| |
| |||||||
Log-Analyse und Auswertung: Viren entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
11.05.2015, 13:00
| #1 |
 |  Viren entfernen Hallo  bei meinem Rechner erscheint immer unerwünschte Werbung von obszönen Seiten, bei jedem Klick im Internet öffnet sich wieder ein Pop-Up. Weiterhin erscheint mir mein PC recht langsam, wenn ich mein Internet-Browser öffne, muss ich erst 4 Minuten warten, bis die Internetseite aufgerufen wird. Auch ein AddBlocker verhindert die unerwünschte Werbung leider nicht. Ich habe schon das Programm McAfee Security Scan und eine kostenlose Testversion von Avira durchlaufen lassen. Aber das Programme finden nichts und das Problem lässt sich damit leider nicht beheben. Kann mir jemand helfen? Danke! |
|
11.05.2015, 13:05
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Viren entfernen Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.05.2015, 13:45
| #3 |
| | Viren entfernen wie finde ich die logs bei Mcaffee? Bei Avira erscheint immer "Bitte prüfen Sie Ihre Internetverbindung"...
__________________ hier die FRS.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015 Ran by Huu Do (administrator) on ZU_HAUS-PC on 11-05-2015 14:38:27 Running from C:\Users\Huu Do.zu_Haus-PC\Downloads Loaded Profiles: Quynh-Trang & Huu Do (Available profiles: Quynh-Trang & Huu Do & My-Tho & Gast) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (XTab system) C:\Program Files\XTab\ProtectService.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe () C:\Windows\System32\PSIService.exe () C:\Program Files\Cyberlink\Shared files\RichVideo.exe () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe (X10) C:\Program Files\Common Files\X10\Common\X10nets.exe () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Guillemot Corporation S.A.) C:\Program Files\Hercules\DualPix Exchange\CamService.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Sonix) C:\Windows\vsnp2uvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\Windows\System32\WerFault.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Nokia.) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe () C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Sonix) C:\Windows\vsnp2uvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Dropbox, Inc.) C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\Dropbox.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Microsoft Corporation) C:\Windows\System32\wercon.exe (Apple Inc.) C:\Program Files\Apple Software Update\SoftwareUpdate.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6281760 2008-09-09] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-09] (Realtek Semiconductor Corp.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [FLMK08KB] => C:\Program Files\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe [381440 2010-10-01] () HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [QuickTime Plugin Install] => C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2011-04-25] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-14] (Apple Inc.) HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [569344 2007-03-12] (Sonix) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [127792 2015-04-21] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Run: [BullGuard] => "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation) HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Run: [PC Suite Tray] => C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1312256 2009-03-20] (Nokia) HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\...\Run: [PC Suite Tray] => C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1312256 2009-03-20] (Nokia) HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\...\MountPoints2: {816484af-be01-11dd-860a-806e6f6e6963} - E:\autoE56.exe HKU\S-1-5-18\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012-11-09] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk [2013-01-12] ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2009-11-29] ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zoom Controller.lnk [2008-12-30] ShortcutTarget: Zoom Controller.lnk -> C:\Program Files\Hercules\DualPix Exchange\CamService.exe (Guillemot Corporation S.A.) Startup: C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk [2012-09-29] ShortcutTarget: Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk -> C:\Users\HUUDO~1.ZU_\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon iP3300 (Kopie 1);cnmss Canon iP3300 (Kopie 1) (Local).dll;Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk (No File) Startup: C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2012-12-02] ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk [2012-09-29] ShortcutTarget: Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk -> C:\Users\HUUDO~1.ZU_\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon iP3300 (Kopie 1);cnmss Canon iP3300 (Kopie 1) (Local).dll;Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk (No File) Startup: C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2012-12-02] ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\My-Tho.zu_Haus-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2013-04-23] ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Quynh-Trang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-11] ShortcutTarget: Dropbox.lnk -> C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) Startup: C:\Users\Quynh-Trang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk [2010-12-06] ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) Startup: C:\Users\Quynh-Trang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2009-11-25] ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (No File) Startup: C:\Users\Quynh-Trang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2009-03-16] ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:58924;https=127.0.0.1:58924; HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hppp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hppp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms} HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hppp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740 HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hppp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740 HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms} SearchScopes: HKLM -> {2896495D-3682-48B2-9738-9B3F41F1E321} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms} SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> {2896495D-3682-48B2-9738-9B3F41F1E321} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=vO4og-B1IM3O3TAfEl5bvI7vKrI?q={searchTerms} SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms} SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&ts=1422196375&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&ts=1422196375&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {2896495D-3682-48B2-9738-9B3F41F1E321} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&ts=1422196375&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&q={searchTerms} SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&ts=1422196375&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKU\S-1-5-21-1027308511-4091655117-3838902301-1004 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740&ts=1422196375&type=default&q={searchTerms} BHO: Saferwebo -> {f079a732-1fd1-4a18-ad6f-3f7b22688e7b} -> C:\Program Files\Saferwebo\zuFdmuNhUjBAzu.dll [2015-04-29] () Toolbar: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File Toolbar: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002 -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-21] (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2011-04-06] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422196306&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740 FireFox: ======== FF ProfilePath: C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default FF NewTab: about:blank FF DefaultSearchEngine: webssearches FF SelectedSearchEngine: webssearches FF Homepage: hxxp://istart.webssearches.com/?type=hppp&ts=1422196359&from=cvs2&uid=WDCXWD10EACS-22D6B0_WD-WCAU4320674006740 FF Keyword.URL: https://www.google.de/#q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-08-06] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-04-14] () FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-11-05] (Yahoo! Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-04-25] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-04-25] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-04-25] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009-01-22] (Apple Inc.) FF SearchPlugin: C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\searchplugins\webssearches.xml [2015-05-11] FF Extension: saaferWeb - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\2IbNLj@QhR.net [2015-03-14] FF Extension: ApaptoU - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\3DR@Nnz.com [2015-04-22] FF Extension: CooupScanner - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\eD0M11@9.org [2015-02-22] FF Extension: FF Toolbar - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\fftoolbar2014@etech.com [2015-04-29] FF Extension: CoeolSaleCOuapeon - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\jk9GK0sI@NHW.com [2015-04-20] FF Extension: eaSyotoSHop - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\M@u1RggF1lae.org [2015-02-22] FF Extension: {0a020a57-c883-421b-b9d7-4153fe33058c} - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\{0a020a57-c883-421b-b9d7-4153fe33058c}.xpi [2015-01-25] FF Extension: SoundCloud Downloader - Technowise - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-04-13] FF Extension: Adblock Plus - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-07] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09] FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2010-06-30] FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\extensions\fftoolbar2014@etech.com FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjk1x6pd.default\extensions\faststartff@gmail.com FF HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-23] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 3a54bf02; c:\Program Files\PathRunner\PathRunner.dll [1631744 2015-02-21] () [File not signed] R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [205616 2015-04-21] (Avira Operations GmbH & Co. KG) R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158896 2015-01-16] (XTab system) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [9728 2010-03-22] (Deutsche Telekom AG) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation) R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] U2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] () R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [247152 2012-06-22] () R3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [621056 2009-03-04] (Nokia.) [File not signed] S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [69632 2005-01-24] (Sony Corporation) [File not signed] S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [376937 2008-10-14] () [File not signed] R2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [184423 2008-10-14] () [File not signed] R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-25] (SysTool PasSame LIMITED) [File not signed] <==== ATTENTION R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 camfilt2; C:\Windows\System32\Drivers\camfilt2.sys [94208 2007-05-29] (Guillemot Corporation) S3 DxVGrb; C:\Windows\System32\drivers\DxVGrb.sys [179200 2012-06-22] (Dexetek ) R3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [99968 2009-02-08] (Guillemot Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation) R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [645120 2008-08-21] (Ralink Technology Corp.) R3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1332576 2008-09-25] (NXP Semiconductors Germany GmbH) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482112 2009-04-22] () R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.) R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.) S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [90968 2004-03-19] (VM) S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-11 14:38 - 2015-05-11 14:39 - 00032303 _____ () C:\Users\Huu Do.zu_Haus-PC\Downloads\FRST.txt 2015-05-11 14:37 - 2015-05-11 14:38 - 00000000 ____D () C:\FRST 2015-05-11 14:37 - 2015-05-11 14:37 - 01141248 _____ (Farbar) C:\Users\Huu Do.zu_Haus-PC\Downloads\FRST(1).exe 2015-05-11 14:36 - 2015-05-11 14:36 - 01141248 _____ (Farbar) C:\Users\Huu Do.zu_Haus-PC\Downloads\FRST.exe 2015-05-11 14:18 - 2015-05-11 14:18 - 00001000 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-05-11 14:17 - 2015-05-11 14:17 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-11 14:17 - 2015-05-11 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-11 14:17 - 2015-05-11 14:17 - 00000000 ____D () C:\ProgramData\Avira 2015-05-11 14:17 - 2015-05-11 14:17 - 00000000 ____D () C:\Program Files\Avira 2015-04-29 19:25 - 2015-04-29 19:25 - 00000000 ____D () C:\Program Files\Saferwebo 2015-04-23 19:11 - 2015-04-23 19:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-22 18:27 - 2015-04-29 19:25 - 00000000 ____D () C:\Program Files\PrieceDownloader 2015-04-22 18:27 - 2015-04-29 19:25 - 00000000 ____D () C:\Program Files\eASyyttoshop 2015-04-22 18:26 - 2015-04-22 18:26 - 00000000 ____D () C:\Program Files\Hot Virtual Keyboard Extension 2015-04-22 18:26 - 2015-04-22 18:26 - 00000000 ____D () C:\Program Files\ApaptoU 2015-04-20 18:26 - 2015-04-29 19:25 - 00000000 ____D () C:\Program Files\CoupScanneR 2015-04-20 18:25 - 2015-04-29 19:25 - 00000000 ____D () C:\Program Files\surofKeepIt 2015-04-20 18:25 - 2015-04-20 18:26 - 00000000 ____D () C:\Program Files\CoeolSaleCOuapeon 2015-04-20 18:25 - 2015-04-20 18:25 - 00000000 ____D () C:\Program Files\Torrents MD extension 2015-04-18 16:55 - 2015-04-29 19:08 - 00000000 ____D () C:\Program Files\greaTSaVing 2015-04-18 16:25 - 2015-04-18 16:25 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-04-18 16:25 - 2015-04-18 16:25 - 00000000 ___RD () C:\Program Files\Skype 2015-04-18 16:25 - 2015-04-18 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-04-18 16:25 - 2015-04-18 16:25 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-04-18 11:27 - 2015-05-03 19:38 - 86548628 _____ () C:\Users\Huu Do.zu_Haus-PC\Desktop\Sophia Pokale 126.mp4 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-11 14:40 - 2008-10-15 12:50 - 00000438 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job 2015-05-11 14:26 - 2006-11-02 14:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-11 14:26 - 2006-11-02 14:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-11 14:19 - 2008-11-29 12:41 - 01543724 _____ () C:\Windows\WindowsUpdate.log 2015-05-11 13:43 - 2012-11-09 21:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-11 13:35 - 2011-11-20 17:02 - 00000000 ___RD () C:\Users\Quynh-Trang\Dropbox 2015-05-11 13:34 - 2011-11-20 16:59 - 00000000 ____D () C:\Users\Quynh-Trang\AppData\Roaming\Dropbox 2015-05-11 13:33 - 2011-11-20 17:02 - 00000941 _____ () C:\Users\Quynh-Trang\Desktop\Dropbox.lnk 2015-05-11 13:33 - 2011-11-20 17:00 - 00000000 ____D () C:\Users\Quynh-Trang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-05-11 13:32 - 2008-01-21 09:16 - 01445310 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-11 13:31 - 2008-12-30 16:26 - 00000384 _____ () C:\Windows\Tasks\HerculesCamService 4.job 2015-05-11 13:31 - 2008-12-30 16:26 - 00000384 _____ () C:\Windows\Tasks\HerculesCamService 3.job 2015-05-11 13:31 - 2008-12-30 16:26 - 00000384 _____ () C:\Windows\Tasks\HerculesCamService 2.job 2015-05-11 13:31 - 2008-12-30 16:26 - 00000384 _____ () C:\Windows\Tasks\HerculesCamService 1.job 2015-05-11 13:31 - 2008-12-30 16:26 - 00000384 _____ () C:\Windows\Tasks\HerculesCamService 0.job 2015-05-11 13:26 - 2009-11-11 15:48 - 00000000 ____D () C:\Users\Quynh-Trang\Tracing 2015-05-11 13:24 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-07 22:11 - 2006-11-02 15:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-04 20:39 - 2009-11-22 16:54 - 00000000 ____D () C:\Users\Gast\Tracing 2015-04-29 19:25 - 2015-03-14 16:42 - 00000000 ____D () C:\Program Files\leSs2pay 2015-04-29 19:25 - 2015-03-14 16:41 - 00000000 ____D () C:\Program Files\surfkEepit 2015-04-29 19:25 - 2015-03-07 21:16 - 00000000 ____D () C:\Program Files\KiNGCooUipon 2015-04-29 19:25 - 2015-02-22 12:53 - 00000000 ____D () C:\ProgramData\17496675703533618877 2015-04-26 15:14 - 2012-05-19 06:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-20 18:18 - 2013-08-14 21:40 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-20 18:09 - 2006-11-02 12:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-04-18 16:37 - 2013-09-20 14:49 - 00000000 ____D () C:\Users\Huu Do.zu_Haus-PC\AppData\Roaming\Skype 2015-04-18 16:24 - 2013-09-17 20:35 - 00000000 ____D () C:\ProgramData\Skype 2015-04-17 17:43 - 2012-11-09 21:14 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-04-17 17:43 - 2012-11-09 21:14 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2013-03-05 20:51 - 2015-02-24 21:02 - 0007680 _____ () C:\Users\Huu Do.zu_Haus-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-25 19:53 - 2015-01-25 19:53 - 0628496 _____ (CMI Limited) C:\Users\Huu Do.zu_Haus-PC\AppData\Local\nscE79B.tmp 2012-11-15 21:53 - 2012-11-15 21:53 - 0076346 _____ () C:\ProgramData\kwrzgyxojlborsl 2010-01-04 17:12 - 2010-01-04 17:12 - 0000008 _____ () C:\ProgramData\sysReserve.ini Files to move or delete: ==================== C:\Users\Huu Do\cnmss Canon iP3300 (Kopie 1) (Local).dll C:\Users\Huu Do.zu_Haus-PC\cnmss Canon iP3300 (Kopie 1) (Local).dll Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe C:\Users\Gast\AppData\Local\Temp\install_flashplayer11x32_mssd_aih_1.exe C:\Users\Huu Do\AppData\Local\Temp\ffunzip.exe C:\Users\Huu Do\AppData\Local\Temp\GLFFDA6.tmp.ConduitEngineSetup.exe C:\Users\Huu Do\AppData\Local\Temp\PC-Suite.exe C:\Users\Huu Do\AppData\Local\Temp\prxGLFFDA6.tmp.tbDVDV.dll C:\Users\Huu Do\AppData\Local\Temp\tbDVD0.dll C:\Users\Huu Do.zu_Haus-PC\AppData\Local\Temp\Nokia_PC_Suite_ger.exe C:\Users\Huu Do.zu_Haus-PC\AppData\Local\Temp\OnlineBackup.exe C:\Users\Huu Do.zu_Haus-PC\AppData\Local\Temp\optprosetup.exe C:\Users\Huu Do.zu_Haus-PC\AppData\Local\Temp\PCSChecker.exe C:\Users\Huu Do.zu_Haus-PC\AppData\Local\Temp\setacl.exe C:\Users\Huu Do.zu_Haus-PC\AppData\Local\Temp\_is30CF.exe C:\Users\Huu Do.zu_Haus-PC\AppData\Local\Temp\_is75F.exe C:\Users\My Tho\AppData\Local\Temp\AskSLib.dll C:\Users\My-Tho.zu_Haus-PC\AppData\Local\Temp\DEL1.EXE C:\Users\My-Tho.zu_Haus-PC\AppData\Local\Temp\iA71A.tmp.exe C:\Users\Quynh-Trang\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyadhb4.dll C:\Users\Quynh-Trang\AppData\Local\Temp\lt1C90.exe C:\Users\Quynh-Trang\AppData\Local\Temp\m4f9B75.exe C:\Users\Quynh-Trang\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\Quynh-Trang\AppData\Local\Temp\wlsetup-cvr.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-11 13:38 ==================== End Of Log ============================ und hier die Addition.txt:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
Ran by Huu Do at 2015-05-11 14:40:48
Running from C:\Users\Huu Do.zu_Haus-PC\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1027308511-4091655117-3838902301-500 - Administrator - Disabled)
Gast (S-1-5-21-1027308511-4091655117-3838902301-501 - Limited - Enabled) => C:\Users\Gast
Huu Do (S-1-5-21-1027308511-4091655117-3838902301-1004 - Administrator - Enabled) => C:\Users\Huu Do.zu_Haus-PC
My-Tho (S-1-5-21-1027308511-4091655117-3838902301-1006 - Limited - Enabled) => C:\Users\My-Tho.zu_Haus-PC
Quynh-Trang (S-1-5-21-1027308511-4091655117-3838902301-1002 - Limited - Enabled) => C:\Users\Quynh-Trang
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\ShockwaveFlash) (Version: 9 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader 9 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Alfons Lernwelt (HKLM\...\Alfons Lernwelt) (Version: - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Altova XMLSpy 2014 rel. 2 sp1 Enterprise Edition (HKLM\...\{07302FCE-72E3-4EE8-B750-D74D6922A14F}) (Version: 2014.02.01 - Altova)
ApaptoU (HKLM\...\{01B91C29-337A-1FFD-7CFC-473451D2F861}) (Version: - ApptoU) <==== ATTENTION
Apple Application Support (HKLM\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Avira (HKLM\...\{2d044ded-ae1b-40d3-8d18-97cfda75bd69}) (Version: 1.1.37.14600 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.37.14600 - Avira Operations GmbH & Co. KG) Hidden
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
Canon iP3300 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300) (Version: - )
Canon iP3300 Benutzerregistrierung (HKLM\...\Canon iP3300 Benutzerregistrierung) (Version: - )
Canon Setup Utility 2.3 (HKLM\...\Canon Setup Utility 2.3) (Version: - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version: - )
Canon Utilities Easy-PrintToolBox (HKLM\...\Easy-PrintToolBox) (Version: - )
CCScore (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
CoeolSaleCOuapeon (HKLM\...\{0C516764-8CFC-C2FE-7BB0-A50A646E4DCD}) (Version: - CoolSaleCoupon) <==== ATTENTION
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant Polaris Unused CIR Function (HKLM\...\Uninstaller5134fc380) (Version: 1.0.0.0 - Conexant Systems)
Conexant Polaris Unused CIR Function (HKLM\...\VID_1D19&PID_6109&MI_00) (Version: 1.0.0.0 - Conexant Systems)
Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.00.0000 - Corel Corporation)
CorelDRAW Essential Edition 3 (HKLM\...\_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}) (Version: - Corel Corporation)
CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden
CoupScanneR (HKLM\...\{80E8B0A0-117D-1402-7CDE-688156237115}) (Version: - CoupScanner) <==== ATTENTION
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.2019 - CyberLink Corp.)
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5203 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.3815a - CyberLink Corp.)
CyberLink PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - PowerDVDCorp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.1013 - CyberLink Corp.)
CyberLink TV Enhance (HKLM\...\{E4C891D6-6844-41B8-86E8-633CACCC644F}) (Version: 2.0.5814 - CyberLink Corp.)
DE (Version: 3.0 - Corel Corporation) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - )
eASyyttoshop (HKLM\...\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}) (Version: - "") <==== ATTENTION
ESSBrwr (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 6.04.0000.0003 - Ihr Firmenname) Hidden
ESSgui (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (Version: 6.04.0000.0001 - Ihr Firmenname) Hidden
ESSPCD (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - Ihr Firmenname) Hidden
ESSSONIC (Version: 6.4.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Freddy:Englisch5/Englisch6 (HKLM\...\freddyEnglisch56) (Version: - )
Free Audio CD Burner version 1.4.8 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free Studio version 4.2 (HKLM\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.10.9.908 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.)
GeoGebra (HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\...\GeoGebra) (Version: 3.2.0.0 - GeoGebra Inc.)
Goldfinger Junior (HKLM\...\{04FA5E93-3366-4CA0-9EAF-D31772998350}) (Version: - )
Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google)
Hercules DualPix Exchange Webcam (HKLM\...\{04BEFF7A-DF5D-4E49-AB46-BA3D3BE49FCB}) (Version: 1.00.0000 - Hercules)
Hot Virtual Keyboard Extension (HKLM\...\{6C998B44-82D8-CC7E-D847-4CD73036412A}) (Version: - "") <==== ATTENTION
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel(R) Network Connections 13.2.8.0 (HKLM\...\PROSetDX) (Version: 13.2.8.0 - Intel)
iTunes (HKLM\...\{353FE16B-30FE-469A-BF55-B978F4218003}) (Version: 10.2.2.12 - Apple Inc.)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
kgcbaby (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcbase (Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
kgchday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcmove (Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcvday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Klett Lernsoftware Mathematik - Lambacher Schweizer 6 BY (HKLM\...\Klett Lernsoftware Mathematik - Lambacher Schweizer 6 BY_is1) (Version: - )
Kodak EasyShare Software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
Lernvitamin E - Englisch 6. Klasse (HKLM\...\LVE6_15_688287) (Version: - digital publishing AG)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MCE Software Encoder 1.1 (HKLM\...\{7655E113-C306-11D9-A373-0050BAE317E1}) (Version: 1.1.0.1918 - CyberLink Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE) (Version: - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 37.0.2 (x86 de) (HKLM\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Muiltmedia keyboard Utility 1.3 (HKLM\...\Muiltmedia keyboard Utility 1.3) (Version: - )
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
netbrdg (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
Netzmanager (HKLM\...\Netzmanager) (Version: 1.045 - Deutsche Telekom AG)
Netzmanager (Version: 1.045 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{82427977-8776-4087-90CA-9F65174D3C4D}) (Version: 7.1.16.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.26.0 - Nokia)
Nokia PC Suite (Version: 7.1.26.0 - Nokia) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA PhysX v8.09.19 (HKLM\...\{5079F5CA-210A-4C0C-9FBF-02CF77FB0EAC}) (Version: 8.09.19 - NVIDIA Corporation)
OfotoXMI (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
OpenOffice.org 3.0 (HKLM\...\{04B45310-A5FE-4425-BFCA-1A6D8920DE74}) (Version: 3.0.9379 - OpenOffice.org)
PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PathRunner (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{3a54bf02}) (Version: - Software Publisher) <==== ATTENTION
PC Connectivity Solution (HKLM\...\{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}) (Version: 9.13.1.0 - Nokia)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
PrieceDownloader (HKLM\...\{2D471A31-4FA7-95BA-1880-D441113ED736}) (Version: - "") <==== ATTENTION
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.0.4.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5700 - Realtek Semiconductor Corp.)
Saferwebo (HKLM\...\{5F488658-35A7-2AB8-A756-560BA8F103C3}) (Version: - "") <==== ATTENTION
ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SFR (Version: 6.04.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (Version: 6.04.0000.0004 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SonicStage 3.0 (HKLM\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 3.0 - Sony Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
staticcr (Version: 6.04.0000.0005 - EASTMAN KODAK Company) Hidden
surofKeepIt (HKLM\...\{594FD08C-0622-F9B8-CB02-7C1355D33CB8}) (Version: - "") <==== ATTENTION
tooltips (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
Torrents MD extension (HKLM\...\{3DE8A1D7-C77F-E02A-70DD-31D29EC5B988}) (Version: - "")
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Video Grabber (HKLM\...\Uninstaller5134fc350) (Version: 1.0.0.0 - Conexant Systems)
Video Grabber (HKLM\...\VID_1D19&PID_6109&MI_01) (Version: 1.0.0.0 - Conexant Systems)
VPRINTOL (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia Modem (02/23/2009 7.01.0.2) (HKLM\...\E7F682214B951640C9C539C41FDA1A7F836FF7B6) (Version: 02/23/2009 7.01.0.2 - Nokia)
Windows-Treiberpaket - Nokia Modem (02/24/2009 4.0) (HKLM\...\D978F69D5F15B845BD6BC6F8BF9BCD36982A2087) (Version: 02/24/2009 4.0 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WIRELESS (Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
WorldWideWebCoupon (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - WorldWideWebCoupon) <==== ATTENTION
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
ZSMC USB PC Camera (HKLM\...\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll No File
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1027308511-4091655117-3838902301-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
02-03-2015 20:00:17 Windows Update
03-03-2015 21:55:30 Windows Update
05-03-2015 20:45:37 Windows Update
07-03-2015 21:06:43 Windows Update
09-03-2015 19:22:30 Windows Update
10-03-2015 19:41:13 Windows Update
11-03-2015 20:34:36 Geplanter Prüfpunkt
11-03-2015 21:38:46 Windows Update
14-03-2015 16:24:52 Windows Update
14-03-2015 18:20:40 Windows Update
15-03-2015 20:44:47 Windows Update
17-03-2015 10:05:54 Windows Update
18-03-2015 19:55:27 Windows Update
21-03-2015 00:44:17 Windows Update
22-03-2015 20:40:29 Windows Update
24-03-2015 19:33:52 Windows Update
26-03-2015 20:59:34 Windows Update
27-03-2015 20:03:31 Geplanter Prüfpunkt
28-03-2015 21:44:04 Windows Update
31-03-2015 18:29:14 Windows Update
01-04-2015 19:30:58 Windows Update
03-04-2015 19:52:46 Windows Update
06-04-2015 09:12:33 Windows Update
10-04-2015 20:45:37 Windows Update
13-04-2015 18:46:59 Windows Update
17-04-2015 17:23:01 Windows Update
18-04-2015 16:22:58 Windows Update
20-04-2015 18:08:26 Windows Update
21-04-2015 08:01:25 Windows Update
22-04-2015 18:17:19 Windows Update
23-04-2015 19:00:11 Windows Update
26-04-2015 15:26:46 Windows Update
29-04-2015 19:16:39 Windows Update
01-05-2015 09:34:41 Windows Update
03-05-2015 14:05:44 Windows Update
04-05-2015 18:12:51 Windows Update
05-05-2015 18:23:40 Windows Update
06-05-2015 19:05:53 Windows Update
07-05-2015 21:08:49 Windows Update
11-05-2015 13:42:29 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1EA16200-D7BC-4857-91E8-20FA84FFA9B9} - \{7B02EF0B-A410-4938-8480-9BA26420A627} No Task File <==== ATTENTION
Task: {2CFED7E4-6C0D-4756-992C-C911134A2E20} - System32\Tasks\AdobeAAMUpdater-1.0-zu_Haus-PC-Quynh-Trang => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {4E8EEEF0-6C94-42B7-ACDC-7C0D7A81CB26} - System32\Tasks\HerculesCamService 0 => C:\Program Files\Hercules\DualPix Exchange\CamService.exe [2007-06-05] (Guillemot Corporation S.A.)
Task: {62B4A5C5-75D7-4246-9FEA-8C72D79F2067} - System32\Tasks\HerculesCamService 3 => C:\Program Files\Hercules\DualPix Exchange\CamService.exe [2007-06-05] (Guillemot Corporation S.A.)
Task: {72D36FFE-9EF9-4F42-B162-DFBBF01553B5} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {7E4E6EA0-3776-48D7-A35B-70EF3A8A4AE2} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {80D0DDD8-30D0-425D-A291-A1FF4CFADCD4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {8ABFE885-2E9F-4973-A981-1D0DF98D7414} - System32\Tasks\HerculesCamService 4 => C:\Program Files\Hercules\DualPix Exchange\CamService.exe [2007-06-05] (Guillemot Corporation S.A.)
Task: {979BF1EC-80DB-4384-B680-E7741D18B969} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A1EF67CE-4CE6-437D-96DD-D39FD14E53C5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files\TuneUp Utilities 2010\OneClick.exe
Task: {B72A3DA2-EC41-4E16-B7D1-0FF9B3C06CCC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {B7343D23-5616-4C63-BAF8-99EF6C7A530E} - System32\Tasks\AdobeAAMUpdater-1.0-zu_Haus-PC-My Tho => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {D72770C1-0DE6-4B20-9FCF-A271EFFF79A6} - System32\Tasks\HerculesCamService 1 => C:\Program Files\Hercules\DualPix Exchange\CamService.exe [2007-06-05] (Guillemot Corporation S.A.)
Task: {D94C6BC1-6497-44D4-9A40-61D8F8607498} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {DB17E582-CBBB-4B0F-ADAD-722BDC50202D} - System32\Tasks\HerculesCamService 2 => C:\Program Files\Hercules\DualPix Exchange\CamService.exe [2007-06-05] (Guillemot Corporation S.A.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\HerculesCamService 0.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 1.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 10.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 11.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 2.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 3.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 4.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 5.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 6.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 7.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 8.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\HerculesCamService 9.job => C:\Program Files\Hercules\DualPix Exchange\CamService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) ==============
2015-02-21 17:30 - 2015-02-21 17:30 - 01631744 _____ () c:\Program Files\PathRunner\PathRunner.dll
2010-03-22 16:40 - 2010-03-22 16:40 - 00011264 _____ () C:\Program Files\Netzmanager\NMInfraIS2\SoftPlugInterOp.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2008-10-17 17:14 - 2012-06-22 10:29 - 00247152 ____N () C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2008-10-17 17:15 - 2008-10-14 02:52 - 00376937 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
2008-10-17 17:15 - 2008-10-14 02:52 - 00094208 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchRecordMonitor.dll
2008-10-17 17:15 - 2008-10-14 02:52 - 00299118 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
2008-10-17 17:15 - 2008-10-14 02:52 - 00032768 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
2008-12-30 16:26 - 2007-06-04 11:44 - 00040960 _____ () C:\Program Files\Hercules\DualPix Exchange\WebCamKSProxyPlugin.ax
2008-10-17 17:15 - 2008-10-14 02:52 - 00184423 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
2008-10-17 17:15 - 2008-10-14 02:52 - 00127080 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
2008-10-17 17:15 - 2008-10-14 02:52 - 00339968 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
2008-12-30 16:22 - 2007-06-05 19:45 - 00094208 _____ () C:\Program Files\Hercules\DualPix Exchange\WebCamUSBMonitor.dll
2010-10-01 16:08 - 2010-10-01 16:07 - 00381440 _____ () C:\Program Files\Muiltmedia keyboard Utility\1.3\KBDAP32A.EXE
2010-10-01 16:08 - 2010-10-01 16:07 - 00053248 _____ () C:\Program Files\Muiltmedia keyboard Utility\1.3\KBDDL32A.DLL
2010-10-01 16:08 - 2010-10-01 16:07 - 00049152 _____ () C:\Program Files\Muiltmedia keyboard Utility\1.3\KBDMDLLA.DLL
2010-10-01 16:08 - 2010-10-01 16:07 - 00012288 _____ () C:\Program Files\Muiltmedia keyboard Utility\1.3\KBD32S.DLL
2010-10-01 16:08 - 2010-10-01 16:07 - 00032768 _____ () C:\Program Files\Muiltmedia keyboard Utility\1.3\KBD32G.DLL
2011-03-21 17:30 - 2011-03-21 17:30 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2008-08-12 11:16 - 2008-08-12 11:16 - 02023424 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
2008-07-29 14:01 - 2008-07-29 14:01 - 07331840 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtGui4.dll
2008-07-29 13:50 - 2008-07-29 13:50 - 00364544 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
2008-07-29 13:51 - 2008-07-29 13:51 - 00806912 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtNetwork4.dll
2008-07-29 14:47 - 2008-07-29 14:47 - 00135168 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
2008-07-29 14:47 - 2008-07-29 14:47 - 00016384 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
2008-07-29 14:11 - 2008-07-29 14:11 - 00253952 _____ () C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
2015-04-29 19:25 - 2015-04-29 19:25 - 00813056 _____ () C:\Program Files\Saferwebo\zuFdmuNhUjBAzu.dll
2008-07-29 14:55 - 2008-07-29 14:55 - 00969728 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2009-03-09 13:44 - 2009-03-09 13:44 - 00130560 _____ () C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
2008-11-26 12:35 - 2008-11-26 12:35 - 00119808 _____ () C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
2015-05-11 13:34 - 2015-05-11 13:34 - 00043008 _____ () c:\Users\Quynh-Trang\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyadhb4.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-17 17:43 - 2015-04-17 17:43 - 16863920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll
2008-05-07 21:33 - 2008-05-07 21:33 - 00417792 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\adobexmp.dll
2007-11-16 16:02 - 2007-11-16 16:02 - 00401408 ____R () C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll
2007-11-16 16:02 - 2007-11-16 16:02 - 00479232 ____R () C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Huu Do.zu_Haus-PC\Desktop\Sophia Pokale 126.mp4:TOC.WMV
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1027308511-4091655117-3838902301-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img1.jpg
HKU\S-1-5-21-1027308511-4091655117-3838902301-1004\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Huu Do^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Alaplaya Launcher.lnk => C:\Windows\pss\Alaplaya Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Huu Do^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk => C:\Windows\pss\Canon IJ Status Monitor Canon iP3300 (Kopie 1).lnk.Startup
MSCONFIG\startupfolder: C:^Users^Huu Do^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk => C:\Windows\pss\OpenOffice.org 3.0.lnk.Startup
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: Easy-PrintToolBox => C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: Google EULA Launcher => C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe GE
MSCONFIG\startupreg: IAAnotif => "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: snp2uvc => C:\Windows\vsnp2uvc.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{60D7F137-EDE0-437C-9F60-1C6270FECC32}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5F4397CD-37C3-40E3-B0B1-7274D6F100F9}] => (Allow) svchost.exe
FirewallRules: [{67FD3586-C46B-485F-BDD0-CBBD5D3B4182}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{86D163A6-DF5D-4587-B47E-A24F199CB735}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe
FirewallRules: [{0EFF7527-4F0F-45D1-A5C0-2B0E4065E938}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe
FirewallRules: [{C26D8B14-A27E-4318-ADBD-8D9F44435B78}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe
FirewallRules: [{F8FB2EF4-15A9-4C7A-A817-D4ACCEBB7F85}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe
FirewallRules: [{971F723D-E217-476B-92EC-F53560FEEC1D}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
FirewallRules: [{45309D49-E570-4F8B-8509-F5EBC2F6295C}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
FirewallRules: [{2C2E74A2-D96F-48DA-8108-4873693CCE58}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
FirewallRules: [{EA561401-BF6A-4197-A382-4B9B84ADADED}] => (Allow) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
FirewallRules: [{310ECEC3-7B74-4397-9743-F16D50E33FBC}] => (Allow) C:\Program Files\HomeCinema\PowerDVD\PowerDVD.EXE
FirewallRules: [{162E5F3F-8F41-437B-AFF3-FFFD49F02004}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{ACC5CC53-EFED-4FEC-A752-E08CE1B7070C}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F43F8894-1533-4625-9834-8E4D856BEB2C}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6E5BE12E-6A08-4C69-BD26-424D68F1D3C6}] => (Allow) svchost.exe
FirewallRules: [{84DDD91F-04BD-4070-8707-028341206A10}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [TCP Query User{445E7FFD-1CDA-4A44-870C-A16B39CB882C}C:\program files\hercules\dualpix exchange\station2.exe] => (Block) C:\program files\hercules\dualpix exchange\station2.exe
FirewallRules: [UDP Query User{BC122864-96D8-45E1-9C56-FBC14494650D}C:\program files\hercules\dualpix exchange\station2.exe] => (Block) C:\program files\hercules\dualpix exchange\station2.exe
FirewallRules: [{9CF53F15-CD32-41D2-8AF1-67F61301153F}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9CF541B4-3E16-4F78-A3F9-1F13EB958F52}] => (Allow) svchost.exe
FirewallRules: [{258AC061-4FD2-41C0-A838-10364F25C318}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{D3D5306B-E1F3-4693-9381-A6FF2E351185}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F06CAA89-0458-4545-AA7F-4B31C7A28B53}] => (Allow) svchost.exe
FirewallRules: [{D7ACBE03-787C-4179-8DFA-1C267540D8C1}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{CA43392F-C601-4A55-B3C5-0851416A5D8F}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{517EA84F-FFCF-4B03-B327-DF956F72273E}] => (Allow) svchost.exe
FirewallRules: [{4E5FEE94-A679-4DB7-BAB8-551CC46217C4}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{21912AA5-B9BB-4E69-8170-94D631577FAE}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2B504C2F-9D7F-4FAD-A773-4A611B023D13}] => (Allow) svchost.exe
FirewallRules: [{CDD06389-D72D-4E84-A1F3-E4ED577365A1}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{B0979D68-3A48-4C3B-87B9-D613E10E3FC4}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8B53E388-74D7-4C4C-9482-DFEDC7F71FCA}] => (Allow) svchost.exe
FirewallRules: [{573BD096-CC1A-4C17-B723-8922DF99FCC0}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{70E3B16E-BD5A-440E-A904-206BBE81EAA7}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D0325C9D-739F-47EB-8264-6B24ADBC0D9B}] => (Allow) svchost.exe
FirewallRules: [{2FDC1DE3-7FBE-4C60-9808-EB984D0BAB3E}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{1717A2FF-E9DC-4C20-AEA8-91DE5A48CA3B}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2F101DE6-F935-4FB5-8306-192829C4E44A}] => (Allow) svchost.exe
FirewallRules: [{F2FBC34C-2DF0-44C3-A714-C450F05DD04A}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{9599B1A7-C5DE-486C-8B4E-A0990B30E387}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6664CB67-B989-4A1C-BA83-FA697B8A0942}] => (Allow) svchost.exe
FirewallRules: [{F6334318-9A1C-4922-99E4-E57636DA5392}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{8E9C7FB6-B17E-4D85-A36C-74F3B3C84D44}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F6C2A347-8CDF-4C1B-A6A5-D55663BE03BA}] => (Allow) svchost.exe
FirewallRules: [{72BF8B07-F912-48F4-B1DF-071053B3EC8E}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{1AC572E6-9E90-4950-9C40-7E3DF539DEC0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{513115EA-2B25-4210-AD61-9AA7F7D8B5EB}] => (Allow) svchost.exe
FirewallRules: [{C3B81EE9-7B66-4E21-8848-C0EA4F31D431}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{59D2B1E2-C98E-4664-BCBE-BC1CA78D209C}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{944E035C-30A5-4614-A310-75149F89DAB9}] => (Allow) svchost.exe
FirewallRules: [{1F587F75-796D-47D5-9AFE-3A9759348EAC}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{8CE420C9-343A-4429-A4B1-8A3D9EC5ABB2}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CE343CA6-47F6-4CF7-8A2B-8A522859B6DB}] => (Allow) svchost.exe
FirewallRules: [{5E77CFAC-7361-4E9F-AC42-B857EEDC059A}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{7354B348-5C02-4391-801A-101FD6382FF2}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5BE86672-DEAC-4C2D-9671-04376583DB1E}] => (Allow) svchost.exe
FirewallRules: [{9C1A5AAB-8A42-4ECA-90D9-9EF22D380324}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{62FE5538-121C-4904-86BE-679327D931EA}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98B1EB36-D8DF-436E-A53A-99A6048F6968}] => (Allow) svchost.exe
FirewallRules: [{82AA5167-ED77-4449-A504-222F54225F19}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{9BB33C33-5C1F-4425-B7E6-6802F971B441}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E2CF9CBC-5DD1-40F4-B977-D643CD945AAE}] => (Allow) svchost.exe
FirewallRules: [{62D15977-B5BC-4CE2-AC79-922C17364C51}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{11EAFA6B-08EE-4069-A151-F6D2D0262202}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3CA37700-1A48-4816-BBD0-426EAFF7924F}] => (Allow) svchost.exe
FirewallRules: [{A4229A31-A5B0-4ED1-9679-100BB0D1BC11}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{9490A5CD-38D9-4F47-87E4-5B28B8B1E5E8}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{81B45D6E-3BB7-4FDC-BD72-B960F3CE6A31}] => (Allow) svchost.exe
FirewallRules: [{00C7CCC1-339D-41F6-BC52-F80BDC0F8133}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{73BFEBAF-1932-42B3-AAB9-9D89BD5BA9AC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B94B3B94-887A-4EDC-B6F5-FA3E16B750F1}] => (Allow) svchost.exe
FirewallRules: [{4BB32ABD-8B1B-45FF-BDA1-9CD7E2ECEE3A}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{C6CFC116-964A-4EC7-9559-E2C5EC542793}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E9C92A48-03DE-4306-A08C-FBCB1EE8F20D}] => (Allow) svchost.exe
FirewallRules: [{263EBC7A-6243-46BB-A5E0-C74918B08E86}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{3D59968A-B006-4729-B193-0BE0C57BD7F7}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{390B1BDF-26C7-4FC3-8366-C6BD6809C314}] => (Allow) svchost.exe
FirewallRules: [{E9B59126-6941-48EE-A769-529B32E75EED}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{8DFAC068-4F3C-4D81-83BC-9150883F9AE3}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{841FD5C4-AF2F-4A8A-9FD2-5F0B930210A6}] => (Allow) svchost.exe
FirewallRules: [{C1A3468B-5391-493E-BA78-079DE36D4CB1}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{61D15D6F-C102-4F3A-81FC-44F56184245E}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1A2FA585-A47F-4349-A896-4EF6FDE0EB5B}] => (Allow) svchost.exe
FirewallRules: [{783413D5-2B1C-409A-B972-7AFBD766D881}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{AC0B28C8-5DA2-4ED8-BA4C-76C91705F64D}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2A71B62B-5521-4A5F-98F6-1447D9778469}] => (Allow) svchost.exe
FirewallRules: [{9A7C6906-E234-46A9-992F-4A114CE81FC6}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [TCP Query User{1A407504-7A13-4BE3-9B8E-8323EB4D16DA}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{47862CC9-DE8D-414E-A21B-69736DF82B64}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{D1EB42CC-7E8A-484E-8832-C124508AA16B}] => (Allow) E:\fsetup.exe
FirewallRules: [{F02A5CB3-17FD-442C-A650-D3E5FC2D058F}] => (Allow) E:\fsetup.exe
FirewallRules: [TCP Query User{86BC931D-A2D9-4741-9FAA-F84E45A0E2CE}C:\program files\hercules\dualpix exchange\station2.exe] => (Block) C:\program files\hercules\dualpix exchange\station2.exe
FirewallRules: [UDP Query User{F09CE342-3569-4360-90D1-38275012EA4E}C:\program files\hercules\dualpix exchange\station2.exe] => (Block) C:\program files\hercules\dualpix exchange\station2.exe
FirewallRules: [TCP Query User{60FC01D4-3C06-43E6-9357-D70AF2FC4CD7}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{9F891756-3F18-40D2-896D-19656A8FF2A7}C:\program files\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{1E0B6973-450F-4E09-9F37-4E1F72150DB9}] => (Allow) E:\fsetup.exe
FirewallRules: [{1D4ABDB9-35CD-4F6D-AEA4-DEF5C74B3C82}] => (Allow) E:\fsetup.exe
FirewallRules: [{0BEA5437-CD06-4735-987F-CA8E666B4895}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{935979DA-1704-4485-A0C4-565BD6B53581}] => (Allow) svchost.exe
FirewallRules: [{A86949C7-E784-41AF-9B7D-A62FD6927615}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{89A63F1C-46D5-4158-A45B-17430338F3F8}] => (Allow) LPort=80
FirewallRules: [{7D1A36BB-4F62-4B6A-9744-DECBCF203A6E}] => (Allow) LPort=80
FirewallRules: [{5BD0B041-A51C-4F6E-9D4C-F70810C96D1B}] => (Allow) LPort=80
FirewallRules: [{DCACA787-DEB8-4BFC-B6AE-925485325F12}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{675C6B55-F374-48B0-8CD8-4DA7DB5CB614}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{376AEBEF-7E52-4685-ABCB-29A4E07F2AF3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{52F6EF44-91A3-4018-8E24-0BA4AB966B80}] => (Allow) C:\Users\Huu Do\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{8D7A6FF0-474D-4D96-8977-76ADEBF8528F}] => (Allow) C:\Users\Huu Do\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{0423E448-A089-4AC4-A755-9C1C6035B7A8}] => (Allow) C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2572279A-CC56-4F1D-A7C4-1EBCB16D8E44}] => (Allow) C:\Users\Quynh-Trang\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3BD2839C-4311-46D4-B91F-2D298EF84D1A}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR9.EXE
FirewallRules: [{657D1132-39ED-4B95-9C6D-81C3A2F63F37}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{17041936-5A9B-42D5-95A7-4297A6A8B338}] => (Allow) LPort=2799
FirewallRules: [{A87EED45-9515-4B7F-90FD-EF9733F295E8}] => (Allow) LPort=2799
FirewallRules: [{27FB1105-3FD3-4000-8BF7-D6BCD56BE1B9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{13C2AC4D-174A-4E53-9FD5-1989B42F9FAD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F0FD40C8-8CD3-4FC4-B0D9-F9F65A446F37}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{75B03FC3-C9D3-4819-BD24-2FA7F51AADCA}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/11/2015 01:36:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
System errors:
=============
Error: (05/11/2015 01:27:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ServiceLayer%%1053
Error: (05/11/2015 01:27:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000ServiceLayer
Error: (05/11/2015 01:27:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053ServiceLayer{ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error: (05/11/2015 01:24:45 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (05/07/2015 08:56:58 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (05/07/2015 07:17:35 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (05/06/2015 06:54:37 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (05/05/2015 09:19:53 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (05/05/2015 06:12:05 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (05/04/2015 06:01:27 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
Microsoft Office Sessions:
=========================
Error: (05/11/2015 01:36:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (05/11/2015 01:36:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
CodeIntegrity Errors:
===================================
Date: 2015-05-11 14:39:43.659
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-11 14:39:43.512
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-11 14:39:43.359
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-11 14:39:43.194
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-11 14:39:42.939
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-11 14:39:42.761
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-11 14:39:42.591
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-05-11 14:39:42.409
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-20 16:32:32.408
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-20 16:32:32.283
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 75%
Total physical RAM: 3325.27 MB
Available physical RAM: 827.98 MB
Total Pagefile: 6848.55 MB
Available Pagefile: 3412.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.34 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:638.16 GB) (Free:447.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:20 GB) (Free:8.33 GB) FAT32
Drive i: (Volume) (Fixed) (Total:273.34 GB) (Free:273.24 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 20FC60C5)
Partition 1: (Active) - (Size=638.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=273.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
11.05.2015, 13:52
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren entfernenZitat:
 Da fehlen ja Updates der letzten sechs Jahre!!! Da Windows Vista auch nicht mehr so lange Support hat, solltest du auch mal so langsam ein Upgrade einplanen...und es muss nicht immer Windows sein!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.05.2015, 14:43
| #5 |
| | Viren entfernen Der PC ist so gut wie nicht mehr in Gebrauch, da wir im Haushalt mehrere Laptops verwenden... was soll ich jetzt tun? Kann man da noch was machen? |
|
12.05.2015, 00:04
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren entfernen Man kann (fast) alles machen. Aber der Aufwand diese Windows-Vista-SP1-Installation auf Vordermann zu bringen dürfte den der Neuinstallation eines aktuellen OS ziemlich locker übersteigen. Und wenn alles wieder ok ist mit diesem jetzigenSystem: das Glück währt nicht sehr lange: in ca. 1,5 Jahren ist es mit Vista eh aus und vorbei mit dem Support. Selbst das recht alte Win7 hat noch drei Jahre länger Support als Vista.
__________________ --> Viren entfernen |
|
12.05.2015, 09:59
| #7 |
| | Viren entfernen okay... dann mach ich am besten alles platt und gleich windows 8 drauf? |
|
12.05.2015, 15:27
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren entfernen Wieso muss es überhaupt Windows sein? Gib doch mal Linux eine Chance. Sicherer ist es allemal. Windows brauchst du wirklich nur wenn: 1) diese Kiste für Hardcore-Gamer sein soll 2) du auf dieser (selten genutzten?) Kiste Software benötigst, die nur unter Windows läuft. (bzw nur mit sehr unangenehmen Krücken unter Linux) Typische Beispiele: Adobe-Software, Microsoft Office oder aber am eigenen Leib erfahren: Navigationssysteme von TomTom  Klick doch mal auf den Link in meiner Signatur => Warum Linux besser als Windows ist
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Viren entfernen |
| avira, entfernen, internet, internetseite, klick, kostenlose, langsam, mcafee, nichts, problem, programm, programme, rechner, recht, scan, security, seite, seiten, testversion, unerwünschte, verhindert, version, viren, werbung, öffnet |
Linear-Darstellung
