dll
2010-03-22 16:40 - 2010-03-22 16:40 - 00011264 _____ () C:\Program Files\Netzmanager\NMInfraIS2\SoftPlugInterOp.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2008-10-17 17:14 - 2012-06-22 10:29 - 00247152 ____N () C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2008-10-17 17:15 - 2008-10-14 02:52 - 00376937 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
2008-10-17 17:15 - 2008-10-14 02:52 - 00094208 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchRecordMonitor.dll
2008-10-17 17:15 - 2008-10-14 02:52 - 00299118 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
2008-10-17 17:15 - 2008-10-14 02:52 - 00032768 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
2008-12-30 16:26 - 2007-06-04 11:44 - 00040960 _____ () C:\Program Files\Hercules\DualPix Exchange\WebCamKSProxyPlugin.ax
2008-10-17 17:15 - 2008-10-14 02:52 - 00184423 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
2008-10-17 17:15 - 2008-10-14 02:52 - 00127080 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
2008-10-17 17:15 - 2008-10-14 02:52 - 00339968 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
2008-12-30 16:22 - 2007-06-05 19:45 - 00094208 _____ () C:\Program Files\Hercules\DualPix Exchange\WebCamUSBMonitor.dll
2010-10-01 16:08 - 2010-10-01 16:07 - 00381440 _____ () C:\Program Files\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE
2010-10-01 16:08 - 2010-10-01 16:07 - 00053248 _____ () C:\Program Files\Muiltmedia keyboard Utility\1.3\KBDDL32A.DLL
2010-10-01 16:08 - 2010-10-01 16:07 - 00049152 _____ () C:\Program Files\Muiltmedia keyboard Utility\1.3\KBDMDLLA.DLL
2010-10-01 16:08 - 2010-10-01 16:07 - 00012288 _____ () C:\Program Files\Muiltmedia keyboard Utility\1.3\KBD32S.DLL
2010-10-01 16:08 - 2010-10-01 16:07 - 00032768 _____ () C:\Program Files\Muiltmedia keyboard Utility\1.3\KBD32G.DLL
2011-03-21 17:30 - 2011-03-21 17:30 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2008-08-12 11:16 - 2008-08-12 11:16 - 02023424 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
2008-07-29 14:01 - 2008-07-29 14:01 - 07331840 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtGui4.dll
2008-07-29 13:50 - 2008-07-29 13:50 - 00364544 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
2008-07-29 13:51 - 2008-07-29 13:51 - 00806912 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtNetwork4.dll
2008-07-29 14:47 - 2008-07-29 14:47 - 00135168 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
2008-07-29 14:47 - 2008-07-29 14:47 - 00016384 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
2008-07-29 14:11 - 2008-07-29 14:11 - 00253952 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
2015-04-29 19:25 - 2015-04-29 19:25 - 00813056 _____ () C:\Program Files\Saferwebo\zuFdmuNhUjBAzu.dll
2008-07-29 14:55 - 2008-07-29 14:55 - 00969728 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2009-03-09 13:44 - 2009-03-09 13:44 - 00130560 _____ () C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
2008-11-26 12:35 - 2008-11-26 12:35 - 00119808 _____ () C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
2015-05-11 13:34 - 2015-05-11 13:34 - 00043008 _____ () c:\Users\Quynh-Trang\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyadhb4.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-17 17:43 - 2015-04-17 17:43 - 16863920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll
2008-05-07 21:33 - 2008-05-07 21:33 - 00417792 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\adobexmp.dll
2007-11-16 16:02 - 2007-11-16 16:02 - 00401408 ____R () C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll
2007-11-16 16:02 - 2007-11-16 16:02 - 00479232 ____R () C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Huu Do.zu_Haus-PC\Desktop\Sophia Pokale 126.mp4:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img1.jpg
HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Huu Do^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Alaplaya Launcher.lnk => C:\Windows\pss\Alaplaya Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Huu Do^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk => C:\Windows\pss\Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk.Startup
MSCONFIG\startupfolder: C:^Users^Huu Do^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk => C:\Windows\pss\OpenOffice.org 3.0.lnk.Startup
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: Easy-PrintToolBox => C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: Google EULA Launcher => C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe GE
MSCONFIG\startupreg: IAAnotif => "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{60D7F137-EDE0-437C-9F60-1C6270FECC32}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5F4397CD-37C3-40E3-B0B1-7274D6F100F9}] => (Allow) svchost.exe
FirewallRules: [{67FD3586-C46B-485F-BDD0-CBBD5D3B4182}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{86D163A6-DF5D-4587-B47E-A24F199CB735}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe
FirewallRules: [{0EFF7527-4F0F-45D1-A5C0-2B0E4065E938}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe
FirewallRules: [{C26D8B14-A27E-4318-ADBD-8D9F44435B78}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe
FirewallRules: [{F8FB2EF4-15A9-4C7A-A817-D4ACCEBB7F85}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe
FirewallRules: [{971F723D-E217-476B-92EC-F53560FEEC1D}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
FirewallRules: [{45309D49-E570-4F8B-8509-F5EBC2F6295C}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
FirewallRules: [{2C2E74A2-D96F-48DA-8108-4873693CCE58}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
FirewallRules: [{EA561401-BF6A-4197-A382-4B9B84ADADED}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
FirewallRules: [{310ECEC3-7B74-4397-9743-F16D50E33FBC}] => (Allow) C:\Program Files\HomeCinema\PowerDVD\PowerDVD.EXE
FirewallRules: [{162E5F3F-8F41-437B-AFF3-FFFD49F02004}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{ACC5CC53-EFED-4FEC-A752-E08CE1B7070C}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F43F8894-1533-4625-9834-8E4D856BEB2C}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6E5BE12E-6A08-4C69-BD26-424D68F1D3C6}] => (Allow) svchost.exe
FirewallRules: [{84DDD91F-04BD-4070-8707-028341206A10}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [TCP Query User{445E7FFD-1CDA-4A44-870C-A16B39CB882C}C:\program files\hercules\dualpix exchange\station2.exe] => (Block) C:\program files\hercules\dualpix exchange\station2.exe
FirewallRules: [UDP Query User{BC122864-96D8-45E1-9C56-FBC14494650D}C:\program files\hercules\dualpix exchange\station2.exe] => (Block) C:\program files\hercules\dualpix exchange\station2.exe
FirewallRules: [{9CF53F15-CD32-41D2-8AF1-67F61301153F}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9CF541B4-3E16-4F78-A3F9-1F13EB958F52}] => (Allow) svchost.exe
FirewallRules: [{258AC061-4FD2-41C0-A838-10364F25C318}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{D3D5306B-E1F3-4693-9381-A6FF2E351185}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F06CAA89-0458-4545-AA7F-4B31C7A28B53}] => (Allow) svchost.exe
FirewallRules: [{D7ACBE03-787C-4179-8DFA-1C267540D8C1}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{CA43392F-C601-4A55-B3C5-0851416A5D8F}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{517EA84F-FFCF-4B03-B327-DF956F72273E}] => (Allow) svchost.exe
FirewallRules: [{4E5FEE94-A679-4DB7-BAB8-551CC46217C4}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{21912AA5-B9BB-4E69-8170-94D631577FAE}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2B504C2F-9D7F-4FAD-A773-4A611B023D13}] => (Allow) svchost.exe
FirewallRules: [{CDD06389-D72D-4E84-A1F3-E4ED577365A1}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{B0979D68-3A48-4C3B-87B9-D613E10E3FC4}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8B53E388-74D7-4C4C-9482-DFEDC7F71FCA}] => (Allow) svchost.exe
FirewallRules: [{573BD096-CC1A-4C17-B723-8922DF99FCC0}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{70E3B16E-BD5A-440E-A904-206BBE81EAA7}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D0325C9D-739F-47EB-8264-6B24ADBC0D9B}] => (Allow) svchost.exe
FirewallRules: [{2FDC1DE3-7FBE-4C60-9808-EB984D0BAB3E}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{1717A2FF-E9DC-4C20-AEA8-91DE5A48CA3B}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2F101DE6-F935-4FB5-8306-192829C4E44A}] => (Allow) svchost.exe
FirewallRules: [{F2FBC34C-2DF0-44C3-A714-C450F05DD04A}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{9599B1A7-C5DE-486C-8B4E-A0990B30E387}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6664CB67-B989-4A1C-BA83-FA697B8A0942}] => (Allow) svchost.exe
FirewallRules: [{F6334318-9A1C-4922-99E4-E57636DA5392}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{8E9C7FB6-B17E-4D85-A36C-74F3B3C84D44}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F6C2A347-8CDF-4C1B-A6A5-D55663BE03BA}] => (Allow) svchost.exe
FirewallRules: [{72BF8B07-F912-48F4-B1DF-071053B3EC8E}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{1AC572E6-9E90-4950-9C40-7E3DF539DEC0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{513115EA-2B25-4210-AD61-9AA7F7D8B5EB}] => (Allow) svchost.exe
FirewallRules: [{C3B81EE9-7B66-4E21-8848-C0EA4F31D431}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{59D2B1E2-C98E-4664-BCBE-BC1CA78D209C}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{944E035C-30A5-4614-A310-75149F89DAB9}] => (Allow) svchost.exe
FirewallRules: [{1F587F75-796D-47D5-9AFE-3A9759348EAC}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{8CE420C9-343A-4429-A4B1-8A3D9EC5ABB2}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CE343CA6-47F6-4CF7-8A2B-8A522859B6DB}] => (Allow) svchost.exe
FirewallRules: [{5E77CFAC-7361-4E9F-AC42-B857EEDC059A}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{7354B348-5C02-4391-801A-101FD6382FF2}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5BE86672-DEAC-4C2D-9671-04376583DB1E}] => (Allow) svchost.exe
FirewallRules: [{9C1A5AAB-8A42-4ECA-90D9-9EF22D380324}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{62FE5538-121C-4904-86BE-679327D931EA}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98B1EB36-D8DF-436E-A53A-99A6048F6968}] => (Allow) svchost.exe
FirewallRules: [{82AA5167-ED77-4449-A504-222F54225F19}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{9BB33C33-5C1F-4425-B7E6-6802F971B441}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E2CF9CBC-5DD1-40F4-B977-D643CD945AAE}] => (Allow) svchost.exe
FirewallRules: [{62D15977-B5BC-4CE2-AC79-922C17364C51}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{11EAFA6B-08EE-4069-A151-F6D2D0262202}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3CA37700-1A48-4816-BBD0-426EAFF7924F}] => (Allow) svchost.exe
FirewallRules: [{A4229A31-A5B0-4ED1-9679-100BB0D1BC11}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{9490A5CD-38D9-4F47-87E4-5B28B8B1E5E8}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{81B45D6E-3BB7-4FDC-BD72-B960F3CE6A31}] => (Allow) svchost.exe
FirewallRules: [{00C7CCC1-339D-41F6-BC52-F80BDC0F8133}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{73BFEBAF-1932-42B3-AAB9-9D89BD5BA9AC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B94B3B94-887A-4EDC-B6F5-FA3E16B750F1}] => (Allow) svchost.exe
FirewallRules: [{4BB32ABD-8B1B-45FF-BDA1-9CD7E2ECEE3A}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{C6CFC116-964A-4EC7-9559-E2C5EC542793}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E9C92A48-03DE-4306-A08C-FBCB1EE8F20D}] => (Allow) svchost.exe
FirewallRules: [{263EBC7A-6243-46BB-A5E0-C74918B08E86}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{3D59968A-B006-4729-B193-0BE0C57BD7F7}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{390B1BDF-26C7-4FC3-8366-C6BD6809C314}] => (Allow) svchost.exe
FirewallRules: [{E9B59126-6941-48EE-A769-529B32E75EED}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{8DFAC068-4F3C-4D81-83BC-9150883F9AE3}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{841FD5C4-AF2F-4A8A-9FD2-5F0B930210A6}] => (Allow) svchost.exe
FirewallRules: [{C1A3468B-5391-493E-BA78-079DE36D4CB1}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{61D15D6F-C102-4F3A-81FC-44F56184245E}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1A2FA585-A47F-4349-A896-4EF6FDE0EB5B}] => (Allow) svchost.exe
FirewallRules: [{783413D5-2B1C-409A-B972-7AFBD766D881}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{AC0B28C8-5DA2-4ED8-BA4C-76C91705F64D}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2A71B62B-5521-4A5F-98F6-1447D9778469}] => (Allow) svchost.exe
FirewallRules: [{9A7C6906-E234-46A9-992F-4A114CE81FC6}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [TCP Query User{1A407504-7A13-4BE3-9B8E-8323EB4D16DA}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{47862CC9-DE8D-414E-A21B-69736DF82B64}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{D1EB42CC-7E8A-484E-8832-C124508AA16B}] => (Allow) E:\fsetup.exe
FirewallRules: [{F02A5CB3-17FD-442C-A650-D3E5FC2D058F}] => (Allow) E:\fsetup.exe
FirewallRules: [TCP Query User{86BC931D-A2D9-4741-9FAA-F84E45A0E2CE}C:\program files\hercules\dualpix exchange\station2.exe] => (Block) C:\program files\hercules\dualpix exchange\station2.exe
FirewallRules: [UDP Query User{F09CE342-3569-4360-90D1-38275012EA4E}C:\program files\hercules\dualpix exchange\station2.exe] => (Block) C:\program files\hercules\dualpix exchange\station2.exe
FirewallRules: [TCP Query User{60FC01D4-3C06-43E6-9357-D70AF2FC4CD7}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{9F891756-3F18-40D2-896D-19656A8FF2A7}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{1E0B6973-450F-4E09-9F37-4E1F72150DB9}] => (Allow) E:\fsetup.exe
FirewallRules: [{1D4ABDB9-35CD-4F6D-AEA4-DEF5C74B3C82}] => (Allow) E:\fsetup.exe
FirewallRules: [{0BEA5437-CD06-4735-987F-CA8E666B4895}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{935979DA-1704-4485-A0C4-565BD6B53581}] => (Allow) svchost.exe
FirewallRules: [{A86949C7-E784-41AF-9B7D-A62FD6927615}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{89A63F1C-46D5-4158-A45B-17430338F3F8}] => (Allow) LPort=80
FirewallRules: [{7D1A36BB-4F62-4B6A-9744-DECBCF203A6E}] => (Allow) LPort=80
FirewallRules: [{5BD0B041-A51C-4F6E-9D4C-F70810C96D1B}] => (Allow) LPort=80
FirewallRules: [{DCACA787-DEB8-4BFC-B6AE-925485325F12}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{675C6B55-F374-48B0-8CD8-4DA7DB5CB614}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{376AEBEF-7E52-4685-ABCB-29A4E07F2AF3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{52F6EF44-91A3-4018-8E24-0BA4AB966B80}] => (Allow) C:\Users\Huu Do\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{8D7A6FF0-474D-4D96-8977-76ADEBF8528F}] => (Allow) C:\Users\Huu Do\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{0423E448-A089-4AC4-A755-9C1C6035B7A8}] => (Allow) C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2572279A-CC56-4F1D-A7C4-1EBCB16D8E44}] => (Allow) C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3BD2839C-4311-46D4-B91F-2D298EF84D1A}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR9.EXE
FirewallRules: [{657D1132-39ED-4B95-9C6D-81C3A2F63F37}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{17041936-5A9B-42D5-95A7-4297A6A8B338}] => (Allow) LPort=2799
FirewallRules: [{A87EED45-9515-4B7F-90FD-EF9733F295E8}] => (Allow) LPort=2799
FirewallRules: [{27FB1105-3FD3-4000-8BF7-D6BCD56BE1B9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{13C2AC4D-174A-4E53-9FD5-1989B42F9FAD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F0FD40C8-8CD3-4FC4-B0D9-F9F65A446F37}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{75B03FC3-C9D3-4819-BD24-2FA7F51AADCA}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2015 01:36:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong


System errors:
=============
Error: (05/11/2015 01:27:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ServiceLayer%%1053

Error: (05/11/2015 01:27:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000ServiceLayer

Error: (05/11/2015 01:27:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053ServiceLayer{ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error: (05/11/2015 01:24:45 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/07/2015 08:56:58 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/07/2015 07:17:35 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/06/2015 06:54:37 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/05/2015 09:19:53 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/05/2015 06:12:05 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/04/2015 06:01:27 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos


Microsoft Office Sessions:
=========================
Error: (05/11/2015 01:36:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (05/11/2015 01:36:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong


CodeIntegrity Errors:
===================================
  Date: 2015-05-11 14:39:43.659
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-11 14:39:43.512
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-11 14:39:43.359
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-11 14:39:43.194
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-11 14:39:42.939
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-11 14:39:42.761
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-11 14:39:42.591
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-11 14:39:42.409
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-20 16:32:32.408
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-20 16:32:32.283
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 75%
Total physical RAM: 3325.27 MB
Available physical RAM: 827.98 MB
Total Pagefile: 6848.55 MB
Available Pagefile: 3412.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.34 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:638.16 GB) (Free:447.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:20 GB) (Free:8.33 GB) FAT32
Drive i: (Volume) (Fixed) (Total:273.34 GB) (Free:273.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 20FC60C5)
Partition 1: (Active) - (Size=638.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=273.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 11.05.2015, 14:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren entfernen - Standard

Viren entfernen



Zitat:
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: FF)
Was hast du denn mit diesem System gemacht?

Da fehlen ja Updates der letzten sechs Jahre!!!

Da Windows Vista auch nicht mehr so lange Support hat, solltest du auch mal so langsam ein Upgrade einplanen...und es muss nicht immer Windows sein!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.05.2015, 15:43   #5
123Hop
 
Viren entfernen - Standard

Viren entfernen



Der PC ist so gut wie nicht mehr in Gebrauch, da wir im Haushalt mehrere Laptops verwenden...

was soll ich jetzt tun? Kann man da noch was machen?


Alt 12.05.2015, 01:04   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren entfernen - Standard

Viren entfernen



Man kann (fast) alles machen. Aber der Aufwand diese Windows-Vista-SP1-Installation auf Vordermann zu bringen dürfte den der Neuinstallation eines aktuellen OS ziemlich locker übersteigen.

Und wenn alles wieder ok ist mit diesem jetzigenSystem: das Glück währt nicht sehr lange: in ca. 1,5 Jahren ist es mit Vista eh aus und vorbei mit dem Support. Selbst das recht alte Win7 hat noch drei Jahre länger Support als Vista.
__________________
--> Viren entfernen

Alt 12.05.2015, 10:59   #7
123Hop
 
Viren entfernen - Standard

Viren entfernen



okay...

dann mach ich am besten alles platt und gleich windows 8 drauf?

Alt 12.05.2015, 16:27   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren entfernen - Standard

Viren entfernen



Wieso muss es überhaupt Windows sein? Gib doch mal Linux eine Chance. Sicherer ist es allemal.

Windows brauchst du wirklich nur wenn:

1) diese Kiste für Hardcore-Gamer sein soll

2) du auf dieser (selten genutzten?) Kiste Software benötigst, die nur unter Windows läuft. (bzw nur mit sehr unangenehmen Krücken unter Linux)

Typische Beispiele: Adobe-Software, Microsoft Office oder aber am eigenen Leib erfahren: Navigationssysteme von TomTom

Klick doch mal auf den Link in meiner Signatur => Warum Linux besser als Windows ist
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Viren entfernen
avira, entfernen, internet, internetseite, klick, kostenlose, langsam, mcafee, nichts, problem, programm, programme, rechner, recht, scan, security, seite, seiten, testversion, unerwünschte, verhindert, version, viren, werbung, öffnet



Ähnliche Themen: Viren entfernen


  1. Viren, Malware usw. vom Laptop entfernen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2014 (5)
  2. Win7, Viren & Adware entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.07.2014 (20)
  3. Komplette Säuberung (Entfernen von Viren usw)
    Plagegeister aller Art und deren Bekämpfung - 15.06.2014 (31)
  4. AVG konnte 2 Viren nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 02.05.2014 (13)
  5. Spam-Anhnag geöffnet. Viren entfernen
    Log-Analyse und Auswertung - 28.06.2013 (3)
  6. unterschiedliche Viren entfernen
    Log-Analyse und Auswertung - 17.05.2012 (1)
  7. Bevor Daten auf PC zurück -> Viren entfernen
    Log-Analyse und Auswertung - 28.12.2009 (8)
  8. Wie kann ich diese Viren entfernen?
    Plagegeister aller Art und deren Bekämpfung - 03.11.2009 (61)
  9. Viren und Trojaner richtig entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.07.2009 (4)
  10. Viren entfernen
    Mülltonne - 26.05.2008 (2)
  11. Viren entfernen
    Log-Analyse und Auswertung - 26.05.2008 (1)
  12. Diverse Viren / Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.07.2007 (1)
  13. Entfernen der Dateien (Viren) atmclk.exe und dcomcfg.exe
    Plagegeister aller Art und deren Bekämpfung - 25.05.2006 (9)
  14. Ich Brauche Hilfe beim Entfernen von VIren!
    Plagegeister aller Art und deren Bekämpfung - 18.06.2005 (2)
  15. Viren entfernen
    Log-Analyse und Auswertung - 11.02.2005 (1)
  16. Need Help! Wie kann ich diese Viren entfernen???
    Log-Analyse und Auswertung - 13.01.2005 (1)
  17. Probleme mit dem Entfernen von Viren!
    Log-Analyse und Auswertung - 31.07.2004 (15)

Zum Thema Viren entfernen - Hallo bei meinem Rechner erscheint immer unerwünschte Werbung von obszönen Seiten, bei jedem Klick im Internet öffnet sich wieder ein Pop-Up. Weiterhin erscheint mir mein PC recht langsam, wenn ich - Viren entfernen...
Archiv
Du betrachtest: Viren entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.