Win 7/Avira: Entfernen von TR/Sirefef.A.40 (ZeroAccess) und ggf. weiterem Hallo und Guten Abend an die Nachtschwärmer, :kaffee: (ich versuche mich kurz zu fassen)
mein Verwandter bat mich um Hilfe beim Entfernen des von Avira (natürlich ständig) gemeldeten TR/Sirefef.A.40 also ZeroAccess.
Gestern habe ich zuerst CCleaner und danach JRT gestartet.
Heute habe ich die Anleitung abgearbeitet; jedoch meldete GMER ständig: Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen
Datenträger in Laufwerk \Device\Harddisk5\DR23 ein.
Hier sind erstmal die anderen LogFiles. (Leider fehlt der Log von Avira)
JRT: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x86
Ran by ***** on 17.09.2013 at 15:05:09,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\inboxtoolbar
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\siteranker
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\inbox toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\inbox toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.appserver
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.ibx404
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.jsserver
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\inbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{11bf46c6-b3de-48bd-bf70-3ad85cab80b5}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{612ad33d-9824-4e87-8396-92374e91c4bb}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CDD24D70-FAB4-47D8-B36A-144AEF5255F9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
~~~ Files
Successfully deleted: [File] "C:\Windows\System32\Tasks\scheduled update for ask toolbar"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\*****\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\*****\appdata\locallow\inbox toolbar"
Successfully deleted: [Folder] "C:\Users\*****\appdata\locallow\siteranker"
Successfully deleted: [Folder] "C:\Program Files\inbox toolbar"
Successfully deleted: [Folder] "C:\Program Files\siteranker"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inbox toolbar"
~~~ FireFox
Successfully deleted: [File] C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\5loqou7y.default\user.js
Successfully deleted: [File] C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\5loqou7y.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\5loqou7y.default\extensions\toolbar@ask.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\siteranker@siteranker.com
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{184aa5e6-741d-464a-820e-94b3abc2f3b4}
Successfully deleted the following from C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\5loqou7y.default\prefs.js
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
user_pref("extensions.asktb.apn_dbr", "ie_9.0.8112.16421");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.cbid", "U3");
user_pref("extensions.asktb.config-updated", true);
user_pref("extensions.asktb.cr-o", "100000027cr");
user_pref("extensions.asktb.crumb", "2012.11.13+00.40.17-toolbar006iad-DE-QmVybGluLEdlcm1hbnk%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "OSJ000YYDE");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0007");
user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("extensions.asktb.ff19-config-first-run", "true");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "4A549081-6E3D-4B47-9FC1-EDF3DFAAB9F9");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "first");
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1379418749018");
user_pref("extensions.asktb.last-search-timestamp", "1378823472993");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.location", "Berlin,Germany");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.news-native-on", true);
user_pref("extensions.asktb.o", "100000027");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "22");
user_pref("extensions.asktb.sa", "YES");
user_pref("extensions.asktb.saguid", "E93EA92C-90B6-40F4-A75B-D336CFD5D866");
user_pref("extensions.asktb.search-history-queries", "www.atkhairy.com||google");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "10000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "12.11.2012 16:36:06");
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.15.25.100013");
user_pref("extensions.asktb.version", "5.15.25.36191");
user_pref("extensions.asktb.volume", "");
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\5loqou7y.default\minidumps [15 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\*****\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.09.2013 at 15:08:27,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Defogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:46 on 18/09/2013 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- FRST: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by ***** (administrator) on *****-PC on 18-09-2013 16:49:32
Running from F:\
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Malwarebytes Corporation) C:\Users\*****\Desktop\Anti-Vius\Malware Anti-Malware\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Users\*****\Desktop\Anti-Vius\Malware Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Softwareentwicklung Remus - ArchiCrypt) C:\Windows\system32\STGRAMDiskHandler32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Users\*****\Desktop\Anti-Vius\Malware Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Steganos Software GmbH) C:\Program Files\Steganos Privacy Suite 12\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files\Steganos Privacy Suite 12\fredirstarter.exe
() C:\Program Files\TV IR\shutTask.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Steganos Software GmbH) C:\Program Files\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
() C:\Program Files\TV IR\TV IR.exe
() F:\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [Eraser] - C:\PROGRA~1\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project)
HKLM\...\Run: [SSS12 HotKeys] - C:\Program Files\Steganos Privacy Suite 12\SteganosHotKeyService.exe [84480 2011-09-30] (Steganos Software GmbH)
HKLM\...\Run: [SSS12 File Redirection Starter] - C:\Program Files\Steganos Privacy Suite 12\fredirstarter.exe [17408 2011-09-30] (Steganos Software GmbH)
HKLM\...\Run: [UpdatePDRShortCut] - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [TVPro Control] - C:\Program Files\TV IR\TV IR.EXE [997376 2012-04-26] ()
HKLM\...\Run: [TVPro Task] - C:\Program Files\TV IR\shutTask.exe [177664 2012-04-16] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [295512 2013-06-20] (RealNetworks, Inc.)
HKCU\...\Run: [SSS12 Browser Monitor] - C:\Program Files\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe [57344 2011-09-30] (Steganos Software GmbH)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [ABBYY Screenshot Reader Retail] - [x]
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: {1b3b3c10-18a5-11e0-a898-6c626d0e3b38} - F:\SecureDataUSBDrive.exe
MountPoints2: {909cdbd2-feec-11df-8945-6c626d0e3b38} - F:\SecureDataUSBDrive.exe
MountPoints2: {c47d4fdc-d4c4-11e0-bcce-6c626d0e3b38} - M:\LaunchU3.exe -a
MountPoints2: {c73802c4-cbf5-11e1-b7fc-6c626d0e3b38} - G:\Startme.exe
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/webhp?hl=de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5loqou7y.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.startzentrale.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5loqou7y.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5loqou7y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Anti-Banner - C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files\Steganos Privacy Suite 12\pfplugin
FF Extension: Steganos Private Favorites - C:\Program Files\Steganos Privacy Suite 12\pfplugin
FF HKLM\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files\Steganos Privacy Suite 12\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files\Steganos Privacy Suite 12\spmplugin3
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (DivX Web Player) - C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\gears.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (RealDownloader) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Skype Click to Call) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0; C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 MBAMScheduler; C:\Users\*****\Desktop\Anti-Vius\Malware Anti-Malware\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Users\*****\Desktop\Anti-Vius\Malware Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2008-12-31] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 Steganos Volatile Disk; C:\Windows\system32\STGRAMDiskHandler32.exe [349184 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt)
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435016 2010-08-06] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1021256 2009-10-30] (TuneUp Software)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-02-26] (Ulead Systems, Inc.)
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{87e7496d-519f-3441-1799-14277f337ed4}\ \...\???\{87e7496d-519f-3441-1799-14277f337ed4}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
S3 AF9035HB; C:\Windows\System32\Drivers\AF9035HB.sys [864384 2011-10-31] (ITE Technologies )
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-12] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\dvb7700all.sys [565440 2009-11-02] (DiBcom)
R1 SLEE_17_DRIVER; C:\Windows\system32\drivers\Sleen17.sys [94560 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt - )
R3 smsbda; C:\Windows\System32\drivers\smsbda.sys [45440 2011-03-06] (Siano)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R1 STGMFEngine32; C:\Windows\system32\drivers\STGMFEngine32.sys [16384 2011-09-12] (Softwareentwicklung Remus - ArchiCrypt.com)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1579144 2010-06-07] (Syntek)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software)
S3 Bulk1528; System32\Drivers\Bulk1528.sys [x]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-18 16:49 - 2013-09-18 16:49 - 00000000 ____D C:\FRST
2013-09-18 16:46 - 2013-09-18 16:46 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-09-18 09:14 - 2013-09-18 15:14 - 98132872 _____ C:\Windows\system32\輚腅_
2013-09-18 09:13 - 2013-09-18 09:13 - 00000056 _____ C:\Windows\setupact.log
2013-09-18 09:13 - 2013-09-18 09:13 - 00000000 _____ C:\Windows\setuperr.log
2013-09-17 15:05 - 2013-09-17 15:05 - 00000000 ____D C:\Windows\ERUNT
2013-09-17 13:58 - 2013-09-17 13:59 - 2338848756 _____ C:\avenger.txt
2013-09-17 13:58 - 2013-09-17 13:58 - 00000000 ____D C:\Avenger
2013-09-17 11:59 - 2013-09-17 11:59 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RemoveIT Pro v4 - SE
2013-09-17 11:50 - 2013-09-17 11:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-17 11:49 - 2013-09-17 11:49 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-09-17 11:49 - 2013-09-17 11:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-17 11:49 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-17 11:44 - 2013-09-17 15:16 - 00000000 ____D C:\Users\*****\Desktop\Anti-Vius
2013-09-12 17:44 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 17:44 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 17:44 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 17:44 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 17:44 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 17:44 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 17:44 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 17:44 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 17:44 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 17:44 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 17:44 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 17:44 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 17:44 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 17:44 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 17:44 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 17:44 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 10:24 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 10:24 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 10:24 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 10:24 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 10:24 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 10:24 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 10:24 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 10:24 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-08-19 19:57 - 2013-09-12 17:42 - 00000000 ____D C:\Windows\system32\MRT
2013-08-19 19:02 - 2013-08-19 19:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-19 15:45 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-19 15:45 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-19 15:44 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-19 15:44 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-19 15:44 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-19 15:44 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-19 15:44 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-19 15:44 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-19 15:44 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-19 15:44 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-19 15:44 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-19 15:42 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
2013-09-18 16:49 - 2013-09-18 16:49 - 00000000 ____D C:\FRST
2013-09-18 16:48 - 2012-11-15 11:21 - 01073810 _____ C:\Windows\WindowsUpdate.log
2013-09-18 16:46 - 2013-09-18 16:46 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-09-18 16:46 - 2010-08-06 18:37 - 00000000 ____D C:\Users\*****
2013-09-18 16:45 - 2010-01-26 16:21 - 01498552 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-18 16:16 - 2013-04-03 14:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-18 16:02 - 2010-11-12 12:02 - 00000300 _____ C:\Windows\Tasks\DMEPeriodicTask.job
2013-09-18 15:14 - 2013-09-18 09:14 - 98132872 _____ C:\Windows\system32\輚腅_
2013-09-18 11:25 - 2011-04-14 13:04 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2013-09-18 09:20 - 2009-07-14 06:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-18 09:20 - 2009-07-14 06:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-18 09:13 - 2013-09-18 09:13 - 00000056 _____ C:\Windows\setupact.log
2013-09-18 09:13 - 2013-09-18 09:13 - 00000000 _____ C:\Windows\setuperr.log
2013-09-18 09:13 - 2011-03-24 16:17 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-18 09:13 - 2011-03-24 16:17 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-18 09:13 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-17 15:16 - 2013-09-17 11:44 - 00000000 ____D C:\Users\*****\Desktop\Anti-Vius
2013-09-17 15:11 - 2010-01-27 01:09 - 00000000 ____D C:\Windows\Panther
2013-09-17 15:07 - 2011-04-11 10:38 - 00000000 ____D C:\Program Files\CCleaner
2013-09-17 15:06 - 2013-04-03 14:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-17 15:06 - 2013-04-03 14:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-17 15:05 - 2013-09-17 15:05 - 00000000 ____D C:\Windows\ERUNT
2013-09-17 13:59 - 2013-09-17 13:58 - 2338848756 _____ C:\avenger.txt
2013-09-17 13:58 - 2013-09-17 13:58 - 00000000 ____D C:\Avenger
2013-09-17 13:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Globalization
2013-09-17 11:59 - 2013-09-17 11:59 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RemoveIT Pro v4 - SE
2013-09-17 11:50 - 2013-09-17 11:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-17 11:49 - 2013-09-17 11:49 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-09-17 11:49 - 2013-09-17 11:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-13 16:31 - 2011-03-19 17:56 - 00000000 ____D C:\Users\*****\dwhelper
2013-09-13 10:40 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-13 10:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-13 10:03 - 2009-07-14 06:33 - 00542784 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 09:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-12 17:47 - 2009-07-14 04:04 - 00000777 _____ C:\Windows\win.ini
2013-09-12 17:42 - 2013-08-19 19:57 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 17:40 - 2010-01-26 16:42 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 16:11 - 2010-09-13 14:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Skype
2013-09-11 15:12 - 2011-03-24 16:17 - 00000000 ____D C:\Users\*****\AppData\Local\Google
2013-09-11 15:12 - 2011-03-24 16:17 - 00000000 ____D C:\Program Files\Google
2013-09-11 09:49 - 2012-10-01 14:26 - 00001976 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-09-11 09:49 - 2010-01-29 11:53 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-04 15:34 - 2011-05-31 14:52 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-04 15:33 - 2012-11-15 11:20 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-22 09:56 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-21 10:01 - 2012-05-15 12:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-20 10:24 - 2013-05-07 15:06 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-20 10:24 - 2012-11-15 11:20 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-19 19:08 - 2010-11-08 17:28 - 00011264 _____ C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-19 19:02 - 2013-08-19 19:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-19 11:09 - 2010-08-06 19:12 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
Files to move or delete:
====================
ZeroAccess:
C:\Users\*****\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
C:\Users\*****\msvcp71.dll
C:\Users\*****\msvcr71.dll
C:\Users\*****\passwordmanager.conversion.exe
C:\Users\*****\PasswordManager.exe
C:\Users\*****\PasswordManagerStandalone.exe
C:\Users\*****\PwmMobile.exe
C:\Users\*****\ResetPendingMoves.exe
C:\Users\*****\SPMIEToolbar.dll
C:\Users\*****\SteganosUpdater.exe
C:\Users\*****\uninstall.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-09-11 10:20
==================== End Of Log ============================ Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013 03
Ran by ***** at 2013-09-18 16:50:08
Running from F:\
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
1-abc.net File Encrypter (Remove only)
32 Bit HP CIO Components Installer (Version: 7.1.8)
ABBYY Screenshot Reader (Version: 9.010.483.59810)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.0) - Deutsch (Version: 10.1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
AMD USB Filter Driver (Version: 1.0.15.94)
ArcSoft TotalMedia 3.5 (Version: 3.5.7.377)
Ask Toolbar Updater (HKCU Version: 1.2.6.36191)
ATI Catalyst Install Manager (Version: 3.0.769.0)
Avira Free Antivirus (Version: 13.0.0.4052)
B109a-m (Version: 130.0.396.000)
Bing Bar (Version: 7.0.791.0)
Brother MFL-Pro Suite MFC-J5910DW (Version: 1.0.5.0)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center Core Implementation (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Full Existing (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Full New (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Light (Version: 2010.0406.2133.36843)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0406.2133.36843)
Catalyst Control Center InstallProxy (Version: 2010.0406.2133.36843)
Catalyst Control Center Localization All (Version: 2010.0406.2133.36843)
CCC Help Danish (Version: 2010.0406.2132.36843)
CCC Help Dutch (Version: 2010.0406.2132.36843)
CCC Help English (Version: 2010.0406.2132.36843)
CCC Help Finnish (Version: 2010.0406.2132.36843)
CCC Help French (Version: 2010.0406.2132.36843)
CCC Help German (Version: 2010.0406.2132.36843)
CCC Help Italian (Version: 2010.0406.2132.36843)
CCC Help Japanese (Version: 2010.0406.2132.36843)
CCC Help Norwegian (Version: 2010.0406.2132.36843)
CCC Help Spanish (Version: 2010.0406.2132.36843)
CCC Help Swedish (Version: 2010.0406.2132.36843)
ccc-core-static (Version: 2010.0406.2133.36843)
ccc-utility (Version: 2010.0406.2133.36843)
CCleaner (Version: 4.05)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
COMPUTERBILD Alles-Öffner (Version: 1.0.8)
COMPUTERBILD App-Center (Version: 1.1.11)
Corel WordPerfect Suite 8
CorelDRAW Essentials 4 - Content (Version: 4.0)
CorelDRAW Essentials 4 - Draw (Version: 4.0)
CorelDRAW Essentials 4 - Extra Content
CorelDRAW Essentials 4 - Extra Content (Version: 4.0)
CorelDRAW Essentials 4 - Filters (Version: 4.0)
CorelDRAW Essentials 4 - ICA (Version: 4.0)
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0)
CorelDRAW Essentials 4 - Lang BR (Version: 4.0)
CorelDRAW Essentials 4 - Lang DE (Version: 4.0)
CorelDRAW Essentials 4 - Lang EN (Version: 4.0)
CorelDRAW Essentials 4 - Lang ES (Version: 4.0)
CorelDRAW Essentials 4 - Lang FR (Version: 4.0)
CorelDRAW Essentials 4 - Lang IT (Version: 4.0)
CorelDRAW Essentials 4 - Lang NL (Version: 4.0)
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0)
CorelDRAW Essentials 4 (Version: 4.0)
CyberLink PhotoDirector 3 (Version: 3.0.3618)
CyberLink PhotoNow (Version: 1.1.6904)
CyberLink PowerDirector (Version: 7.0.4020)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.372.000)
DHTML Editing Component (Version: 6.02.0001)
Eraser 6.0.8.2273 (Version: 6.0.2273)
FILEminimizer Pictures
Firebird SQL Server - MAGIX Edition (Version: 2.1.23.0)
Formatwandler 2013 (Version: 5.0.12.625)
Free Video Flip and Rotate version 2.1.7.422 (Version: 2.1.7.422)
Google Chrome (Version: 29.0.1547.66)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Update Helper (Version: 1.3.21.153)
GPBaseService2 (Version: 130.0.371.000)
holz multimedia
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
Indeo® software
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java(TM) 6 Update 20 (Version: 6.0.200)
Junk Mail filter update (Version: 14.0.8089.726)
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
Lidl-Fotos
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
MD86351 driver install (Version: 6.3.6.1)
Media Go (Version: 2.2.223)
Media Go Video Playback Engine 1.92.162.06140 (Version: 1.92.162.06140)
Mein CeWe Fotobuch
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package - SE
Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Open Freely (Version: 1.0)
PhotoFilmStrip 1.5.0 (Version: 1.5.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
PlayStation(R)Network Downloader (Version: 2.07.00849)
PlayStation(R)Store (Version: 4.9.4.14625)
PS_AIO_06_B109a-m_SW_Min (Version: 130.0.396.000)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
Realtek High Definition Audio Driver (Version: 6.0.1.6083)
RealUpgrade 1.1 (Version: 1.1.0)
RemoveIT Pro v4 - SE (Version: 4.0)
Scan (Version: 140.0.80.000)
schrankplaner (Version: 3.600)
Scrabble3D (Version: 3.1.0.23)
Shop for HP Supplies (Version: 13.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.6 (Version: 6.6.106)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Sony Ericsson Update Engine (Version: 2.13.7.201306141231)
Sony PC Companion 2.10.173 (Version: 2.10.173)
SPCA1528 PC Driver (Version: 2.2.4.0)
Status (Version: 130.0.373.000)
Steganos Privacy Suite 12 (Version: 12.1.1)
supra DateSet (Version: 1.0.1.0)
TeamViewer 6 (Version: 6.0.10462)
Telekom Fotoservice
T-Online 6.0
T-Online WLAN-Access Finder
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
TrueCrypt (Version: 7.0a)
TuneUp Utilities (Version: 9.0.2000.15)
TuneUp Utilities Language Pack (de-DE) (Version: 9.0.2000.15)
TV IR (Version: 2.4)
Ulead VideoStudio 8.0 SE DVD (Version: 8.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
USB2.0 Grabber (Version: 7.12.000.003)
VLC media player 2.0.0 (Version: 2.0.0)
WarrantyExtension (Version: 1.00.0000)
WebReg (Version: 130.0.132.017)
Windows 7 Codec Pack 2.1.0
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live ID-Anmelde-Assistent (Version: 6.500.3146.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
WinRAR
Würth Beschläge
Yahoo! Toolbar
==================== Restore Points =========================
23-08-2013 07:03:39 Windows Update
27-08-2013 10:57:48 Windows Update
30-08-2013 11:21:52 Windows Update
03-09-2013 06:48:24 Windows Update
07-09-2013 12:00:49 Windows Update
12-09-2013 15:40:24 Windows Update
13-09-2013 15:14:32 Windows Update
16-09-2013 13:56:34 Windows Update
17-09-2013 14:36:44 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0012CE96-EEBB-4821-9692-39FD4E7A2D64} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {016E1F92-1CA7-4426-B075-C70CCA5CA2FA} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {0C71FC86-3D3C-413E-BD8F-25A533514013} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files\TuneUp Utilities 2010\OneClick.exe [2009-10-30] (TuneUp Software)
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0DE89BB0-96CC-420B-8414-7FBF63634194} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1561127288-1042267340-3996502274-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {10DB8BC8-7DED-4702-A34F-3E05A288400F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] ()
Task: {17CCFE8D-F573-44A2-9331-691F26B13217} - System32\Tasks\{66DAFD33-919A-4CE0-B1A6-E4F14D4164EE} => C:\Program Files\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {2D68E398-EC50-4F8A-8292-73C5E7F66848} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {3E89BFD4-D604-4EEF-B75F-7799C5CEA6E7} - \Scheduled Update for Ask Toolbar No Task File
Task: {4D16D986-44EA-4751-B1F6-758CF7567424} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {52EC0488-CFF0-44F4-90D0-CA612FD8C263} - System32\Tasks\Real Networks Scheduler => c:\program files\real\realplayer\Update\realsched.exe [2013-06-20] (RealNetworks, Inc.)
Task: {62D3BF4F-EF2B-498B-B2C3-F2B212A660D3} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {887EA725-532E-4247-A9A7-F209423570FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-17] (Adobe Systems Incorporated)
Task: {94053A4A-9081-4442-BF0D-55DED861C3EE} - System32\Tasks\Automatische Problemsuche => C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30] (TuneUp Software)
Task: {A52308D2-7CA0-4317-8A79-CE367F1F931A} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
Task: {C3CC70A1-D607-4D8C-9E43-1A22BAD64C6F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-24] (Google Inc.)
Task: {CB58A3D2-CACB-47AA-8465-578FA4FCD1F6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1561127288-1042267340-3996502274-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {DFF04FC8-EFA6-4F0B-A371-A60DD9A2D597} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-24] (Google Inc.)
Task: {E1AF2A4B-7F91-4798-8465-B6E35B20AF79} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1561127288-1042267340-3996502274-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {EA1BB7AE-24AB-4A99-81B3-FDC779C81C2F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {F3C49398-5E6E-4525-9558-90D2CDAAFEFE} - System32\Tasks\DMEPeriodicTask => C:\Program Files\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16] (Hewlett-Packard)
Task: {F63D9D82-EDEE-4877-B45C-21A39100F3FB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1561127288-1042267340-3996502274-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DMEPeriodicTask.job => C:\Program Files\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2013-09-17 11:49 - 2013-04-04 14:50 - 00527944 _____ (Malwarebytes Corporation) C:\Users\*****\Desktop\Anti-Vius\Malware Anti-Malware\Malwarebytes' Anti-Malware\mbam.dll
2013-09-17 11:49 - 2013-04-04 14:50 - 02191944 _____ (Malwarebytes Corporation) C:\Users\*****\Desktop\Anti-Vius\Malware Anti-Malware\Malwarebytes' Anti-Malware\mbamnet.dll
2011-09-12 15:29 - 2011-09-12 15:29 - 00187904 _____ () C:\Program Files\Steganos Privacy Suite 12\ShellExtension.dll
2013-09-17 11:49 - 2013-04-04 14:50 - 00080968 _____ (Malwarebytes Corporation) C:\Users\*****\Desktop\Anti-Vius\Malware Anti-Malware\Malwarebytes' Anti-Malware\mbamext.dll
2012-10-10 09:16 - 1997-08-25 16:48 - 00125952 ____N (Corel Corporation Limited) C:\Windows\system32\shellwp.dll
2010-10-27 10:28 - 2009-09-18 09:11 - 00131072 _____ (fun communications GmbH) C:\Program Files\T-Online\T-Online_Software_6\Banking\HbDokMan.dll
2010-08-06 19:09 - 2006-08-05 11:34 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll
2009-10-30 14:28 - 2009-10-30 14:28 - 00030536 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
2010-10-18 11:14 - 2009-08-20 01:19 - 00074984 _____ () C:\Program Files\FILEminimizer Pictures\FILEMShell.dll
2012-06-22 14:01 - 2012-06-22 14:01 - 00110592 _____ (HDX4 GmbH) C:\Program Files\S.A.D\Formatwandler 2013\ContextHandler FormatWandler 5.DLL
2010-11-04 23:09 - 2010-11-04 23:09 - 00236944 _____ (The Eraser Project) C:\Program Files\Eraser\Eraser.Shell.dll
2010-11-04 23:08 - 2010-11-04 23:08 - 00109968 _____ (The Eraser Project) C:\Program Files\Eraser\Eraser.Manager.dll
2010-11-04 23:08 - 2010-11-04 23:08 - 00059792 _____ (The Eraser Project) C:\Program Files\Eraser\Eraser.Util.dll
2010-11-04 23:08 - 2010-11-04 23:08 - 00099728 _____ (The Eraser Project) C:\Program Files\Eraser\Plugins\Eraser.DefaultPlugins.dll
2010-11-04 23:08 - 2010-11-04 23:08 - 00025488 _____ (The Eraser Project) C:\Program Files\Eraser\en\Eraser.resources.dll
2010-11-04 23:08 - 2010-11-04 23:08 - 00014736 _____ (DELMATIC) C:\Program Files\Eraser\BevelLine.dll
2010-11-04 23:08 - 2010-11-04 23:08 - 00017808 _____ (The Eraser Project) C:\Program Files\Eraser\Plugins\en\Eraser.DefaultPlugins.resources.dll
2010-11-04 23:08 - 2010-11-04 23:08 - 00030608 _____ (The Eraser Project) C:\Program Files\Eraser\en\Eraser.Manager.resources.dll
2012-05-07 07:37 - 2010-10-27 19:17 - 00408128 _____ (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Bin\ArcCon.dll
2012-10-01 14:26 - 2013-05-21 08:57 - 00593920 _____ (Avanquest Software) C:\Program Files\Sony\Sony PC Companion\NewUI.dll
2012-10-01 14:26 - 2013-02-05 12:49 - 00701952 _____ (Avanquest Software) C:\Program Files\Sony\Sony PC Companion\bvrpctln.dll
2012-10-01 14:26 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2012-10-01 14:26 - 2013-08-27 09:26 - 00920064 _____ (Avanquest Software) C:\Program Files\Sony\Sony PC Companion\Device.dll
2012-10-01 14:26 - 2013-05-17 10:51 - 00207872 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2012-10-01 14:26 - 2011-04-04 14:14 - 00113664 _____ (Avanquest Software) C:\Program Files\Sony\Sony PC Companion\WUNPACLN.dll
2012-10-01 14:26 - 2013-07-24 11:10 - 00991232 _____ (Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PCCompanion.dll
2012-10-01 14:26 - 2012-12-26 15:44 - 00287744 _____ (Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PluginManager.dll
2012-10-01 14:26 - 2013-04-23 17:27 - 00342528 _____ (TODO: <Company name>) C:\Program Files\Sony\Sony PC Companion\PhoneUpdateTools.dll
2012-10-01 14:26 - 2012-07-11 17:39 - 00329728 _____ (Avanquest Software) C:\Program Files\Sony\Sony PC Companion\DownloadManager.dll
2012-07-09 14:32 - 2012-07-09 14:32 - 00823808 _____ (Avanquest Software) C:\Program Files\Sony\Sony PC Companion\BackupRestore.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2013-05-27 12:22 - 2013-05-27 12:22 - 00339456 _____ (Avanquest Software) C:\Program Files\Sony\Sony PC Companion\CrashDump.dll
2012-07-17 10:56 - 2012-07-17 10:56 - 00587776 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2012-10-01 14:26 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2012-10-01 14:26 - 2013-06-10 17:46 - 00285696 _____ (Avanquest Software) C:\Program Files\Sony\Sony PC Companion\Statistics.dll
2012-10-01 14:26 - 2013-06-07 11:38 - 00183296 _____ (Avanquest Software) C:\Program Files\Sony\Sony PC Companion\WebServices.dll
2012-05-04 12:41 - 2007-04-19 10:31 - 00396104 _____ (ArcSoft Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\uDiscClub.dll
2012-05-04 12:41 - 2007-04-19 10:31 - 00604992 _____ (ArcSoft Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\uafc.dll
2012-05-04 12:41 - 2007-04-19 10:39 - 00256768 _____ (Sample Corporation) C:\Program Files\ArcSoft\TotalMedia 3.5\MSLURT.dll
2012-05-04 12:41 - 2007-04-19 10:39 - 00400128 _____ (Sample Corporation) C:\Program Files\ArcSoft\TotalMedia 3.5\MSLUP60.dll
2012-05-04 12:41 - 2007-04-19 10:31 - 00047872 _____ (ArcSoft Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\uAlignSplit.dll
2012-05-04 12:41 - 2007-04-19 10:32 - 00244480 _____ (Arcsoft Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\uDvdIfo.dll
2012-05-04 12:41 - 2007-04-19 10:33 - 00125696 _____ (arcsoft) C:\Program Files\ArcSoft\TotalMedia 3.5\uSche.dll
2012-05-04 12:41 - 2007-04-19 10:30 - 00092928 _____ (ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\MonitorMgr.dll
2012-05-04 12:41 - 2011-02-28 19:57 - 00159744 _____ (arcsoft) C:\Program Files\ArcSoft\TotalMedia 3.5\uEpg.dll
2012-05-04 12:41 - 2007-04-19 10:33 - 00035584 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll
2012-05-04 12:41 - 2007-04-19 10:31 - 00072448 _____ (ArcSoft Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\uafcrc.dll
2012-05-04 12:41 - 2006-11-21 16:51 - 00028672 _____ (ArcSoft) C:\Program Files\ArcSoft\TotalMedia 3.5\Res_Monitor.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2013-01-08 12:01 - 2012-04-15 01:47 - 00167936 _____ () C:\Program Files\TV IR\RmCard.dll
2013-01-08 12:01 - 2008-01-15 01:40 - 00053248 _____ () C:\Program Files\TV IR\LWExt.dll
2013-01-08 12:01 - 2009-02-19 12:54 - 00049152 _____ (Geniatech) C:\Program Files\TV IR\cx88prop.dll
2013-01-08 12:01 - 2009-03-09 12:52 - 00053248 _____ () C:\Program Files\TV IR\tmir.dll
==================== Alternate Data Streams (whitelisted) ==========
==================== Faulty Device Manager Devices =============
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/17/2013 03:08:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012288
ID des fehlerhaften Prozesses: 0x1338
Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0
Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1
Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2
Berichtskennung: gmer_2.1.19163.exe3
System errors:
=============
Error: (09/18/2013 09:13:43 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060
Error: (09/18/2013 09:13:33 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error: (09/18/2013 09:13:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/17/2013 04:37:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Steganos Volatile Disk konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (09/17/2013 03:19:16 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (09/17/2013 03:17:58 PM) (Source: mbamchameleon) (User: )
Description: C00000BE
Error: (09/17/2013 03:17:58 PM) (Source: mbamchameleon) (User: )
Description: C00000BE
Error: (09/17/2013 03:17:23 PM) (Source: mbamchameleon) (User: )
Description: C00000BE
Error: (09/17/2013 03:17:23 PM) (Source: mbamchameleon) (User: )
Description: C00000BE
Microsoft Office Sessions:
=========================
Error: (09/17/2013 03:08:10 PM) (Source: Application Error)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c000000500012288133801ceb3a6a0670592C:\Users\*****\Desktop\Anti-Vius\gmer_2.1.19163.exeC:\Users\*****\Desktop\Anti-Vius\gmer_2.1.19163.exe32f13fc5-1f9a-11e3-8c71-6c626d0e3b38
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 3326.3 MB
Available physical RAM: 1735.86 MB
Total Pagefile: 6650.9 MB
Available Pagefile: 4768.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.45 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:910.41 GB) (Free:793.72 GB) NTFS
Drive d: (Recover) (Fixed) (Total:20 GB) (Free:11.66 GB) NTFS
Drive f: () (Removable) (Total:1.86 GB) (Free:1.8 GB) FAT
Drive m: (HDDRIVE2GO) (Fixed) (Total:931.28 GB) (Free:865.61 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 9 (Size: 932 GB) (Disk ID: 20441D24)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)
========================================================
Disk: 10 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: DA97DC12)
Partition 1: (Active) - (Size=2 GB) - (Type=06)
==================== End Of Log ============================ MalwareBytesAntiRootkit: Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
Database version: v2013.09.17.06
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16686
***** :: *****-PC [administrator]
18.09.2013 17:34:34
mbar-log-2013-09-18 (17-34-34).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 42448
Time elapsed: 2 minute(s), 17 second(s) [aborted]
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end) Schon jetzt tausend Dank für jegliche Hilfe.
LG Jule |