| |
| |||||||
Log-Analyse und Auswertung: Adserverplus komplett entfernt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.08.2013, 22:47
| #1 |
| |  Adserverplus komplett entfernt? Guten Abend, ich hatte ein Problem mit Popups von ad.adserverplus.com. Daraufhin habe ich nach einiger Lektüre hier im Forum AdwCleaner laufen lassen und mir unbekannte Einträge löschen lassen. Die Popups tauchen jetzt auch nicht mehr auf. Jetzt bin ich mir aber unsicher ob ich diesen Trojaner (falls es einer war) vollständig los bin. Wäre jemand so nett und könnte über die log Files mal drüberschauen? --AdwareCleaner Suche Code:
ATTFilter # AdwCleaner v2.306 - Datei am 03/08/2013 um 09:57:52 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Volker - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Volker\Downloads\adwcleaner06.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\ProgramData\BetterSoft
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search-oNewwTab
Ordner Gefunden : C:\ProgramData\safE savve
Ordner Gefunden : C:\ProgramData\Search-oNewwTab
Ordner Gefunden : C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\icknfippomoadpmdfmgaliapkjcibhjd
Ordner Gefunden : C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldghdidjjigpanbjnjmfhgkhpijefbm
Ordner Gefunden : C:\Users\Volker\AppData\LocalLow\AVG Security Toolbar
Ordner Gefunden : C:\Users\Volker\AppData\LocalLow\safE savve
Ordner Gefunden : C:\Users\Volker\AppData\LocalLow\Search-oNewwTab
Ordner Gefunden : C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\wgf6wtky.default\extensions\8hr3@qbrr.org
Ordner Gefunden : C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\wgf6wtky.default\extensions\8qsrq_wvdw@iuuua-momqdq.com
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{24180EFF-5D9F-00B8-BE60-DD9A3B2AD0DE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{24180EFF-5D9F-00B8-BE60-DD9A3B2AD0DE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{24180EFF-5D9F-00B8-BE60-DD9A3B2AD0DE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24180EFF-5D9F-00B8-BE60-DD9A3B2AD0DE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\wgf6wtky.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [5323 octets] - [03/08/2013 09:57:52]
########## EOF - C:\AdwCleaner[R1].txt - [5383 octets] ##########
Code:
ATTFilter # AdwCleaner v2.306 - Datei am 03/08/2013 um 10:01:21 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Volker - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Volker\Downloads\adwcleaner06.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\safE savve
Ordner Gelöscht : C:\ProgramData\Search-oNewwTab
Ordner Gelöscht : C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\icknfippomoadpmdfmgaliapkjcibhjd
Ordner Gelöscht : C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldghdidjjigpanbjnjmfhgkhpijefbm
Ordner Gelöscht : C:\Users\Volker\AppData\LocalLow\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Volker\AppData\LocalLow\safE savve
Ordner Gelöscht : C:\Users\Volker\AppData\LocalLow\Search-oNewwTab
Ordner Gelöscht : C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\wgf6wtky.default\extensions\8hr3@qbrr.org
Ordner Gelöscht : C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\wgf6wtky.default\extensions\8qsrq_wvdw@iuuua-momqdq.com
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{24180EFF-5D9F-00B8-BE60-DD9A3B2AD0DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{24180EFF-5D9F-00B8-BE60-DD9A3B2AD0DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\wgf6wtky.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [5438 octets] - [03/08/2013 09:57:52]
AdwCleaner[R2].txt - [4760 octets] - [03/08/2013 10:01:07]
AdwCleaner[S1].txt - [4705 octets] - [03/08/2013 10:01:21]
########## EOF - C:\AdwCleaner[S1].txt - [4765 octets] ##########
--OTL Scan: Code:
ATTFilter OTL logfile created on: 03.08.2013 21:23:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,89 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 60,03% Memory free 7,78 Gb Paging File | 5,96 Gb Available in Paging File | 76,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,17 Gb Total Space | 325,17 Gb Free Space | 54,54% Space Free | Partition Type: NTFS Drive D: | 13,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 1,86 Gb Total Space | 0,70 Gb Free Space | 37,52% Space Free | Partition Type: FAT Computer Name: LAPTOP | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\*****\Desktop\adwcleaner06.exe () PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe () PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\congstar\Internetmanager\Bin\mcserver.exe (ZTE) PRC - C:\Program Files (x86)\congstar\Internetmanager\Bin\db_daemon.exe () PRC - C:\Program Files (x86)\congstar\Internetmanager\Bin\dbus-daemon.exe () PRC - C:\Program Files (x86)\congstar\Internetmanager\Bin\gconfd-2.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\*****\Desktop\adwcleaner06.exe () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\audio.dll () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\itapi.dll () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\coder.dll () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\log.dll () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\libctlsvr.dll () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\db_daemon.exe () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\dbus-daemon.exe () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\gconfd-2.exe () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\libgconfbackend-xml.dll () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\libgconf-2.dll () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\dbus-1.dll () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\sqlite3.dll () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\zlib1.dll () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\libxml2.dll () MOD - C:\Program Files (x86)\congstar\Internetmanager\Bin\libexpat.dll () ========== Services (SafeList) ========== SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe (Andrea Electronics Corporation) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (UsbClientService) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (UNS) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Credential Vault Host Control Service) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) SRV - (Credential Vault Host Storage) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe (IDT, Inc.) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe (Andrea Electronics Corporation) SRV - (ASFAgent) -- C:\Programme\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\busenum.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group) DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NETwNv64) -- C:\Windows\SysNative\drivers\NETwNv64.sys (Intel Corporation) DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (HSPADataCardusbser) -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys (HSPADataCard Incorporated) DRV:64bit: - (HSPADataCardusbnmea) -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys (HSPADataCard Incorporated) DRV:64bit: - (HSPADataCardusbmdm) -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys (HSPADataCard Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\drivers\IT9135BDA.sys (ITE ) DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.) DRV:64bit: - (smsbda) -- C:\Windows\SysNative\drivers\smsbda.sys (Siano) DRV:64bit: - (cvusbdrv) -- C:\Windows\SysNative\drivers\cvusbdrv.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (d553scard) -- C:\Windows\SysNative\drivers\d553scard.sys (Dell) DRV:64bit: - (d553gps) -- C:\Windows\SysNative\drivers\d553gps64.sys (Dell) DRV:64bit: - (d553unic) -- C:\Windows\SysNative\drivers\d553unic.sys (MCCI Corporation) DRV:64bit: - (d553nd5) -- C:\Windows\SysNative\drivers\d553nd5.sys (MCCI Corporation) DRV:64bit: - (d553mdm2) -- C:\Windows\SysNative\drivers\d553mdm2.sys (MCCI Corporation) DRV:64bit: - (d553mdm) -- C:\Windows\SysNative\drivers\d553mdm.sys (MCCI Corporation) DRV:64bit: - (d553card) -- C:\Windows\SysNative\drivers\d553card.sys (MCCI Corporation) DRV:64bit: - (d553bus) -- C:\Windows\SysNative\drivers\d553bus.sys (MCCI Corporation) DRV:64bit: - (d553mdfl2) -- C:\Windows\SysNative\drivers\d553mdfl2.sys (MCCI Corporation) DRV:64bit: - (d553mdfl) -- C:\Windows\SysNative\drivers\d553mdfl.sys (MCCI Corporation) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (PBADRV) -- C:\Windows\SysNative\drivers\PBADRV.SYS (Dell Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\InprocServer32 File not found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\InprocServer32 File not found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 AF F0 AC 8D D0 CB 01 [binary data] IE - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000\..\SearchScopes,DefaultScope = {6565280F-D675-4DE6-9955-CCEA3D1F5218} IE - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000\..\SearchScopes\{6565280F-D675-4DE6-9955-CCEA3D1F5218}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000\..\SearchScopes\{939964EB-8704-48E0-B7D9-6004FA391F38}: "URL" = hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=de IE - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\congstar\Internetmanager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.02 22:28:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.02 22:28:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.02 22:28:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.02 22:28:45 | 000,000,000 | ---D | M] [2011.06.17 22:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2013.08.03 10:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wgf6wtky.default\extensions [2012.10.29 23:56:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\wgf6wtky.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.07.02 22:28:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.07.02 22:28:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.07.02 22:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.02 22:29:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== O1 HOSTS File: ([2011.03.09 23:44:35 | 000,000,789 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000..\Run: [] File not found O4 - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000\..Trusted Domains: fritz.repeater ([]* in Local intranet) O15 - HKU\S-1-5-21-1762200333-1665312285-2198996748-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab (SysInfo Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39E6F07B-1958-4E9D-A61B-BC375F9BB3EC}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{aff89aac-2ca6-11e1-8e96-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{aff89aac-2ca6-11e1-8e96-028037ec0200}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.08.03 21:22:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.08.02 22:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Synology [2013.08.02 22:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology [2013.08.02 22:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology [2013.07.31 13:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.07.30 07:08:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013.07.25 22:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp [2013.07.25 22:20:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Programs [2013.07.25 22:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013.07.24 23:13:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.07.24 23:08:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\GARMIN_Corp [2013.07.20 01:51:00 | 000,311,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys [2013.07.20 01:50:56 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys [2013.07.20 01:50:56 | 000,071,480 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys [2013.07.20 01:50:50 | 000,206,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2013.07.10 01:32:38 | 000,045,880 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys [2013.07.08 18:27:56 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Garmin [2013.07.08 18:20:57 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Garmin [2013.07.08 18:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.07.08 18:15:13 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2011.02.20 18:21:09 | 004,055,568 | ---- | C] (Dell Inc.) -- C:\Users\*****\AppData\Roaming\DRVR_WIN_R257446.EXE ========== Files - Modified Within 30 Days ========== [2013.08.03 21:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.08.03 21:17:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.08.03 20:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.08.03 17:27:35 | 000,010,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.08.03 17:27:35 | 000,010,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.08.03 17:19:30 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.08.03 17:18:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.08.03 17:18:55 | 3133,079,552 | -HS- | M] () -- C:\hiberfil.sys [2013.08.03 09:55:17 | 000,666,633 | ---- | M] () -- C:\Users\*****\Desktop\adwcleaner06.exe [2013.08.02 22:43:38 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.08.02 22:43:38 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.08.02 22:43:38 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.08.02 22:43:38 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.08.02 22:43:38 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.08.02 22:36:51 | 000,001,198 | ---- | M] () -- C:\Users\Public\Desktop\Synology Assistant.lnk [2013.07.31 13:46:24 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.07.26 03:47:47 | 004,917,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.25 22:30:50 | 000,001,125 | ---- | M] () -- C:\Users\*****\Desktop\Continue Zip Opener Installation.lnk [2013.07.20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys [2013.07.20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys [2013.07.20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys [2013.07.20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2013.07.10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys [2013.07.08 21:45:47 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk ========== Files Created - No Company Name ========== [2013.08.03 10:23:49 | 000,666,633 | ---- | C] () -- C:\Users\*****\Desktop\adwcleaner06.exe [2013.08.02 22:36:51 | 000,001,198 | ---- | C] () -- C:\Users\Public\Desktop\Synology Assistant.lnk [2013.07.25 22:30:50 | 000,001,125 | ---- | C] () -- C:\Users\*****\Desktop\Continue Zip Opener Installation.lnk [2013.07.08 18:20:22 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk [2012.10.07 13:23:10 | 000,207,488 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2012.10.07 13:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2012.10.07 13:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2012.10.07 13:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2012.07.16 22:08:21 | 000,193,664 | ---- | C] () -- C:\Windows\SysWow64\bmsdk.exe [2012.07.16 22:08:21 | 000,002,960 | ---- | C] () -- C:\Windows\SysWow64\boc.ini [2012.07.16 22:08:21 | 000,000,517 | ---- | C] () -- C:\Windows\SysWow64\bocinstall.ini [2011.06.20 23:10:00 | 000,007,623 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.10 20:50:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013.01.10 20:50:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2011.06.17 22:38:30 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Lexware [2012.12.11 22:34:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AVG2013 [2012.07.12 21:51:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Avikeq [2012.07.16 21:34:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Eloqba [2011.10.09 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\elsterformular [2011.06.17 22:38:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ericsson [2013.07.24 23:09:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GARMIN [2011.06.17 22:38:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ImgBurn [2011.06.17 22:38:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\InfraRecorder [2011.07.21 22:11:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Internetmanager [2013.02.20 23:15:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lexware [2012.06.16 08:39:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia [2012.06.01 23:37:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Suite [2012.07.22 21:53:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nuqu [2012.06.01 23:33:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite [2012.12.11 22:31:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Für eine kurze Antwort wäre ich sehr dankbar. Einen schönen Abend noch. |
|
04.08.2013, 00:08
| #2 |
| /// the machine /// TB-Ausbilder    | Adserverplus komplett entfernt? Hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
04.08.2013, 20:52
| #3 |
| | Adserverplus komplett entfernt? Hallo Schrauber,
__________________danke für die schnelle Antwort, hier log files: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by Volker (administrator) on 04-08-2013 21:43:30
Running from C:\Users\Volker\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(ZTE) C:\Program Files (x86)\congstar\Internetmanager\Bin\mcserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
() C:\Program Files (x86)\congstar\Internetmanager\Bin\dbus-daemon.exe
() C:\Program Files (x86)\congstar\Internetmanager\Bin\gconfd-2.exe
() C:\Program Files (x86)\congstar\Internetmanager\Bin\db_daemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\system32\dfrgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrvx.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\office\2013\Lxoffice.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\office\2013\PCFK32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
(Freemake) C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroBroker.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [375808 2010-02-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-10] (IDT, Inc.)
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-08-05] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-08] (Garmin Ltd or its subsidiaries)
MountPoints2: {aff89aac-2ca6-11e1-8e96-028037ec0200} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs-x32: acaptuser32.dll [114280 2013-05-08] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files (x86)\congstar\Internetmanager\Bin\mcserver.exe (ZTE)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe (ArcSoft, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6565280F-D675-4DE6-9955-CCEA3D1F5218} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {6565280F-D675-4DE6-9955-CCEA3D1F5218} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {939964EB-8704-48E0-B7D9-6004FA391F38} URL = hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=de
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\wgf6wtky.default
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
FF Extension: No Name - C:\Users\Volker\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\wgf6wtky.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [avg@igeared] C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] C:\Program Files (x86)\congstar\Internetmanager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internetmanager\Bin\addon
Chrome:
=======
==================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [184656 2007-04-19] (Intel Corporation)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-08] (Garmin Ltd or its subsidiaries)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [178712 2010-08-05] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe [244736 2010-03-10] (IDT, Inc.)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2062872 2010-08-05] (Intel Corporation)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] ()
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
R3 d553bus; C:\Windows\System32\DRIVERS\d553bus.sys [325120 2008-12-19] (MCCI Corporation)
R3 d553card; C:\Windows\System32\DRIVERS\d553card.sys [378368 2008-12-19] (MCCI Corporation)
R3 d553gps; C:\Windows\System32\DRIVERS\d553gps64.sys [88104 2009-01-08] (Dell)
R3 d553mdfl; C:\Windows\System32\DRIVERS\d553mdfl.sys [19456 2008-12-19] (MCCI Corporation)
R3 d553mdfl2; C:\Windows\System32\DRIVERS\d553mdfl2.sys [19456 2008-12-19] (MCCI Corporation)
R3 d553mdm; C:\Windows\System32\DRIVERS\d553mdm.sys [422912 2008-12-19] (MCCI Corporation)
R3 d553mdm2; C:\Windows\System32\DRIVERS\d553mdm2.sys [474112 2008-12-19] (MCCI Corporation)
R3 d553nd5; C:\Windows\System32\DRIVERS\d553nd5.sys [34816 2008-12-19] (MCCI Corporation)
R3 d553scard; C:\Windows\System32\DRIVERS\d553scard.sys [57896 2009-04-06] (Dell)
R3 d553unic; C:\Windows\System32\DRIVERS\d553unic.sys [431104 2008-12-19] (MCCI Corporation)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2011-03-28] (Paragon Software Group)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2010-02-11] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2010-02-11] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2010-02-11] (HSPADataCard Incorporated)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-09] (ITE )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 smsbda; C:\Windows\System32\drivers\smsbda.sys [63648 2009-12-03] (Siano)
R1 tcpipBM; C:\Windows\System32\Drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-04 21:42 - 2013-08-04 21:42 - 01781485 _____ (Farbar) C:\Users\Volker\Desktop\FRST64.exe
2013-08-04 21:42 - 2013-08-04 21:42 - 00000000 ____D C:\FRST
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\Users\Volker\Documents\Freemake
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\ProgramData\Freemake
2013-08-04 21:29 - 2013-08-04 21:30 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-08-04 21:28 - 2013-08-04 21:28 - 01271904 _____ (Ellora Assets Corporation ) C:\Users\Volker\Downloads\freemakevideoconvertersetup.exe
2013-08-03 23:19 - 2013-08-03 23:19 - 00002246 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-03 23:11 - 2013-08-03 23:11 - 00001330 _____ C:\AdwCleaner[R5].txt
2013-08-03 22:43 - 2013-08-03 22:43 - 00891098 _____ C:\Users\Volker\Downloads\SecurityCheck.exe
2013-08-03 22:03 - 2013-08-03 22:03 - 00448512 _____ (OldTimer Tools) C:\Users\Volker\Downloads\TFC.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 21:32 - 2013-08-03 21:32 - 00082896 _____ C:\Users\Volker\Desktop\Extras.Txt
2013-08-03 21:32 - 2013-08-03 21:32 - 00001147 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\Users\Volker\AppData\Roaming\Malwarebytes
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-03 21:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-03 21:31 - 2013-08-03 22:20 - 00089844 _____ C:\Users\Volker\Desktop\OTL.Txt
2013-08-03 21:31 - 2013-08-03 21:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Volker\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-03 21:22 - 2013-08-03 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\Volker\Desktop\OTL.exe
2013-08-03 21:01 - 2013-08-03 21:01 - 00001270 _____ C:\AdwCleaner[R4].txt
2013-08-03 10:23 - 2013-08-03 09:55 - 00666633 _____ C:\Users\Volker\Desktop\adwcleaner06.exe
2013-08-03 10:15 - 2013-08-03 10:15 - 00004822 _____ C:\Users\Volker\Desktop\AdwCleaner[S1].txt
2013-08-03 10:13 - 2013-08-03 10:13 - 00001212 _____ C:\AdwCleaner[R3].txt
2013-08-03 10:01 - 2013-08-03 10:02 - 00004822 _____ C:\AdwCleaner[S1].txt
2013-08-03 10:01 - 2013-08-03 10:01 - 00004760 _____ C:\AdwCleaner[R2].txt
2013-08-03 09:57 - 2013-08-03 09:58 - 00005438 _____ C:\AdwCleaner[R1].txt
2013-08-03 09:54 - 2013-08-03 09:55 - 00666633 _____ C:\Users\Volker\Downloads\adwcleaner06.exe
2013-08-02 22:37 - 2013-08-02 22:37 - 00000000 ____D C:\ProgramData\Synology
2013-08-02 22:36 - 2013-08-02 22:36 - 00001198 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2013-08-02 22:36 - 2013-08-02 22:36 - 00000000 ____D C:\Program Files (x86)\Synology
2013-07-30 07:08 - 2013-07-30 07:15 - 00000000 ____D C:\Windows\system32\MRT
2013-07-26 03:11 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 03:11 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 03:11 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 03:11 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 03:11 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 03:11 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 03:11 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 03:11 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 03:11 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 03:11 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-26 03:11 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:11 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 03:11 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 03:10 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 03:10 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 03:10 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 03:10 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 03:10 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 22:30 - 2013-07-25 22:30 - 00793536 _____ C:\Users\Volker\Downloads\ZipOpenerSetup.exe
2013-07-25 22:30 - 2013-07-25 22:30 - 00001125 _____ C:\Users\Volker\Desktop\Continue Zip Opener Installation.lnk
2013-07-25 22:21 - 2013-07-25 22:21 - 00000000 ____D C:\ProgramData\StarApp
2013-07-25 22:18 - 2013-08-03 09:59 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-25 21:25 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-25 21:25 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-25 21:25 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 21:25 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-25 21:24 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-25 21:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-25 21:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-24 23:08 - 2013-07-24 23:08 - 00000000 ____D C:\Users\Volker\AppData\Local\GARMIN_Corp
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-07-08 18:27 - 2013-07-08 21:35 - 00000000 ____D C:\Users\Volker\Documents\Garmin
2013-07-08 18:20 - 2013-07-25 21:22 - 00000000 ____D C:\Users\Volker\AppData\Local\Garmin
2013-07-08 18:20 - 2013-07-08 21:45 - 00001922 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2013-07-08 18:18 - 2013-07-08 21:46 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-08 18:15 - 2013-07-08 18:15 - 00000000 ___HD C:\Windows\AxInstSV
==================== One Month Modified Files and Folders =======
2013-08-04 21:42 - 2013-08-04 21:42 - 01781485 _____ (Farbar) C:\Users\Volker\Desktop\FRST64.exe
2013-08-04 21:42 - 2013-08-04 21:42 - 00000000 ____D C:\FRST
2013-08-04 21:40 - 2011-03-22 12:57 - 00000000 ____D C:\Users\Volker\Documents\Outlook-Dateien
2013-08-04 21:33 - 2012-04-11 10:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\Users\Volker\Documents\Freemake
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\ProgramData\Freemake
2013-08-04 21:30 - 2013-08-04 21:29 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-08-04 21:30 - 2012-10-29 23:53 - 00000000 ____D C:\Users\Volker\AppData\Roaming\vlc
2013-08-04 21:28 - 2013-08-04 21:28 - 01271904 _____ (Ellora Assets Corporation ) C:\Users\Volker\Downloads\freemakevideoconvertersetup.exe
2013-08-04 21:17 - 2011-04-25 21:38 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-04 21:12 - 2011-02-19 23:01 - 00000000 ____D C:\ProgramData\MFAData
2013-08-04 21:10 - 2011-03-18 23:17 - 00000000 ____D C:\ProgramData\Lexware
2013-08-04 00:04 - 2011-04-25 21:38 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-04 00:02 - 2011-06-17 22:08 - 00010544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-04 00:02 - 2011-06-17 22:08 - 00010544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-03 23:58 - 2011-06-17 23:06 - 01978659 _____ C:\Windows\WindowsUpdate.log
2013-08-03 23:54 - 2011-06-17 22:44 - 00165602 _____ C:\Windows\PFRO.log
2013-08-03 23:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-03 23:54 - 2009-07-14 06:51 - 01251935 _____ C:\Windows\setupact.log
2013-08-03 23:19 - 2013-08-03 23:19 - 00002246 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-03 23:11 - 2013-08-03 23:11 - 00001330 _____ C:\AdwCleaner[R5].txt
2013-08-03 22:43 - 2013-08-03 22:43 - 00891098 _____ C:\Users\Volker\Downloads\SecurityCheck.exe
2013-08-03 22:20 - 2013-08-03 21:31 - 00089844 _____ C:\Users\Volker\Desktop\OTL.Txt
2013-08-03 22:03 - 2013-08-03 22:03 - 00448512 _____ (OldTimer Tools) C:\Users\Volker\Downloads\TFC.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 21:55 - 2012-08-31 10:02 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-03 21:55 - 2011-02-20 15:09 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-03 21:32 - 2013-08-03 21:32 - 00082896 _____ C:\Users\Volker\Desktop\Extras.Txt
2013-08-03 21:32 - 2013-08-03 21:32 - 00001147 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\Users\Volker\AppData\Roaming\Malwarebytes
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-03 21:31 - 2013-08-03 21:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Volker\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-03 21:22 - 2013-08-03 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\Volker\Desktop\OTL.exe
2013-08-03 21:01 - 2013-08-03 21:01 - 00001270 _____ C:\AdwCleaner[R4].txt
2013-08-03 10:15 - 2013-08-03 10:15 - 00004822 _____ C:\Users\Volker\Desktop\AdwCleaner[S1].txt
2013-08-03 10:13 - 2013-08-03 10:13 - 00001212 _____ C:\AdwCleaner[R3].txt
2013-08-03 10:02 - 2013-08-03 10:01 - 00004822 _____ C:\AdwCleaner[S1].txt
2013-08-03 10:01 - 2013-08-03 10:01 - 00004760 _____ C:\AdwCleaner[R2].txt
2013-08-03 09:59 - 2013-07-25 22:18 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-03 09:58 - 2013-08-03 09:57 - 00005438 _____ C:\AdwCleaner[R1].txt
2013-08-03 09:55 - 2013-08-03 10:23 - 00666633 _____ C:\Users\Volker\Desktop\adwcleaner06.exe
2013-08-03 09:55 - 2013-08-03 09:54 - 00666633 _____ C:\Users\Volker\Downloads\adwcleaner06.exe
2013-08-02 23:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-02 22:43 - 2011-06-18 07:59 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-02 22:43 - 2011-06-18 07:59 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-02 22:43 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-02 22:37 - 2013-08-02 22:37 - 00000000 ____D C:\ProgramData\Synology
2013-08-02 22:36 - 2013-08-02 22:36 - 00001198 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2013-08-02 22:36 - 2013-08-02 22:36 - 00000000 ____D C:\Program Files (x86)\Synology
2013-07-31 13:46 - 2012-12-11 22:31 - 00001015 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 07:15 - 2013-07-30 07:08 - 00000000 ____D C:\Windows\system32\MRT
2013-07-26 03:47 - 2009-07-14 06:45 - 04917280 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-26 03:46 - 2013-01-24 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-26 03:46 - 2012-05-15 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-26 03:46 - 2012-05-15 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-26 03:44 - 2009-07-14 09:47 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-26 03:44 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-26 03:44 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-26 03:27 - 2011-02-28 20:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-25 22:30 - 2013-07-25 22:30 - 00793536 _____ C:\Users\Volker\Downloads\ZipOpenerSetup.exe
2013-07-25 22:30 - 2013-07-25 22:30 - 00001125 _____ C:\Users\Volker\Desktop\Continue Zip Opener Installation.lnk
2013-07-25 22:21 - 2013-07-25 22:21 - 00000000 ____D C:\ProgramData\StarApp
2013-07-25 22:20 - 2011-04-25 21:38 - 00000000 ____D C:\Users\Volker\AppData\Local\Google
2013-07-25 21:22 - 2013-07-08 18:20 - 00000000 ____D C:\Users\Volker\AppData\Local\Garmin
2013-07-24 23:12 - 2011-04-25 21:38 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-24 23:12 - 2011-04-25 21:38 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-24 23:09 - 2011-07-20 10:39 - 00000000 ____D C:\Users\Volker\AppData\Roaming\GARMIN
2013-07-24 23:08 - 2013-07-24 23:08 - 00000000 ____D C:\Users\Volker\AppData\Local\GARMIN_Corp
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-07-09 01:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-09 01:07 - 2011-07-20 10:32 - 00000000 ____D C:\Program Files (x86)\Garmin
2013-07-08 21:46 - 2013-07-08 18:18 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-08 21:45 - 2013-07-08 18:20 - 00001922 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2013-07-08 21:45 - 2011-07-20 10:33 - 00000000 ____D C:\ProgramData\GARMIN
2013-07-08 21:35 - 2013-07-08 18:27 - 00000000 ____D C:\Users\Volker\Documents\Garmin
2013-07-08 21:21 - 2011-03-18 23:07 - 00000000 ____D C:\Users\Volker\AppData\Local\Lexware
2013-07-08 18:15 - 2013-07-08 18:15 - 00000000 ___HD C:\Windows\AxInstSV
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-03 11:49
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2013 Ran by Volker at 2013-08-04 21:45:18 Running from C:\Users\Volker\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (x32 Version: 9.5.5) Adobe Acrobat 9 Pro Extended 64-bit Add-On (Version: 9.0.0) Adobe Acrobat 9.5.5 - CPSID_83708 (x32) Adobe AIR (x32 Version: 1.5.3.9120) Adobe Community Help (x32 Version: 3.0.0) Adobe Community Help (x32 Version: 3.0.0.400) Adobe Creative Suite 5 Master Collection (x32 Version: 5.0) Adobe Flash Player 10 ActiveX 64-bit (Version: 10.3.162.28) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Media Player (x32 Version: 1.8) Adobe Reader 8.3.1 - Deutsch (x32 Version: 8.3.1) Advanced Security for Outlook (x32 Version: 1.51.0000) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) ArcSoft TotalMedia 3 (x32) AVG 2013 (Version: 13.0.3209) AVG 2013 (Version: 13.0.3392) AVG 2013 (Version: 2013.0.3392) BioAPI Framework (Version: 1.0.1) Bonjour (Version: 3.0.0.10) Brother MFL-Pro Suite MFC-5490CN (x32 Version: 1.2.6.0) congstar Internet-Manager (x32 Version: 1.0.0.4) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Dell 5530 Wireless Broadband Package (Version: 1.0.11.13) Dell ControlVault Host Components Installer 64Bit (Version: 1.7.459.360) Dell Driver Download Manager (HKCU Version: 2.1.0.0) Dell Security Device Driver Pack (x32 Version: 1.4.056) Dell Touchpad (Version: 7.1102.101.102) dows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (Version: 06/15/2009 6.2.0.9000) Driver Install 64-bit (x32 Version: 1.00.0000) Elevated Installer (x32 Version: 2.2.15) ElsterFormular für Unternehmer (x32 Version: 12.4.0.7094u) Ericsson Wireless Manager (x32 Version: 5.2.1045.57) Feedback Tool (x32 Version: 1.2.0) Freemake Video Converter Version 4.0.3 (x32 Version: 4.0.3) Garmin BaseCamp (x32 Version: 4.2.2) Garmin City Navigator Europe NT 2014.10 Update (x32 Version: 17.10.0.0) Garmin Express (x32 Version: 2.2.15) Garmin Express Tray (x32 Version: 2.2.15) Garmin MapSource (x32 Version: 6.13.7.0) Garmin TOPO Deutschland v3 (x32 Version: 3.0.0.0) Garmin Update Service (x32 Version: 2.2.15) Garmin USB Drivers (x32 Version: 2.3.1.0) Garmin WebUpdater (x32 Version: 2.5.6) Google Earth (x32 Version: 7.1.1.1888) Google Update Helper (x32 Version: 1.3.21.153) iCloud (Version: 2.1.2.8) IDT Audio (x32 Version: 1.0.6274.0) ImgBurn (x32 Version: 2.5.5.0) InfraRecorder 0.52 (x64 edition) (Version: 0.52.00.00) Intel PROSet Wireless Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2182) Intel(R) Management Engine Interface Intel(R) Network Connections 16.0.19.0 (Version: 16.0.19.0) Intel(R) PRO Alerting Agent (Version: 12.0.3) Intel(R) PROSet/Wireless WiFi-Software (Version: 13.03.0000) Intel® Active-Management-Technologie iTunes (Version: 11.0.4.4) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Lexware Elster (x32 Version: 13.12.00.0002) Lexware financial office 2013 (x32 Version: 17.07.00.0230) Lexware Info Service (x32 Version: 2.90.00.0009) Lexware online banking (x32 Version: 17.00.00.0186) Magical Jelly Bean KeyFinder (x32 Version: 2.0.8.2) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Outlook 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1) Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVC80_x64_v2 (Version: 1.0.3.0) MSVC80_x86_v2 (x32 Version: 1.0.3.0) MSVC90_x64 (Version: 1.0.1.2) MSVC90_x86 (x32 Version: 1.0.1.2) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Nokia Connectivity Cable Driver (x32 Version: 7.1.78.0) Nokia Suite (x32 Version: 3.4.49.0) Paragon Backup & Recovery™ 2011 Free (x32 Version: 90.00.0003) PC Connectivity Solution (x32 Version: 12.0.17.0) PDF Settings CS5 (x32 Version: 10.0) PlayReady PC Runtime amd64 (Version: 1.3.0) QuickTime (x32 Version: 7.74.80.86) RENESIS® Player Browser Plugins (x32 Version: 1.1.1) RICOH R5C83x/84x Media Driver Ver.3.53.02 (x32 Version: 3.53.02) RICOH R5U241 / R5C847 Media Driver ver.2.04.01.00 (x32 Version: 2.04.01.00) Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005) Skype Click to Call (x32 Version: 5.9.9216) Skype™ 5.10 (x32 Version: 5.10.116) SyncBack (x32) Synology Assistant (remove only) (x32) System Requirements Lab for Intel (x32 Version: 4.4.16.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2494150) (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) UPEK TouchChip Fingerprint Reader (Version: 1.2.0) Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) VLC media player 2.0.4 (x32 Version: 2.0.4) WIDCOMM Bluetooth Software (Version: 6.2.1.100) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0) Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0) WinRAR Archivierer (x32) ==================== Restore Points ========================= 25-07-2013 18:57:45 Windows-Sicherung 26-07-2013 01:00:29 Windows Update 30-07-2013 05:06:44 Windows Update 02-08-2013 20:40:44 Gerätetreiber-Paketinstallation: Synology USB-Controller 03-08-2013 19:41:25 Removed Java(TM) 6 Update 30 03-08-2013 19:43:06 Removed Java(TM) 6 Update 13 (64-bit) 03-08-2013 19:44:58 Removed Java 7 Update 7 03-08-2013 19:54:45 Installed Java 7 Update 25 ==================== Hosts content: ========================== 2006-11-02 14:34 - 2011-03-09 23:44 - 00000789 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {141E302E-5D3C-4031-83C4-8E2D09D7BAB5} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {4B325C18-A6BE-4155-A803-191122F23BE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.) Task: {4BA5F4A0-11C2-4D33-A77B-76871E2FBCE3} - System32\Tasks\Microsoft\Windows Defender\Mp Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {4DE35A3F-781B-437A-90FB-1AF63BA9C4F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.) Task: {6FBDDB9C-6A3B-4413-AA1C-9C9BC04B80E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {7128BCBB-26CE-4BA6-9F6B-8F554746568A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2010-11-20] (Microsoft Corporation) Task: {885CE8E2-FB1E-4976-B19F-55761A7EED99} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs No File Task: {8EC19DC9-8CBC-486A-9E46-46C8202604BB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {B145B674-7931-461A-9216-33E672DE519C} - System32\Tasks\{C65AC620-0172-42A4-8677-CD51A00A9CA1} => C:\dell\drivers\R220877\setup32.exe [2009-04-08] (Dell ) Task: {B9459988-43EE-4111-A62E-7E4F6A2B581B} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: {DD82527E-C486-4D2B-9B9D-905398147F5D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {DE0218D7-1753-4088-BC14-88C60AC5B7EE} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => C:\Program Files\Windows Defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {F37610AF-F823-4108-81D4-5B2E7546F5F8} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {F4DBAE66-BC1C-48C1-9F0B-C4FBCB2C4143} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {F56F438B-74D8-405C-BCFE-A083179E92F6} - System32\Tasks\Launch 846 => C:\Windows\System32\msiexec /q /x {816AC566-D3C7-4372-95B2-4073D475B260} No File Task: {FD8A2715-7226-48C3-B263-69914D1660D7} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {FF53BC52-F368-4962-9C27-0DB2DFB9032C} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs No File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/04/2013 09:30:10 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/04/2013 09:30:10 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/04/2013 09:30:07 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/04/2013 09:30:07 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/04/2013 09:30:07 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/04/2013 09:30:07 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/04/2013 09:25:43 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/04/2013 09:25:39 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/04/2013 09:25:37 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/04/2013 09:25:31 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (08/04/2013 09:44:10 PM) (Source: Disk) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error: (08/04/2013 09:44:06 PM) (Source: Disk) (User: ) Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error: (08/04/2013 00:04:01 AM) (Source: SCardSvr) (User: ) Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00 Error: (08/04/2013 00:04:01 AM) (Source: SCardSvr) (User: ) Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00 Error: (08/04/2013 00:04:01 AM) (Source: SCardSvr) (User: ) Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00 Error: (08/04/2013 00:04:01 AM) (Source: SCardSvr) (User: ) Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00 Error: (08/04/2013 00:04:01 AM) (Source: SCardSvr) (User: ) Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00 Error: (08/04/2013 00:04:01 AM) (Source: SCardSvr) (User: ) Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00 Error: (08/04/2013 00:04:01 AM) (Source: SCardSvr) (User: ) Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00 Error: (08/04/2013 00:04:01 AM) (Source: SCardSvr) (User: ) Description: Ein an das System angeschlossenes Gerät funktioniert nicht.Dell USB Reader 0TRANSMIT00 a4 04 00 Microsoft Office Sessions: ========================= Error: (08/04/2013 09:30:10 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe Error: (08/04/2013 09:30:10 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe Error: (08/04/2013 09:30:07 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe Error: (08/04/2013 09:30:07 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe Error: (08/04/2013 09:30:07 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe Error: (08/04/2013 09:30:07 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe Error: (08/04/2013 09:25:43 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Volker\Downloads\SoftonicDownloader_fuer_4free-video-converter.exe Error: (08/04/2013 09:25:39 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Volker\Downloads\SoftonicDownloader_fuer_4free-video-converter.exe Error: (08/04/2013 09:25:37 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Volker\Downloads\SoftonicDownloader_fuer_4free-video-converter.exe Error: (08/04/2013 09:25:31 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Volker\Downloads\SoftonicDownloader_fuer_4free-video-converter.exe CodeIntegrity Errors: =================================== Date: 2011-06-17 20:36:10.385 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\AVGIDSEH.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-06-17 20:36:10.338 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\AVGIDSEH.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-06-17 20:36:10.291 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\AVGIDSEH.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-06-17 20:36:10.229 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\AVGIDSEH.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-06-17 20:36:10.182 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\AVGIDSEH.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-06-17 20:36:10.120 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\AVGIDSDriver.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-06-17 20:36:10.073 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\AVGIDSDriver.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-06-17 20:36:10.010 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\AVGIDSDriver.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-06-17 20:36:09.964 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\AVGIDSDriver.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-06-17 20:36:09.917 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\AVGIDSDriver.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 66% Total physical RAM: 3983.92 MB Available physical RAM: 1333.34 MB Total Pagefile: 7966.02 MB Available Pagefile: 4965.5 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:596.17 GB) (Free:328.28 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)] Drive d: (Bona) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS Drive e: () (Removable) (Total:1.86 GB) (Free:0.7 GB) FAT (Disk=1 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 349E900A) Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 9D3F5B44) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) ==================== End Of Log ============================ V. |
|
05.08.2013, 08:06
| #4 |
| /// the machine /// TB-Ausbilder | Adserverplus komplett entfernt? Downloade Dir bitte  Malwarebytes Anti-Malware
und ein frisches FRST log bitte 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.08.2013, 12:07
| #5 |
| |  Adserverplus komplett entfernt? Hallo Schrauber, hier das log von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.05.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Volker :: LAPTOP [limitiert] Schutz: Aktiviert 05.08.2013 12:43:47 mbam-log-2013-08-05 (12-43-47).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 243157 Laufzeit: 7 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\$Recycle.Bin\S-1-5-21-1762200333-1665312285-2198996748-1000\$RQC7EPI.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt. (Ende) [CODE FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by Volker (administrator) on 05-08-2013 13:01:37
Running from C:\Users\Volker\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(ZTE) C:\Program Files (x86)\congstar\Internetmanager\Bin\mcserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
() C:\Program Files (x86)\congstar\Internetmanager\Bin\dbus-daemon.exe
() C:\Program Files (x86)\congstar\Internetmanager\Bin\gconfd-2.exe
() C:\Program Files (x86)\congstar\Internetmanager\Bin\db_daemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\system32\dfrgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrvx.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\office\2013\Lxoffice.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\office\2013\PCFK32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
(Freemake) C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroBroker.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Windows\system32\calc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [375808 2010-02-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-10] (IDT, Inc.)
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-08-05] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-08] (Garmin Ltd or its subsidiaries)
MountPoints2: {aff89aac-2ca6-11e1-8e96-028037ec0200} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs-x32: acaptuser32.dll [114280 2013-05-08] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files (x86)\congstar\Internetmanager\Bin\mcserver.exe (ZTE)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe (ArcSoft, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6565280F-D675-4DE6-9955-CCEA3D1F5218} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {6565280F-D675-4DE6-9955-CCEA3D1F5218} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {939964EB-8704-48E0-B7D9-6004FA391F38} URL = hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=de
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\wgf6wtky.default
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
FF Extension: No Name - C:\Users\Volker\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\wgf6wtky.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [avg@igeared] C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] C:\Program Files (x86)\congstar\Internetmanager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internetmanager\Bin\addon
Chrome:
=======
==================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [184656 2007-04-19] (Intel Corporation)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-08] (Garmin Ltd or its subsidiaries)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [178712 2010-08-05] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe [244736 2010-03-10] (IDT, Inc.)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2062872 2010-08-05] (Intel Corporation)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] ()
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
R3 d553bus; C:\Windows\System32\DRIVERS\d553bus.sys [325120 2008-12-19] (MCCI Corporation)
R3 d553card; C:\Windows\System32\DRIVERS\d553card.sys [378368 2008-12-19] (MCCI Corporation)
R3 d553gps; C:\Windows\System32\DRIVERS\d553gps64.sys [88104 2009-01-08] (Dell)
R3 d553mdfl; C:\Windows\System32\DRIVERS\d553mdfl.sys [19456 2008-12-19] (MCCI Corporation)
R3 d553mdfl2; C:\Windows\System32\DRIVERS\d553mdfl2.sys [19456 2008-12-19] (MCCI Corporation)
R3 d553mdm; C:\Windows\System32\DRIVERS\d553mdm.sys [422912 2008-12-19] (MCCI Corporation)
R3 d553mdm2; C:\Windows\System32\DRIVERS\d553mdm2.sys [474112 2008-12-19] (MCCI Corporation)
R3 d553nd5; C:\Windows\System32\DRIVERS\d553nd5.sys [34816 2008-12-19] (MCCI Corporation)
R3 d553scard; C:\Windows\System32\DRIVERS\d553scard.sys [57896 2009-04-06] (Dell)
R3 d553unic; C:\Windows\System32\DRIVERS\d553unic.sys [431104 2008-12-19] (MCCI Corporation)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2011-03-28] (Paragon Software Group)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2010-02-11] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2010-02-11] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2010-02-11] (HSPADataCard Incorporated)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-09] (ITE )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 smsbda; C:\Windows\System32\drivers\smsbda.sys [63648 2009-12-03] (Siano)
R1 tcpipBM; C:\Windows\System32\Drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-04 21:45 - 2013-08-04 21:45 - 00034829 _____ C:\Users\Volker\Desktop\Addition.txt
2013-08-04 21:42 - 2013-08-04 21:42 - 01781485 _____ (Farbar) C:\Users\Volker\Desktop\FRST64.exe
2013-08-04 21:42 - 2013-08-04 21:42 - 00000000 ____D C:\FRST
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\Users\Volker\Documents\Freemake
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\ProgramData\Freemake
2013-08-04 21:29 - 2013-08-04 21:30 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-08-04 21:28 - 2013-08-04 21:28 - 01271904 _____ (Ellora Assets Corporation ) C:\Users\Volker\Downloads\freemakevideoconvertersetup.exe
2013-08-03 23:19 - 2013-08-03 23:19 - 00002246 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-03 23:11 - 2013-08-03 23:11 - 00001330 _____ C:\AdwCleaner[R5].txt
2013-08-03 22:43 - 2013-08-03 22:43 - 00891098 _____ C:\Users\Volker\Downloads\SecurityCheck.exe
2013-08-03 22:03 - 2013-08-03 22:03 - 00448512 _____ (OldTimer Tools) C:\Users\Volker\Downloads\TFC.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 21:32 - 2013-08-03 21:32 - 00082896 _____ C:\Users\Volker\Desktop\Extras.Txt
2013-08-03 21:32 - 2013-08-03 21:32 - 00001147 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\Users\Volker\AppData\Roaming\Malwarebytes
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-03 21:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-03 21:31 - 2013-08-03 22:20 - 00089844 _____ C:\Users\Volker\Desktop\OTL.Txt
2013-08-03 21:31 - 2013-08-03 21:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Volker\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-03 21:22 - 2013-08-03 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\Volker\Desktop\OTL.exe
2013-08-03 21:01 - 2013-08-03 21:01 - 00001270 _____ C:\AdwCleaner[R4].txt
2013-08-03 10:23 - 2013-08-03 09:55 - 00666633 _____ C:\Users\Volker\Desktop\adwcleaner06.exe
2013-08-03 10:15 - 2013-08-03 10:15 - 00004822 _____ C:\Users\Volker\Desktop\AdwCleaner[S1].txt
2013-08-03 10:13 - 2013-08-03 10:13 - 00001212 _____ C:\AdwCleaner[R3].txt
2013-08-03 10:01 - 2013-08-03 10:02 - 00004822 _____ C:\AdwCleaner[S1].txt
2013-08-03 10:01 - 2013-08-03 10:01 - 00004760 _____ C:\AdwCleaner[R2].txt
2013-08-03 09:57 - 2013-08-03 09:58 - 00005438 _____ C:\AdwCleaner[R1].txt
2013-08-03 09:54 - 2013-08-03 09:55 - 00666633 _____ C:\Users\Volker\Downloads\adwcleaner06.exe
2013-08-02 22:37 - 2013-08-02 22:37 - 00000000 ____D C:\ProgramData\Synology
2013-08-02 22:36 - 2013-08-02 22:36 - 00001198 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2013-08-02 22:36 - 2013-08-02 22:36 - 00000000 ____D C:\Program Files (x86)\Synology
2013-07-30 07:08 - 2013-07-30 07:15 - 00000000 ____D C:\Windows\system32\MRT
2013-07-26 03:11 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 03:11 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 03:11 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 03:11 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 03:11 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 03:11 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 03:11 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 03:11 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 03:11 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 03:11 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-26 03:11 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:11 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 03:11 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 03:10 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 03:10 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 03:10 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 03:10 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 03:10 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 22:30 - 2013-07-25 22:30 - 00793536 _____ C:\Users\Volker\Downloads\ZipOpenerSetup.exe
2013-07-25 22:30 - 2013-07-25 22:30 - 00001125 _____ C:\Users\Volker\Desktop\Continue Zip Opener Installation.lnk
2013-07-25 22:21 - 2013-07-25 22:21 - 00000000 ____D C:\ProgramData\StarApp
2013-07-25 22:18 - 2013-08-03 09:59 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-25 21:25 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-25 21:25 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-25 21:25 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 21:25 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-25 21:24 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-25 21:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-25 21:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-24 23:08 - 2013-07-24 23:08 - 00000000 ____D C:\Users\Volker\AppData\Local\GARMIN_Corp
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-07-08 18:27 - 2013-07-08 21:35 - 00000000 ____D C:\Users\Volker\Documents\Garmin
2013-07-08 18:20 - 2013-07-25 21:22 - 00000000 ____D C:\Users\Volker\AppData\Local\Garmin
2013-07-08 18:20 - 2013-07-08 21:45 - 00001922 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2013-07-08 18:18 - 2013-07-08 21:46 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-08 18:15 - 2013-07-08 18:15 - 00000000 ___HD C:\Windows\AxInstSV
==================== One Month Modified Files and Folders =======
2013-08-05 12:34 - 2011-06-17 23:06 - 02020465 _____ C:\Windows\WindowsUpdate.log
2013-08-05 12:33 - 2012-04-11 10:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-05 12:28 - 2011-02-19 23:01 - 00000000 ____D C:\ProgramData\MFAData
2013-08-05 12:23 - 2011-04-25 21:38 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-04 23:46 - 2011-03-22 12:57 - 00000000 ____D C:\Users\Volker\Documents\Outlook-Dateien
2013-08-04 23:17 - 2011-04-25 21:38 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-04 22:32 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-04 21:45 - 2013-08-04 21:45 - 00034829 _____ C:\Users\Volker\Desktop\Addition.txt
2013-08-04 21:42 - 2013-08-04 21:42 - 01781485 _____ (Farbar) C:\Users\Volker\Desktop\FRST64.exe
2013-08-04 21:42 - 2013-08-04 21:42 - 00000000 ____D C:\FRST
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\Users\Volker\Documents\Freemake
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\ProgramData\Freemake
2013-08-04 21:30 - 2013-08-04 21:29 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-08-04 21:30 - 2012-10-29 23:53 - 00000000 ____D C:\Users\Volker\AppData\Roaming\vlc
2013-08-04 21:28 - 2013-08-04 21:28 - 01271904 _____ (Ellora Assets Corporation ) C:\Users\Volker\Downloads\freemakevideoconvertersetup.exe
2013-08-04 21:10 - 2011-03-18 23:17 - 00000000 ____D C:\ProgramData\Lexware
2013-08-04 00:02 - 2011-06-17 22:08 - 00010544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-04 00:02 - 2011-06-17 22:08 - 00010544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-03 23:54 - 2011-06-17 22:44 - 00165602 _____ C:\Windows\PFRO.log
2013-08-03 23:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-03 23:54 - 2009-07-14 06:51 - 01251935 _____ C:\Windows\setupact.log
2013-08-03 23:19 - 2013-08-03 23:19 - 00002246 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-03 23:11 - 2013-08-03 23:11 - 00001330 _____ C:\AdwCleaner[R5].txt
2013-08-03 22:43 - 2013-08-03 22:43 - 00891098 _____ C:\Users\Volker\Downloads\SecurityCheck.exe
2013-08-03 22:20 - 2013-08-03 21:31 - 00089844 _____ C:\Users\Volker\Desktop\OTL.Txt
2013-08-03 22:03 - 2013-08-03 22:03 - 00448512 _____ (OldTimer Tools) C:\Users\Volker\Downloads\TFC.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 21:55 - 2012-08-31 10:02 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-03 21:55 - 2011-02-20 15:09 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-03 21:32 - 2013-08-03 21:32 - 00082896 _____ C:\Users\Volker\Desktop\Extras.Txt
2013-08-03 21:32 - 2013-08-03 21:32 - 00001147 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\Users\Volker\AppData\Roaming\Malwarebytes
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-03 21:31 - 2013-08-03 21:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Volker\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-03 21:22 - 2013-08-03 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\Volker\Desktop\OTL.exe
2013-08-03 21:01 - 2013-08-03 21:01 - 00001270 _____ C:\AdwCleaner[R4].txt
2013-08-03 10:15 - 2013-08-03 10:15 - 00004822 _____ C:\Users\Volker\Desktop\AdwCleaner[S1].txt
2013-08-03 10:13 - 2013-08-03 10:13 - 00001212 _____ C:\AdwCleaner[R3].txt
2013-08-03 10:02 - 2013-08-03 10:01 - 00004822 _____ C:\AdwCleaner[S1].txt
2013-08-03 10:01 - 2013-08-03 10:01 - 00004760 _____ C:\AdwCleaner[R2].txt
2013-08-03 09:59 - 2013-07-25 22:18 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-03 09:58 - 2013-08-03 09:57 - 00005438 _____ C:\AdwCleaner[R1].txt
2013-08-03 09:55 - 2013-08-03 10:23 - 00666633 _____ C:\Users\Volker\Desktop\adwcleaner06.exe
2013-08-03 09:55 - 2013-08-03 09:54 - 00666633 _____ C:\Users\Volker\Downloads\adwcleaner06.exe
2013-08-02 23:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-02 22:43 - 2011-06-18 07:59 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-02 22:43 - 2011-06-18 07:59 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-02 22:43 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-02 22:37 - 2013-08-02 22:37 - 00000000 ____D C:\ProgramData\Synology
2013-08-02 22:36 - 2013-08-02 22:36 - 00001198 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2013-08-02 22:36 - 2013-08-02 22:36 - 00000000 ____D C:\Program Files (x86)\Synology
2013-07-31 13:46 - 2012-12-11 22:31 - 00001015 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 07:15 - 2013-07-30 07:08 - 00000000 ____D C:\Windows\system32\MRT
2013-07-26 03:47 - 2009-07-14 06:45 - 04917280 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-26 03:46 - 2013-01-24 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-26 03:46 - 2012-05-15 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-26 03:46 - 2012-05-15 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-26 03:44 - 2009-07-14 09:47 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-26 03:44 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-26 03:44 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-26 03:27 - 2011-02-28 20:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-25 22:30 - 2013-07-25 22:30 - 00793536 _____ C:\Users\Volker\Downloads\ZipOpenerSetup.exe
2013-07-25 22:30 - 2013-07-25 22:30 - 00001125 _____ C:\Users\Volker\Desktop\Continue Zip Opener Installation.lnk
2013-07-25 22:21 - 2013-07-25 22:21 - 00000000 ____D C:\ProgramData\StarApp
2013-07-25 22:20 - 2011-04-25 21:38 - 00000000 ____D C:\Users\Volker\AppData\Local\Google
2013-07-25 21:22 - 2013-07-08 18:20 - 00000000 ____D C:\Users\Volker\AppData\Local\Garmin
2013-07-24 23:12 - 2011-04-25 21:38 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-24 23:12 - 2011-04-25 21:38 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-24 23:09 - 2011-07-20 10:39 - 00000000 ____D C:\Users\Volker\AppData\Roaming\GARMIN
2013-07-24 23:08 - 2013-07-24 23:08 - 00000000 ____D C:\Users\Volker\AppData\Local\GARMIN_Corp
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-07-09 01:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-09 01:07 - 2011-07-20 10:32 - 00000000 ____D C:\Program Files (x86)\Garmin
2013-07-08 21:46 - 2013-07-08 18:18 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-08 21:45 - 2013-07-08 18:20 - 00001922 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2013-07-08 21:45 - 2011-07-20 10:33 - 00000000 ____D C:\ProgramData\GARMIN
2013-07-08 21:35 - 2013-07-08 18:27 - 00000000 ____D C:\Users\Volker\Documents\Garmin
2013-07-08 21:21 - 2011-03-18 23:07 - 00000000 ____D C:\Users\Volker\AppData\Local\Lexware
2013-07-08 18:15 - 2013-07-08 18:15 - 00000000 ___HD C:\Windows\AxInstSV
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-03 11:49
==================== End Of Log ============================
][/CODE] Danke nochmal und beste Grüße, V. |
|
05.08.2013, 13:40
| #6 |
| /// the machine /// TB-Ausbilder | Adserverplus komplett entfernt? Sieht gut aus, noch nen Onlinescan und wir sollten durch sein. Noch Probleme? ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte.
__________________ --> Adserverplus komplett entfernt? |
|
07.08.2013, 19:50
| #7 |
| | Adserverplus komplett entfernt? Hallo Schrauber, das eset log hat keine Infizierungen angezeigt. Den Log hab ich dummerweise mit der Deinstallation des Programms gelöscht. Hier das Log security check: Code:
ATTFilter Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-08-2013 04
Ran by Volker (administrator) on 07-08-2013 20:43:40
Running from C:\Users\Volker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6FWYGQE
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ZTE) C:\Program Files (x86)\congstar\Internetmanager\Bin\mcserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
() C:\Program Files (x86)\congstar\Internetmanager\Bin\dbus-daemon.exe
() C:\Program Files (x86)\congstar\Internetmanager\Bin\gconfd-2.exe
() C:\Program Files (x86)\congstar\Internetmanager\Bin\db_daemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
(Freemake) C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroBroker.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Windows\system32\calc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files (x86)\Synology\Assistant\DSAssistant.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\office\2013\Lxoffice.exe
() C:\Users\Volker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C9TSXE3N\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [375808 2010-02-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-10] (IDT, Inc.)
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-08-05] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
MountPoints2: {aff89aac-2ca6-11e1-8e96-028037ec0200} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs-x32: acaptuser32.dll [114280 2013-05-08] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files (x86)\congstar\Internetmanager\Bin\mcserver.exe (ZTE)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe (ArcSoft, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6565280F-D675-4DE6-9955-CCEA3D1F5218} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {6565280F-D675-4DE6-9955-CCEA3D1F5218} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {939964EB-8704-48E0-B7D9-6004FA391F38} URL = hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=de
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\wgf6wtky.default
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
FF Extension: No Name - C:\Users\Volker\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\wgf6wtky.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [avg@igeared] C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] C:\Program Files (x86)\congstar\Internetmanager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internetmanager\Bin\addon
Chrome:
=======
==================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [184656 2007-04-19] (Intel Corporation)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [178712 2010-08-05] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe [244736 2010-03-10] (IDT, Inc.)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2062872 2010-08-05] (Intel Corporation)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] ()
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
R3 d553bus; C:\Windows\System32\DRIVERS\d553bus.sys [325120 2008-12-19] (MCCI Corporation)
R3 d553card; C:\Windows\System32\DRIVERS\d553card.sys [378368 2008-12-19] (MCCI Corporation)
R3 d553gps; C:\Windows\System32\DRIVERS\d553gps64.sys [88104 2009-01-08] (Dell)
R3 d553mdfl; C:\Windows\System32\DRIVERS\d553mdfl.sys [19456 2008-12-19] (MCCI Corporation)
R3 d553mdfl2; C:\Windows\System32\DRIVERS\d553mdfl2.sys [19456 2008-12-19] (MCCI Corporation)
R3 d553mdm; C:\Windows\System32\DRIVERS\d553mdm.sys [422912 2008-12-19] (MCCI Corporation)
R3 d553mdm2; C:\Windows\System32\DRIVERS\d553mdm2.sys [474112 2008-12-19] (MCCI Corporation)
R3 d553nd5; C:\Windows\System32\DRIVERS\d553nd5.sys [34816 2008-12-19] (MCCI Corporation)
R3 d553scard; C:\Windows\System32\DRIVERS\d553scard.sys [57896 2009-04-06] (Dell)
R3 d553unic; C:\Windows\System32\DRIVERS\d553unic.sys [431104 2008-12-19] (MCCI Corporation)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2011-03-28] (Paragon Software Group)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2010-02-11] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2010-02-11] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2010-02-11] (HSPADataCard Incorporated)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-09] (ITE )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 smsbda; C:\Windows\System32\drivers\smsbda.sys [63648 2009-12-03] (Siano)
R1 tcpipBM; C:\Windows\System32\Drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-06 23:55 - 2013-08-06 23:55 - 00000000 ____H C:\Users\Volker\Documents\Default.rdp
2013-08-06 23:39 - 2013-08-06 23:39 - 00001922 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2013-08-05 13:03 - 2013-08-05 13:04 - 00038310 _____ C:\Users\Volker\Desktop\FRST.txt
2013-08-04 21:45 - 2013-08-05 13:03 - 00022836 _____ C:\Users\Volker\Desktop\Addition.txt
2013-08-04 21:42 - 2013-08-04 21:42 - 01781485 _____ (Farbar) C:\Users\Volker\Desktop\FRST64.exe
2013-08-04 21:42 - 2013-08-04 21:42 - 00000000 ____D C:\FRST
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\Users\Volker\Documents\Freemake
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\ProgramData\Freemake
2013-08-04 21:29 - 2013-08-04 21:30 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-08-04 21:28 - 2013-08-04 21:28 - 01271904 _____ (Ellora Assets Corporation ) C:\Users\Volker\Downloads\freemakevideoconvertersetup.exe
2013-08-03 23:19 - 2013-08-03 23:19 - 00002246 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-03 23:11 - 2013-08-03 23:11 - 00001330 _____ C:\AdwCleaner[R5].txt
2013-08-03 22:43 - 2013-08-03 22:43 - 00891098 _____ C:\Users\Volker\Downloads\SecurityCheck.exe
2013-08-03 22:03 - 2013-08-03 22:03 - 00448512 _____ (OldTimer Tools) C:\Users\Volker\Downloads\TFC.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 21:32 - 2013-08-03 21:32 - 00082896 _____ C:\Users\Volker\Desktop\Extras.Txt
2013-08-03 21:32 - 2013-08-03 21:32 - 00001147 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\Users\Volker\AppData\Roaming\Malwarebytes
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-03 21:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-03 21:31 - 2013-08-03 22:20 - 00089844 _____ C:\Users\Volker\Desktop\OTL.Txt
2013-08-03 21:31 - 2013-08-03 21:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Volker\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-03 21:22 - 2013-08-03 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\Volker\Desktop\OTL.exe
2013-08-03 21:01 - 2013-08-03 21:01 - 00001270 _____ C:\AdwCleaner[R4].txt
2013-08-03 10:23 - 2013-08-03 09:55 - 00666633 _____ C:\Users\Volker\Desktop\adwcleaner06.exe
2013-08-03 10:15 - 2013-08-03 10:15 - 00004822 _____ C:\Users\Volker\Desktop\AdwCleaner[S1].txt
2013-08-03 10:13 - 2013-08-03 10:13 - 00001212 _____ C:\AdwCleaner[R3].txt
2013-08-03 10:01 - 2013-08-03 10:02 - 00004822 _____ C:\AdwCleaner[S1].txt
2013-08-03 10:01 - 2013-08-03 10:01 - 00004760 _____ C:\AdwCleaner[R2].txt
2013-08-03 09:57 - 2013-08-03 09:58 - 00005438 _____ C:\AdwCleaner[R1].txt
2013-08-03 09:54 - 2013-08-03 09:55 - 00666633 _____ C:\Users\Volker\Downloads\adwcleaner06.exe
2013-08-02 22:37 - 2013-08-02 22:37 - 00000000 ____D C:\ProgramData\Synology
2013-08-02 22:36 - 2013-08-02 22:36 - 00001198 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2013-08-02 22:36 - 2013-08-02 22:36 - 00000000 ____D C:\Program Files (x86)\Synology
2013-07-30 07:08 - 2013-07-30 07:15 - 00000000 ____D C:\Windows\system32\MRT
2013-07-26 03:11 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 03:11 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 03:11 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 03:11 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 03:11 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 03:11 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 03:11 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 03:11 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 03:11 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 03:11 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-26 03:11 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:11 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 03:11 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 03:10 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 03:10 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 03:10 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 03:10 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 03:10 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 03:10 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 03:10 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 22:30 - 2013-07-25 22:30 - 00793536 _____ C:\Users\Volker\Downloads\ZipOpenerSetup.exe
2013-07-25 22:30 - 2013-07-25 22:30 - 00001125 _____ C:\Users\Volker\Desktop\Continue Zip Opener Installation.lnk
2013-07-25 22:21 - 2013-07-25 22:21 - 00000000 ____D C:\ProgramData\StarApp
2013-07-25 22:18 - 2013-08-03 09:59 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-25 21:25 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-25 21:25 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-25 21:25 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 21:25 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-25 21:24 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-25 21:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-25 21:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-24 23:08 - 2013-07-24 23:08 - 00000000 ____D C:\Users\Volker\AppData\Local\GARMIN_Corp
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-07-08 18:27 - 2013-07-08 21:35 - 00000000 ____D C:\Users\Volker\Documents\Garmin
2013-07-08 18:20 - 2013-07-25 21:22 - 00000000 ____D C:\Users\Volker\AppData\Local\Garmin
2013-07-08 18:18 - 2013-08-06 23:40 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-08 18:15 - 2013-07-08 18:15 - 00000000 ___HD C:\Windows\AxInstSV
==================== One Month Modified Files and Folders =======
2013-08-07 20:33 - 2012-04-11 10:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-07 20:20 - 2011-03-22 12:57 - 00000000 ____D C:\Users\Volker\Documents\Outlook-Dateien
2013-08-07 20:20 - 2011-03-18 23:17 - 00000000 ____D C:\ProgramData\Lexware
2013-08-07 20:17 - 2011-04-25 21:38 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-07 20:10 - 2011-02-19 23:01 - 00000000 ____D C:\ProgramData\MFAData
2013-08-07 20:09 - 2011-06-17 23:06 - 01146166 _____ C:\Windows\WindowsUpdate.log
2013-08-06 23:55 - 2013-08-06 23:55 - 00000000 ____H C:\Users\Volker\Documents\Default.rdp
2013-08-06 23:40 - 2013-07-08 18:18 - 00000000 ____D C:\ProgramData\Package Cache
2013-08-06 23:39 - 2013-08-06 23:39 - 00001922 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2013-08-06 23:38 - 2011-07-20 10:33 - 00000000 ____D C:\ProgramData\GARMIN
2013-08-06 23:23 - 2011-04-25 21:38 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-05 13:04 - 2013-08-05 13:03 - 00038310 _____ C:\Users\Volker\Desktop\FRST.txt
2013-08-05 13:03 - 2013-08-04 21:45 - 00022836 _____ C:\Users\Volker\Desktop\Addition.txt
2013-08-04 22:38 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-04 21:42 - 2013-08-04 21:42 - 01781485 _____ (Farbar) C:\Users\Volker\Desktop\FRST64.exe
2013-08-04 21:42 - 2013-08-04 21:42 - 00000000 ____D C:\FRST
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\Users\Volker\Documents\Freemake
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-08-04 21:30 - 2013-08-04 21:30 - 00000000 ____D C:\ProgramData\Freemake
2013-08-04 21:30 - 2013-08-04 21:29 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-08-04 21:30 - 2012-10-29 23:53 - 00000000 ____D C:\Users\Volker\AppData\Roaming\vlc
2013-08-04 21:28 - 2013-08-04 21:28 - 01271904 _____ (Ellora Assets Corporation ) C:\Users\Volker\Downloads\freemakevideoconvertersetup.exe
2013-08-04 00:02 - 2011-06-17 22:08 - 00010544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-04 00:02 - 2011-06-17 22:08 - 00010544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-03 23:54 - 2011-06-17 22:44 - 00165602 _____ C:\Windows\PFRO.log
2013-08-03 23:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-03 23:54 - 2009-07-14 06:51 - 01251935 _____ C:\Windows\setupact.log
2013-08-03 23:19 - 2013-08-03 23:19 - 00002246 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-03 23:11 - 2013-08-03 23:11 - 00001330 _____ C:\AdwCleaner[R5].txt
2013-08-03 22:43 - 2013-08-03 22:43 - 00891098 _____ C:\Users\Volker\Downloads\SecurityCheck.exe
2013-08-03 22:20 - 2013-08-03 21:31 - 00089844 _____ C:\Users\Volker\Desktop\OTL.Txt
2013-08-03 22:03 - 2013-08-03 22:03 - 00448512 _____ (OldTimer Tools) C:\Users\Volker\Downloads\TFC.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-03 21:55 - 2013-08-03 21:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-03 21:55 - 2012-08-31 10:02 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-03 21:55 - 2011-02-20 15:09 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-03 21:32 - 2013-08-03 21:32 - 00082896 _____ C:\Users\Volker\Desktop\Extras.Txt
2013-08-03 21:32 - 2013-08-03 21:32 - 00001147 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\Users\Volker\AppData\Roaming\Malwarebytes
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-03 21:32 - 2013-08-03 21:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-03 21:31 - 2013-08-03 21:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Volker\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-03 21:22 - 2013-08-03 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\Volker\Desktop\OTL.exe
2013-08-03 21:01 - 2013-08-03 21:01 - 00001270 _____ C:\AdwCleaner[R4].txt
2013-08-03 10:15 - 2013-08-03 10:15 - 00004822 _____ C:\Users\Volker\Desktop\AdwCleaner[S1].txt
2013-08-03 10:13 - 2013-08-03 10:13 - 00001212 _____ C:\AdwCleaner[R3].txt
2013-08-03 10:02 - 2013-08-03 10:01 - 00004822 _____ C:\AdwCleaner[S1].txt
2013-08-03 10:01 - 2013-08-03 10:01 - 00004760 _____ C:\AdwCleaner[R2].txt
2013-08-03 09:59 - 2013-07-25 22:18 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-03 09:58 - 2013-08-03 09:57 - 00005438 _____ C:\AdwCleaner[R1].txt
2013-08-03 09:55 - 2013-08-03 10:23 - 00666633 _____ C:\Users\Volker\Desktop\adwcleaner06.exe
2013-08-03 09:55 - 2013-08-03 09:54 - 00666633 _____ C:\Users\Volker\Downloads\adwcleaner06.exe
2013-08-02 23:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-02 22:43 - 2011-06-18 07:59 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-02 22:43 - 2011-06-18 07:59 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-02 22:43 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-02 22:37 - 2013-08-02 22:37 - 00000000 ____D C:\ProgramData\Synology
2013-08-02 22:36 - 2013-08-02 22:36 - 00001198 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2013-08-02 22:36 - 2013-08-02 22:36 - 00000000 ____D C:\Program Files (x86)\Synology
2013-07-31 13:46 - 2012-12-11 22:31 - 00001015 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 07:15 - 2013-07-30 07:08 - 00000000 ____D C:\Windows\system32\MRT
2013-07-26 03:47 - 2009-07-14 06:45 - 04917280 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-26 03:46 - 2013-01-24 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-26 03:46 - 2012-05-15 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-26 03:46 - 2012-05-15 22:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-26 03:44 - 2009-07-14 09:47 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-26 03:44 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-26 03:44 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-26 03:27 - 2011-02-28 20:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-25 22:30 - 2013-07-25 22:30 - 00793536 _____ C:\Users\Volker\Downloads\ZipOpenerSetup.exe
2013-07-25 22:30 - 2013-07-25 22:30 - 00001125 _____ C:\Users\Volker\Desktop\Continue Zip Opener Installation.lnk
2013-07-25 22:21 - 2013-07-25 22:21 - 00000000 ____D C:\ProgramData\StarApp
2013-07-25 22:20 - 2011-04-25 21:38 - 00000000 ____D C:\Users\Volker\AppData\Local\Google
2013-07-25 21:22 - 2013-07-08 18:20 - 00000000 ____D C:\Users\Volker\AppData\Local\Garmin
2013-07-24 23:12 - 2011-04-25 21:38 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-24 23:12 - 2011-04-25 21:38 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-24 23:09 - 2011-07-20 10:39 - 00000000 ____D C:\Users\Volker\AppData\Roaming\GARMIN
2013-07-24 23:08 - 2013-07-24 23:08 - 00000000 ____D C:\Users\Volker\AppData\Local\GARMIN_Corp
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2013-07-09 01:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-09 01:07 - 2011-07-20 10:32 - 00000000 ____D C:\Program Files (x86)\Garmin
2013-07-08 21:35 - 2013-07-08 18:27 - 00000000 ____D C:\Users\Volker\Documents\Garmin
2013-07-08 21:21 - 2011-03-18 23:07 - 00000000 ____D C:\Users\Volker\AppData\Local\Lexware
2013-07-08 18:15 - 2013-07-08 18:15 - 00000000 ___HD C:\Windows\AxInstSV
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-03 11:49
==================== End Of Log ============================
--- --- --- Ich hoffe nun ist alles OK? BG, Volker |
|
08.08.2013, 04:24
| #8 |
| /// the machine /// TB-Ausbilder | Adserverplus komplett entfernt? Adobe updaten. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.08.2013, 22:11
| #9 |
| | Adserverplus komplett entfernt? Hallo Schrauber, vielen Dank für die Unterstützung.  Werde deine Tipps beherzigen. Ein schönes Wochenende. BG Volker |
|
09.08.2013, 10:35
| #10 |
| /// the machine /// TB-Ausbilder | Adserverplus komplett entfernt? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Adserverplus komplett entfernt? |
| adserverplus, autorun, avg, bho, bonjour, browser, continue, error, explorer, firefox, flash player, format, google, helper, hängen, iexplorer, internet, internet browser, internet explorer, intranet, logfile, monitor.exe, mozilla, plug-in, popups, problem, registrierungsdatenbank, registry, scan, security, software, synology, trojaner, windows, windows 7 64 bit |
Linear-Darstellung
