graffartik | 17.12.2014 20:42 | Teil 2 hier die noch fehlenden Logs:
Log von frst:
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by RalfManuela (administrator) on RALFMANUELA-PC on 17-12-2014 16:36:42
Running from C:\Users\RalfManuela\Downloads\Maleware
Loaded Profile: RalfManuela (Available profiles: RalfManuela)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\java.exe
() C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-12-16] (AVAST Software)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {07aebfa7-66b5-11e1-8b7d-4c0f6e89b879} - F:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {0a6bb36d-e962-11e3-8f36-88ae1da3f0f3} - F:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {0a6bb380-e962-11e3-8f36-88ae1da3f0f3} - F:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {0a6bb386-e962-11e3-8f36-88ae1da3f0f3} - F:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {116e20f6-5960-11e1-bbf7-88ae1da3f0f3} - F:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {116e2114-5960-11e1-bbf7-88ae1da3f0f3} - F:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {2b3d24d3-7365-11e1-86e6-4c0f6e89b879} - F:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {575192b2-ea80-11e3-acca-4c0f6e89b879} - F:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {575192c6-ea80-11e3-acca-4c0f6e89b879} - F:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {68092108-6765-11e1-90e8-4c0f6e89b879} - F:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {7c21132c-9289-11e0-8508-88ae1da3f0f3} - E:\start.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {7e6a6c5f-d9f7-11e3-8172-4c0f6e89b879} - F:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {7e6a6c65-d9f7-11e3-8172-4c0f6e89b879} - F:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {c93614e2-8a21-11e1-a7df-4c0f6e89b879} - F:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {d2cb3ce9-87d5-11e1-b1ef-4c0f6e89b879} - F:\AutoRun.exe
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\MountPoints2: {e88dce07-df72-11e0-a9e9-4c0f6e89b879} - F:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49737;https=127.0.0.1:49737
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409427002&from=tugs&uid=WDCXWD7500BPVT-22HXZT1_WD-WX71C706140161401&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409427002&from=tugs&uid=WDCXWD7500BPVT-22HXZT1_WD-WX71C706140161401&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3326214151-3358978863-4268213387-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE431DE431
SearchScopes: HKU\S-1-5-21-3326214151-3358978863-4268213387-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3326214151-3358978863-4268213387-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE431DE431
SearchScopes: HKU\S-1-5-21-3326214151-3358978863-4268213387-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-3326214151-3358978863-4268213387-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/o2cplayer.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
DPF: HKLM-x32 {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 62.141.58.18 213.163.97.5 204.152.184.76
FireFox:
========
FF ProfilePath: C:\Users\RalfManuela\AppData\Roaming\Mozilla\Firefox\Profiles\t18oz9i6.default
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin -> C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files (x86)\Real\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files (x86)\Real\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @united-navigation.com/FalkDevicePlugin -> C:\Program Files (x86)\Falk\Falk Device Plugin\npFalkPlugin.dll (United Navigation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3326214151-3358978863-4268213387-1001: @tools.google.com/Google Update;version=3 -> C:\Users\RalfManuela\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3326214151-3358978863-4268213387-1001: @tools.google.com/Google Update;version=9 -> C:\Users\RalfManuela\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3326214151-3358978863-4268213387-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\RalfManuela\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3326214151-3358978863-4268213387-1001: www.united-navigation.com/FalkPlugin -> C:\Program Files (x86)\Falk\Falk Device Plugin\npFalkPlugin.dll (United Navigation)
FF Extension: Adblock Plus - C:\Users\RalfManuela\AppData\Roaming\Mozilla\Firefox\Profiles\t18oz9i6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-22]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-16]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-15]
FF Extension: No Name - wrc@avast.com [Not Found]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-16] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-16] (Avast Software)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [650240 2013-03-01] () [File not signed]
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-16] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [811520 2009-05-14] (Windows (R) Win 7 DDK provider)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-16] (Avast Software)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 16:35 - 2014-12-17 16:35 - 00000000 _____ () C:\Users\RalfManuela\defogger_reenable
2014-12-17 07:23 - 2014-12-17 07:24 - 00000197 _____ () C:\Windows\system32\2014-12-17-06-23-49.099-AvastVBoxSVC.exe-3656.log
2014-12-16 16:48 - 2014-12-16 16:48 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-16 16:26 - 2014-12-17 16:37 - 00000000 ____D () C:\FRST
2014-12-16 15:39 - 2014-12-16 15:39 - 00000247 _____ () C:\Windows\system32\2014-12-16-14-39-44.028-aswFe.exe-2604.log
2014-12-16 15:30 - 2014-12-16 15:39 - 00000247 _____ () C:\Windows\system32\2014-12-16-14-30-47.080-aswFe.exe-6232.log
2014-12-16 15:30 - 2014-12-16 15:30 - 00000197 _____ () C:\Windows\system32\2014-12-16-14-30-31.031-AvastVBoxSVC.exe-4860.log
2014-12-16 15:16 - 2014-12-16 15:18 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-16 15:16 - 2014-12-16 15:18 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-16 15:09 - 2014-12-16 15:09 - 00001928 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-16 15:08 - 2014-12-16 15:08 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-16 15:08 - 2014-12-16 15:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-13 12:52 - 2014-12-13 12:53 - 06384541 _____ () C:\Users\RalfManuela\Downloads\Spezial_Firmware_2min_rec.pkg
2014-12-12 11:21 - 2014-12-13 19:59 - 00000000 ____D () C:\Users\RalfManuela\AppData\Roaming\iSpy
2014-12-12 11:21 - 2014-12-12 11:21 - 00003061 _____ () C:\Users\RalfManuela\Desktop\iSpy64.lnk
2014-12-12 11:21 - 2014-12-12 11:21 - 00001786 _____ () C:\Users\RalfManuela\Desktop\iSpy.lnk
2014-12-12 11:21 - 2014-12-12 11:21 - 00000000 ____D () C:\Users\RalfManuela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iSpy64
2014-12-12 11:20 - 2014-12-12 11:20 - 00000000 ____D () C:\Program Files\iSpy
2014-12-12 11:18 - 2014-12-12 11:18 - 00000000 ____D () C:\Users\RalfManuela\Downloads\Kamera
2014-12-12 10:07 - 2014-12-12 10:09 - 23276035 _____ () C:\Users\RalfManuela\Downloads\iSpy64_6_2_9_0.zip
2014-12-10 19:20 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 19:20 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 15:15 - 2014-12-10 15:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-12-10 15:15 - 2014-12-10 15:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-12-10 07:52 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 07:52 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 07:52 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 07:52 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 07:52 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 07:52 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 07:52 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 07:52 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 07:52 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 07:52 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 07:52 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 07:52 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 07:52 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 07:52 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 07:52 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 07:52 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 07:52 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 07:52 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 07:52 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 07:52 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 07:52 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 07:52 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 07:52 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 07:52 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 07:52 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 07:52 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 07:52 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 07:52 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 07:52 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 07:52 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 07:52 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 07:52 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 07:52 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 07:52 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 07:52 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 07:52 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 07:52 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 07:52 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 07:52 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 07:52 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 07:52 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 07:52 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 07:52 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 07:52 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 07:52 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 07:52 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 07:52 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 07:52 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 07:52 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 07:52 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 07:52 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 07:52 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 07:52 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 07:52 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 07:52 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 07:52 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 07:52 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 07:52 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 07:52 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 07:50 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 07:50 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 07:50 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 07:50 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 07:50 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 07:50 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 07:50 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 07:50 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 07:50 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 07:50 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 07:50 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 07:50 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 07:50 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 07:50 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 10:21 - 2014-12-09 10:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-30 15:12 - 2014-11-30 15:12 - 00000000 ____D () C:\Users\RalfManuela\AppData\Roaming\Apple Computer
2014-11-30 12:46 - 2014-11-30 12:46 - 00000000 ____D () C:\Users\RalfManuela\AppData\Local\Apple Computer
2014-11-30 12:28 - 2014-11-30 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-30 12:27 - 2014-11-30 12:35 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-30 12:27 - 2014-11-30 12:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-30 12:26 - 2014-11-30 12:26 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-30 12:26 - 2014-11-30 12:26 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-11-30 12:26 - 2014-11-30 12:26 - 00000000 ____D () C:\Users\RalfManuela\AppData\Local\Apple
2014-11-30 12:25 - 2014-11-30 12:26 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-11-30 12:25 - 2014-11-30 12:25 - 00000000 ____D () C:\ProgramData\Apple
2014-11-30 11:44 - 2014-11-30 11:44 - 00001142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-11-30 11:44 - 2014-11-30 11:44 - 00001130 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-11-30 11:44 - 2013-10-17 16:32 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2014-11-30 11:14 - 2014-11-30 12:01 - 00000000 ____D () C:\Users\RalfManuela\Downloads\Windows 7
2014-11-29 13:58 - 2014-11-29 13:58 - 00000000 ____D () C:\Users\RalfManuela\AppData\Roaming\TeamViewer
2014-11-29 13:55 - 2014-11-29 13:55 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-11-26 21:54 - 2014-11-30 09:25 - 00000000 ____D () C:\Users\RalfManuela\AppData\Local\PokerStars.EU
2014-11-26 21:51 - 2014-11-30 09:25 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-11-23 18:24 - 2014-11-23 18:24 - 00000000 ____D () C:\Users\RalfManuela\.swt
2014-11-23 18:24 - 2014-11-23 18:24 - 00000000 ____D () C:\Users\RalfManuela\.jmc
2014-11-23 18:23 - 2014-11-23 18:23 - 00000000 ____D () C:\Users\RalfManuela\.eclipse
2014-11-22 16:37 - 2014-11-22 16:30 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-22 16:36 - 2014-11-22 16:30 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-22 16:36 - 2014-11-22 16:30 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-22 16:35 - 2014-08-28 09:41 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-11-19 19:30 - 2014-11-19 19:30 - 00046442 _____ () C:\Users\RalfManuela\Downloads\Route34_Müllenbachtal.gpx
2014-11-19 07:39 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 07:39 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 07:39 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 07:39 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 20:15 - 2014-12-11 10:35 - 00000000 ____D () C:\Users\RalfManuela\Downloads\NetSpeedMonitor
2014-11-18 20:14 - 2014-11-18 20:14 - 00000000 ____D () C:\Users\RalfManuela\AppData\Roaming\NetSpeedMonitor
2014-11-18 20:00 - 2014-11-18 20:14 - 00000000 ____D () C:\Program Files\NetSpeedMonitor
2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2014-11-17 14:58 - 2014-12-15 18:55 - 00018944 _____ () C:\Users\RalfManuela\Desktop\advent.xls
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 16:38 - 2013-06-15 10:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-17 16:36 - 2013-03-21 22:00 - 00000000 ____D () C:\Users\RalfManuela\Downloads\Maleware
2014-12-17 16:35 - 2011-05-12 15:02 - 00000000 ____D () C:\Users\RalfManuela
2014-12-17 16:28 - 2012-03-30 20:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-17 16:27 - 2013-06-19 20:38 - 00000000 ____D () C:\Users\RalfManuela\AppData\Roaming\Skype
2014-12-17 16:07 - 2010-09-21 15:38 - 01575593 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 16:04 - 2013-09-03 17:41 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 15:45 - 2012-11-25 09:04 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3326214151-3358978863-4268213387-1001UA.job
2014-12-17 15:17 - 2013-09-01 14:53 - 00094026 _____ () C:\Windows\setupact.log
2014-12-17 15:17 - 2011-05-12 15:37 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-12-17 07:30 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-17 07:30 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-17 07:22 - 2013-09-03 17:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-17 07:20 - 2011-05-12 15:36 - 00000000 ____D () C:\Windows\SysWOW64\logishrd
2014-12-17 07:20 - 2011-05-12 15:36 - 00000000 ____D () C:\Windows\system32\logishrd
2014-12-17 07:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 23:05 - 2014-01-06 17:52 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-16 21:44 - 2012-11-25 09:04 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3326214151-3358978863-4268213387-1001Core.job
2014-12-16 15:12 - 2013-01-10 16:44 - 00261824 _____ () C:\Windows\PFRO.log
2014-12-16 15:08 - 2014-06-14 14:08 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-16 15:08 - 2014-01-06 17:58 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-12-16 15:08 - 2013-06-15 10:53 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-16 15:08 - 2013-06-15 10:53 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-16 15:08 - 2013-06-15 10:53 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-16 15:08 - 2013-06-15 10:53 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-16 15:08 - 2013-06-15 10:53 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-16 15:07 - 2013-06-15 10:53 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-15 09:35 - 2012-10-16 19:29 - 00000000 ____D () C:\Users\RalfManuela\Downloads\Video
2014-12-14 22:51 - 2013-06-03 11:45 - 00000000 ____D () C:\Users\RalfManuela\Documents\Mount&Blade Warband Savegames
2014-12-12 11:07 - 2011-10-20 10:11 - 00000000 ____D () C:\Users\RalfManuela\Documents\Ralf
2014-12-11 18:00 - 2011-12-17 12:12 - 00000000 ____D () C:\Users\RalfManuela\Downloads\Adobe
2014-12-11 10:43 - 2012-11-03 18:02 - 00000000 ____D () C:\Users\RalfManuela\Downloads\GeoCaching
2014-12-11 10:42 - 2013-11-23 14:03 - 00000000 ____D () C:\Users\RalfManuela\Downloads\Verschiedenes
2014-12-11 10:33 - 2011-05-19 09:39 - 00000000 ____D () C:\Users\RalfManuela\Downloads\Acer
2014-12-11 07:29 - 2012-03-30 20:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 07:29 - 2012-03-30 20:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 07:29 - 2011-05-13 16:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 20:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 19:28 - 2011-06-01 16:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 19:27 - 2013-08-14 18:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 19:22 - 2011-05-13 11:37 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 09:43 - 2014-09-24 18:08 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-10 09:43 - 2013-06-19 20:35 - 00000000 ____D () C:\ProgramData\Skype
2014-12-10 07:30 - 2014-10-18 12:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-08 10:57 - 2013-06-16 09:16 - 00000000 ____D () C:\Users\RalfManuela\Downloads\Java
2014-12-06 22:31 - 2011-12-03 10:42 - 00000000 ____D () C:\ProgramData\DivX
2014-12-06 22:30 - 2013-11-23 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-12-06 22:30 - 2011-12-03 10:44 - 00000000 ____D () C:\Program Files\DivX
2014-12-06 22:30 - 2011-12-03 10:43 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-05 18:20 - 2011-10-30 08:34 - 00000000 ____D () C:\Users\RalfManuela\Documents\Urlaub
2014-11-30 15:10 - 2009-07-14 05:45 - 00355592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-30 12:02 - 2011-05-12 16:01 - 00085752 _____ () C:\Users\RalfManuela\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-30 09:25 - 2013-09-28 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-30 09:25 - 2011-12-17 11:32 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-30 09:25 - 2010-07-13 13:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-11-30 09:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-30 09:24 - 2014-08-28 08:49 - 00000000 ____D () C:\Program Files\Java
2014-11-30 09:24 - 2011-05-17 16:57 - 00000000 ____D () C:\ProgramData\Real
2014-11-18 06:35 - 2011-06-09 18:21 - 00000000 ____D () C:\Windows\Minidump
2014-11-17 12:21 - 2013-09-04 10:55 - 00597354 ____N () C:\Windows\Minidump\111814-21606-01.dmp
Some content of TEMP:
====================
C:\Users\RalfManuela\AppData\Local\Temp\avgnt.exe
C:\Users\RalfManuela\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\RalfManuela\AppData\Local\Temp\genteert.dll
C:\Users\RalfManuela\AppData\Local\Temp\icqsetup.exe
C:\Users\RalfManuela\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\RalfManuela\AppData\Local\Temp\nvStInst.exe
C:\Users\RalfManuela\AppData\Local\Temp\Quarantine.exe
C:\Users\RalfManuela\AppData\Local\Temp\ResetDevice.exe
C:\Users\RalfManuela\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\RalfManuela\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2012-12-06 19:04
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
Log von frst addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by RalfManuela at 2014-12-17 16:40:43
Running from C:\Users\RalfManuela\Downloads\Maleware
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
Advanced Office Password Recovery (HKLM-x32\...\{85A9C830-7FA6-4C8C-A1B9-14C8D423B2A4}) (Version: 5.4.547.483 - Elcomsoft Co. Ltd.)
Any Video Converter 3.3.2 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVNavigator (HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\AVNavigator) (Version: VSX-921 - PIONEER CORPORATION)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
bcTester 4.9 (de) (HKLM-x32\...\{CD27A577-BD77-481D-9E07-314AE9059A77}) (Version: 4.9.0 - QS QualitySoft GmbH)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
BlazeHDAV 6.0 (HKLM-x32\...\BlazeHDAV 6.0_is1) (Version: - )
Break'n'Run (HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\Break'n'Run) (Version: - )
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
CameraHelperMsi (x32 Version: 13.00.1774.0 - Logitech) Hidden
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - )
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.30.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.0.6 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
CCS64 V3.9 (HKLM-x32\...\{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}) (Version: 1.0.0 - Computerbrains C.C.S.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2838 - CDBurnerXP)
Cross+A (Deutsch) (HKLM-x32\...\Cross+A (Deutsch)) (Version: 8.26.0.1041 - Sergey Kutasov, Ilya Morozov)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DTMF_Decoder 1.20 (HKLM-x32\...\DTMF_Decoder 1.20) (Version: - )
Emu64 V4.30 (HKLM-x32\...\{FB1EBA58-4829-4AE5-A9C8-7170E7BA7005}) (Version: 4.3.0003 - ALFSOFT)
ENIGMA (HKLM-x32\...\ST5UNST #1) (Version: - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Exifer (HKLM-x32\...\Exifer_is1) (Version: - Friedemann Schmidt)
Falk Device Plugin (HKLM-x32\...\{CA4CB264-37D0-447E-A79D-5D836C7475D2}) (Version: 1.0.6.0 - Falk)
Falk Navi-Manager (HKLM-x32\...\{3222B0CE-59C5-4CA0-B545-2B88F200756B}) (Version: 2.8.0 - Falk Navigation GmbH)
Falk Navi-Manager (x32 Version: 2.1.3 - Falk Marcopolo Interactive GmbH) Hidden
Falk Navi-Manager (x32 Version: 2.7.0 - Falk Navigation GmbH) Hidden
Falk Navi-Manager (x32 Version: 2.8.0 - Falk Navigation GmbH) Hidden
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
FILEminimizer Pictures (HKLM-x32\...\FILEminimizer Pictures_is1) (Version: - balesio AG)
FileParade Bundle (HKLM-x32\...\FileParade Bundle) (Version: 1.0.0.0 - FileParade Bundle) <==== ATTENTION!
GCTool (HKLM-x32\...\{4243454B-41D0-4CC1-8E03-46AA8C22BAA2}) (Version: 1.6.1 - Gpsgek)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GeoCacheConv V1.2.0.2 (HKLM-x32\...\GeoCacheConv V1.2.0.2_is1) (Version: - Heinrich Neupert)
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.31.0 - International GeoGebra Institute)
GeoGebra 4.2 (HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\GeoGebra 4.2) (Version: - International GeoGebra Institute)
GeoGebraPrim (HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\GeoGebraPrim) (Version: - International GeoGebra Institute)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Groundspeak Wherigo Builder (HKLM-x32\...\{523D8C1B-3309-4F8E-A15B-6C0E8A0B7D72}) (Version: 2.0.5129 - Groundspeak)
Hitman: Codename 47 version 1.2 (HKLM-x32\...\{A16EC86A-55AB-4311-BC72-E02C536AF7A1}_is1) (Version: 1.2 - Square Enix)
HTML5 Video Player 1.2.5 (HKLM\...\HTML5 Video Player_is1) (Version: 1.2.5 - SocuSoft Co.,Ltd)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagesInfo Barcode Reader Toolkit 1.9.0 Trial (HKLM-x32\...\ImagesInfo Barcode Reader Toolkit 1.9.0 Trial_is1) (Version: - Imagesinfo)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iSpy (64 bit) (HKLM\...\{CCD442AB-5968-4953-8D79-852590977A1F}) (Version: 6.2.9 - iSpy)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 8.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.00.1774.0 - Logitech) Hidden
Magellan Communicator (HKLM-x32\...\InstallShield_{0FD5FD0B-4BA6-47A1-99C3-F8A964C3CCA5}) (Version: 1.15.020 - Magellan Navigation, Inc.)
Magellan Communicator (x32 Version: 1.15.020 - Magellan Navigation, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 SDK (x64) - ENU (HKLM\...\Microsoft .NET Framework 2.0 SDK (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.09.02.910 - Huawei Technologies Co.,Ltd)
Mopsos 1.0.118 28.11.2011 (HKLM-x32\...\KoenigDickBauchMopsos_is1) (Version: - Bornhaupt)
MopsosScript version 1.0 (HKLM-x32\...\MopsosScript_is1) (Version: 1.0 - )
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version: - )
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5903 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera 12.16 (HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera 12.17 (HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 24.0.1558.64 (HKLM-x32\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.37 - Saal Digital Fotoservice GmbH)
Saal Design Software (x32 Version: 3.2.37 - Saal Digital Fotoservice GmbH) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
SMI Grabber Device (HKLM-x32\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.26 - Somagic)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
swMSM (x32 Version: 12.0.0.1 - ) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.57a - Ghisler Software GmbH)
Tropico 3 1.00 (HKLM-x32\...\Tropico3) (Version: 1.00 - Kalypso Media)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Unity Web Player (HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Urwigo (HKU\S-1-5-21-3326214151-3358978863-4268213387-1001\...\9b616d711397850c) (Version: 1.12.0.136 - Urwigo)
VantagePoint (HKLM-x32\...\InstallShield_{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}) (Version: 2.27.0000 - Magellan Navigation, Inc.)
VantagePoint (x32 Version: 2.27.0000 - Magellan Navigation, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Garden (HKLM-x32\...\Virtual Garden) (Version: - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1) (Version: - Wargaming.net)
XnView 2.22 (HKLM-x32\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3326214151-3358978863-4268213387-1001_Classes\CLSID\{5b618f15-7ee7-4e22-bac5-ea195e3dcc7f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
==================== Restore Points =========================
30-11-2014 08:18:32 Wiederherstellungsvorgang
30-11-2014 08:30:25 avast! antivirus system restore point
30-11-2014 11:26:37 Installed QuickTime 7
10-12-2014 18:16:20 Windows Update
12-12-2014 06:45:53 Windows Update
12-12-2014 10:20:02 Installed iSpy (64 bit)
16-12-2014 14:03:32 avast! antivirus system restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1EE759F9-D05B-4329-8846-906DC53ABEA1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-03] (Google Inc.)
Task: {3CAAA655-EB2A-4821-BDC9-FBCA55EB59FE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3326214151-3358978863-4268213387-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {46DDF5F3-15D7-45B5-B9E4-52D993EC2467} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4ECD0352-8612-4EFC-98D4-B75AE8E633DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {6B59D556-053B-4ECD-A375-3D62BEA84027} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3326214151-3358978863-4268213387-1001UA => C:\Users\RalfManuela\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-25] (Google Inc.)
Task: {6C28B0B8-D41B-489C-91A8-085A379C7D88} - System32\Tasks\{ECE8CCDC-09B7-43D8-892C-1F8B28C04EBC} => pcalua.exe -a C:\Users\RalfManuela\Downloads\Falk\FalkFN9_F8_F10.exe -d C:\Users\RalfManuela\Downloads\Falk
Task: {6F413178-B4AE-49D9-8140-D5A53606EBE8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3326214151-3358978863-4268213387-1001Core => C:\Users\RalfManuela\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-25] (Google Inc.)
Task: {6F6DA6A5-9577-4CC9-80B4-5DCF7A0F9B4D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3326214151-3358978863-4268213387-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {956509BD-280F-4422-9B2F-B3B9D743889A} - System32\Tasks\Opera scheduled Autoupdate 1412099661 => C:\Program Files (x86)\Opera\launcher.exe [2014-09-25] (Opera Software)
Task: {A673199A-D506-430A-8596-0B6DD2473F0B} - System32\Tasks\{346F45A3-8CF3-4D18-A362-72758C8CE75D} => pcalua.exe -a "C:\Users\RalfManuela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1K14LRKF\dotnetfx[1].exe" -d C:\Users\RalfManuela\Desktop
Task: {C41CDCF0-2533-4B00-BB80-424A8239C097} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-16] (AVAST Software)
Task: {CB3B0B55-6711-407D-80D3-F21ECA804040} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3326214151-3358978863-4268213387-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {DE25453F-38D7-4D74-AD20-1BA26D9B2AFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-03] (Google Inc.)
Task: {F031C0A5-9775-458E-B920-AD883BDC366C} - System32\Tasks\{957FFCD3-1561-4C23-8675-0FB7F43A2366} => pcalua.exe -a C:\Users\RalfManuela\Downloads\mp610swin101ea24.exe -d C:\Users\RalfManuela\Downloads
Task: {F1ABEB09-CE84-4347-87E4-A88661860BA7} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3326214151-3358978863-4268213387-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {F27B2B06-11E2-42D9-84D7-427CB5AFD13A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3326214151-3358978863-4268213387-1001Core.job => C:\Users\RalfManuela\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3326214151-3358978863-4268213387-1001UA.job => C:\Users\RalfManuela\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-02-03 18:43 - 2013-12-19 19:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-06-01 13:43 - 2013-03-01 07:33 - 00650240 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-04-16 02:07 - 2013-04-16 02:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-12-16 15:07 - 2014-12-16 15:07 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-16 15:07 - 2014-12-16 15:07 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-16 17:17 - 2014-12-16 17:17 - 00050477 _____ () C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe
2014-12-16 11:29 - 2014-12-16 11:29 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121600\algo.dll
2014-12-16 15:07 - 2014-12-16 15:07 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-17 11:30 - 2014-12-17 11:30 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121700\algo.dll
2014-06-01 13:43 - 2009-01-10 19:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-06-01 13:43 - 2009-06-23 03:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-06-01 13:43 - 2012-10-31 10:11 - 02417152 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-06-01 13:43 - 2012-10-31 10:14 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-06-01 13:43 - 2013-03-01 07:33 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-06-01 13:43 - 2012-10-31 10:11 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2010-06-28 14:20 - 2010-06-28 14:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 14:12 - 2010-06-28 14:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-12-16 15:08 - 2014-12-16 15:08 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-07-25 07:10 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-08-07 13:44 - 2014-08-04 13:20 - 00052472 _____ () C:\Users\RalfManuela\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-10-15 14:23 - 2014-10-15 14:23 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2010-07-13 12:32 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-12-09 10:21 - 2014-12-09 10:22 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-22 08:35 - 2014-04-14 19:07 - 00018856 _____ () C:\Program Files (x86)\Java\jre7\bin\jp2native.dll
2010-05-07 17:49 - 2010-05-07 17:49 - 01260376 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\UMVPLMute.dll
2010-05-07 17:45 - 2010-05-07 17:45 - 00214872 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\FxPreview.dll
2010-05-07 17:48 - 2010-05-07 17:48 - 01342808 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\MRSystem.dll
2010-05-07 17:47 - 2010-05-07 17:47 - 00133464 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\MapTrackData.dll
2010-05-07 17:48 - 2010-05-07 17:48 - 01322328 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\MMSystem.dll
2010-05-07 17:50 - 2010-05-07 17:50 - 00289624 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\VMSystem.dll
2014-12-11 07:29 - 2014-12-11 07:29 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:32289BE8
AlternateDataStreams: C:\ProgramData\Temp:44712999
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:54403233
AlternateDataStreams: C:\ProgramData\Temp:5539129F
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:9A88B65D
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
AlternateDataStreams: C:\ProgramData\Temp:F8DE80DB
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: WwanSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^RalfManuela^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\899cffe0-0ed0-4c93-aaf6-39e4cfcc9e0b.exe /check
MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: BlazeServoTool => "C:\Program Files (x86)\BlazeVideo\BlazeHDAV 6.0\MediaDetector.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Google Update => "C:\Users\RalfManuela\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: icq => C:\Users\RalfManuela\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\Update\realsched.exe" -osboot
MSCONFIG\startupreg: Updater => C:\ProgramData\Updater\Updater.exe
MSCONFIG\startupreg: VantagePointLite.exe => "C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-3326214151-3358978863-4268213387-500 - Administrator - Disabled)
Gast (S-1-5-21-3326214151-3358978863-4268213387-501 - Limited - Disabled)
RalfManuela (S-1-5-21-3326214151-3358978863-4268213387-1001 - Administrator - Enabled) => C:\Users\RalfManuela
==================== Faulty Device Manager Devices =============
Name: WAN-Miniport (IP)
Description: WAN-Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN-Miniport (IPv6)
Description: WAN-Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN-Miniport (PPPOE)
Description: WAN-Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN-Miniport (PPTP)
Description: WAN-Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN-Miniport (SSTP)
Description: WAN-Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN Miniport (IKEv2) #2
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN-Miniport (L2TP)
Description: WAN-Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WAN-Miniport (Netzwerkmonitor)
Description: WAN-Miniport (Netzwerkmonitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/17/2014 06:43:25 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (12/16/2014 05:09:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/16/2014 05:08:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/16/2014 04:48:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/16/2014 04:45:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/16/2014 04:45:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/16/2014 04:20:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/16/2014 04:17:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/16/2014 07:28:02 AM) (Source: IAStorDataMgrSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
Error: (12/15/2014 07:27:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.22.0.107, Zeitstempel: 0x54772c0a
Name des fehlerhaften Moduls: nvapi.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52b32498
Ausnahmecode: 0xc0000005
Fehleroffset: 0x578731b0
ID des fehlerhaften Prozesses: 0x9d4
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3
System errors:
=============
Error: (12/17/2014 04:41:55 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
Error: (12/17/2014 04:39:53 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
Error: (12/17/2014 04:37:58 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
Error: (12/17/2014 04:35:55 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
Error: (12/17/2014 04:33:52 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
Error: (12/17/2014 04:31:52 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
Error: (12/17/2014 04:29:53 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
Error: (12/17/2014 04:27:51 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
Error: (12/17/2014 04:25:51 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
Error: (12/17/2014 04:23:52 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "Acer" den Befehl "chkdsk" aus.
Microsoft Office Sessions:
=========================
Error: (05/09/2012 05:48:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 357 seconds with 180 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-04-28 18:46:16.819
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\kernel32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 56%
Total physical RAM: 3958.71 MB
Available physical RAM: 1722.21 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 4927.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:685.54 GB) (Free:223.29 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: BCFB2F0D)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=685.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================ Log von gmer: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-17 17:08:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\RALFMA~1\AppData\Local\Temp\uwdcauow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035c1000 45 bytes [01, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800035c102f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076491401 2 bytes JMP 7674b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076491419 2 bytes JMP 7674b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076491431 2 bytes JMP 767c8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007649144a 2 bytes CALL 767248ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764914dd 2 bytes JMP 767c87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764914f5 2 bytes JMP 767c8978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007649150d 2 bytes JMP 767c8698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076491525 2 bytes JMP 767c8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007649153d 2 bytes JMP 7673fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076491555 2 bytes JMP 767468ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007649156d 2 bytes JMP 767c8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076491585 2 bytes JMP 767c8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007649159d 2 bytes JMP 767c865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764915b5 2 bytes JMP 7673fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764915cd 2 bytes JMP 7674b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764916b2 2 bytes JMP 767c8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764916bd 2 bytes JMP 767c85f1 C:\Windows\syswow64\kernel32.dll
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FreeLibraryAndExitThread] [10002370] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread] [100034e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA] [100011e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Program Files\Windows Sidebar\sidebar.exe[896] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtClose] [1c64900] C:\Windows\system32\logishrd\LVPrcInj01.dll
IAT C:\Program Files\Windows Sidebar\sidebar.exe[896] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [1c64570] C:\Windows\system32\logishrd\LVPrcInj01.dll
IAT C:\Program Files\Windows Sidebar\sidebar.exe[896] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [1c646d0] C:\Windows\system32\logishrd\LVPrcInj01.dll
IAT C:\Program Files\Windows Sidebar\sidebar.exe[896] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDuplicateObject] [1c64820] C:\Windows\system32\logishrd\LVPrcInj01.dll
---- Processes - GMER 2.1 ----
Process C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2680](2014-06-01 12:43:16) 0000000000400000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2680](2014-06-01 12:43:16) 000000006fbc0000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2680](2014-06-01 12:43:16) 000000006e940000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2680](2014-06-01 12:43:16) 000000006a1c0000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2680](2014-06-01 12:43:17) 000000006ff00000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2680](2014-06-01 12:43:18) 000000006efc0000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2680](2014-06-01 12:43:17) 000000006ed40000
---- EOF - GMER 2.1 ---- Log von gmer: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-17 17:08:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\RALFMA~1\AppData\Local\Temp\uwdcauow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035c1000 45 bytes [01, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800035c102f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076491401 2 bytes JMP 7674b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076491419 2 bytes JMP 7674b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076491431 2 bytes JMP 767c8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007649144a 2 bytes CALL 767248ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764914dd 2 bytes JMP 767c87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764914f5 2 bytes JMP 767c8978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007649150d 2 bytes JMP 767c8698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076491525 2 bytes JMP 767c8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007649153d 2 bytes JMP 7673fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076491555 2 bytes JMP 767468ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007649156d 2 bytes JMP 767c8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076491585 2 bytes JMP 767c8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007649159d 2 bytes JMP 767c865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764915b5 2 bytes JMP 7673fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764915cd 2 bytes JMP 7674b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764916b2 2 bytes JMP 767c8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\RalfManuela\Downloads\Maleware\Defogger.exe[6876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764916bd 2 bytes JMP 767c85f1 C:\Windows\syswow64\kernel32.dll
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FreeLibraryAndExitThread] [10002370] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread] [100034e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Windows\Explorer.EXE[3792] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA] [100011e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Program Files\Windows Sidebar\sidebar.exe[896] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtClose] [1c64900] C:\Windows\system32\logishrd\LVPrcInj01.dll
IAT C:\Program Files\Windows Sidebar\sidebar.exe[896] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [1c64570] C:\Windows\system32\logishrd\LVPrcInj01.dll
IAT C:\Program Files\Windows Sidebar\sidebar.exe[896] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [1c646d0] C:\Windows\system32\logishrd\LVPrcInj01.dll
IAT C:\Program Files\Windows Sidebar\sidebar.exe[896] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDuplicateObject] [1c64820] C:\Windows\system32\logishrd\LVPrcInj01.dll
---- Processes - GMER 2.1 ----
Process C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2680](2014-06-01 12:43:16) 0000000000400000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2680](2014-06-01 12:43:16) 000000006fbc0000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2680](2014-06-01 12:43:16) 000000006e940000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2680](2014-06-01 12:43:16) 000000006a1c0000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2680](2014-06-01 12:43:17) 000000006ff00000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2680](2014-06-01 12:43:18) 000000006efc0000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2680](2014-06-01 12:43:17) 000000006ed40000
---- EOF - GMER 2.1 ---- |