| |
| |||||||
Log-Analyse und Auswertung: Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und MusikWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.12.2013, 00:08
| #1 |
 |  Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik Hallo alle zusammen, .... ich als Nicht Informatiker brauche dringend fachmännische Hilfe. Die folgende Problembeschreibung deckt sich mit vielen weiteren die ich bereits im Board gelesen hab. Ich bnutze Firefox in der aktuellen Version. Seit einigen Tagen sind bei vielen Website auf denen ich mich bewege, Textstellen grün gefärbt und doppelt unterstrichen sichtbar. Bei Kontakt mir dem Mauszeiger tauchen Pop-Ups auf, die auf verschiedene Software und Spiele und sonstige Seiten verweisen. Immer blaue Schrift mit einem schwarzen Pfeil in grünem Quadrat. Bei klick auf das Fragezeichen wird auf die Seite Nav-Links.com geleitet. Passiert auch auf der Seite von Trojaner Board. Parallel dazu tauchen Werbeanzeigen (manchmal ganze Website in neuem Tab) auf den Websites auf die auf "Openappmedia" Website verweisen. Teilweise sind die Werbeanzeigen mit Ton, ganz schön störend  Am linken unteren Rand erscheinen manchmal Meldungen auf welche Seite Firefox gerade wartet oder woher gerade Daten geladen werden (nur ganz kurze Einblendung). Diese haben nichts mit den Aktionen zu tun die ich initiert hab. Beim scrollen in den Website oder bei der Texteingabe wie im Moment, treten starke Verzögerungen (1 - 10 sec.) auf. Ich habe deshalb zuerst einen Scan mit Malwarebyte gemacht und dadurch über 200 Meldungen erhalten. Habe nur leider das Protokoll nicht seperat gespeicher. In der Quarantäne Liste sind aber die bei den Suchläufen gefundenen Schädlinge noch gelistet. Problem ist dadurch leider nicht gelöst!  Habe heute in der Reihenfolge wie in der Anleitung bei Trojaner Board beschrieben zuerst Defogger ausgeführt: [CODE] defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:18 on 29/12/2013 (Gisela) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- [/CODE Danach dann FRST-64: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01 Ran by Gisi (ATTENTION: The logged in user is not administrator) on GISELA-PC on 29-12-2013 21:22:10 Running from C:\Users\Gisi\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (www.rene-zeidler.de) C:\Users\Gisi\Downloads\SnippingToolPlusv3-4-1-0\Snipping Tool Plus.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (AVM Berlin) C:\Users\Gisi\AppData\Local\Apps\2.0\1HYEYL8J.ZVB\EG3QMWG4.83O\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\fritzbox-usb-fernanschluss.exe (PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Everio MediaBrowser 4\MBCameraMonitor.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation) HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3206816 2010-08-04] (Dell Inc.) HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] () HKLM\...\Run: [Karteikasten] - C:\Program Files\Flo & Seb Engineering\Karteikasten\WitzAnzeigen.exe [32256 2012-04-21] (Flo & Seb Engineering) HKLM\...\Run: [Snipping Tool Plus] - C:\Users\Gisi\Downloads\SnippingToolPlusv3-4-1-0\Snipping Tool Plus.exe [733184 2012-11-13] (www.rene-zeidler.de) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-20] (Creative Technology Ltd) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.) HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] () HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1707472 2013-11-07] (APN) HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus\Trayserver_DE.exe [90112 2008-08-07] (MAGIX AG) HKLM-x32\...\Run: [NPSStartup] - [x] HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-13] () HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-12] (Softthinks) HKLM-x32\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] () HKLM-x32\...\RunOnce: [STToasterLauncher] - C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-12] () HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\Runonce: [Del9523939] - cmd.exe /Q /D /c del "C:\Users\Gisela\AppData\Local\Temp\0.del" [x] HKCU\...\Run: [Snipping Tool Plus] - C:\Users\Gisi\Downloads\SnippingToolPlusv3-4-1-0\Snipping Tool Plus.exe [733184 2012-11-13] (www.rene-zeidler.de) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung) HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\Gisi\AppData\Local\Apps\2.0\1HYEYL8J.ZVB\EG3QMWG4.83O\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\AVMAutoStart.exe [139264 2013-10-27] (AVM Berlin) HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7654312 2013-12-12] (SlySoft, Inc.) MountPoints2: E - E:\Password.exe MountPoints2: {60dd0f2c-e97d-11e2-a4ee-f04da2655ab0} - E:\Password.exe MountPoints2: {ba45afa6-4a8f-11e2-aa56-f04da2655ab0} - E:\DTVP_Launcher.exe AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [ ] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {6F280418-4F6E-494F-A922-8D2EDF098A9D} URL = SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {26D9475E-E572-49CB-BAB2-887CDF71E03B} URL = SearchScopes: HKCU - {6F280418-4F6E-494F-A922-8D2EDF098A9D} URL = BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll () BHO: Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport_x64.dll (APN LLC.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120823143746.dll (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\mcafee\msk\mskapbho.dll () BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () BHO-x32: Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport.dll (APN LLC.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120919093932.dll (McAfee, Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport.dll (APN LLC.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Gisi\AppData\Roaming\Mozilla\Firefox\Profiles\bnd6cso4.default FF NewTab: hxxp://www.google.com FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Websteroids - C:\Users\Gisi\AppData\Roaming\Mozilla\Firefox\Profiles\bnd6cso4.default\Extensions\support@websteroidsapp.com FF Extension: DownloadHelper - C:\Users\Gisi\AppData\Roaming\Mozilla\Firefox\Profiles\bnd6cso4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-11-07] (APN LLC.) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [220528 2010-08-30] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.) R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2013-10-27] (AVM Berlin) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.) U3 mfeavfk01; No ImagePath R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-12-13] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-12-13] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-12-13] (Paragon) S3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [54088 2010-11-24] (usb camera) S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x] S3 sxuptp; system32\DRIVERS\sxuptp.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-29 21:22 - 2013-12-29 21:23 - 00026784 _____ C:\Users\Gisi\Downloads\FRST.txt 2013-12-29 21:21 - 2013-12-29 21:21 - 00000000 ____D C:\FRST 2013-12-29 21:20 - 2013-12-29 21:21 - 01931302 _____ (Farbar) C:\Users\Gisi\Downloads\FRST64.exe 2013-12-29 21:18 - 2013-12-29 21:18 - 00000474 _____ C:\Users\Gisi\Downloads\defogger_disable.log 2013-12-29 21:18 - 2013-12-29 21:18 - 00000000 _____ C:\Users\Gisela\defogger_reenable 2013-12-29 21:16 - 2013-12-29 21:16 - 00050477 _____ C:\Users\Gisi\Downloads\Defogger.exe 2013-12-29 21:15 - 2013-12-29 21:20 - 00000000 ____D C:\Users\Gisela\AppData\Local\Mobogenie 2013-12-29 21:15 - 2013-12-29 21:16 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\newnext.me 2013-12-29 21:15 - 2013-12-29 21:16 - 00000000 ____D C:\Users\Gisela\.android 2013-12-29 21:15 - 2013-12-29 21:15 - 00001013 _____ C:\Users\Gisela\Desktop\Mobogenie.lnk 2013-12-29 21:15 - 2013-12-29 21:15 - 00000296 _____ C:\Windows\Tasks\Digital Sites.job 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\Documents\Mobogenie 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\DigitalSites 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\0D0S1L2Z1P1B 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Local\genienext 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Local\cache 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 _____ C:\Users\Gisela\daemonprocess.txt 2013-12-29 21:14 - 2013-12-29 21:14 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-12-29 21:12 - 2013-12-29 21:12 - 00672832 _____ ( ) C:\Users\Gisi\Downloads\ZipExtractorSetup.exe 2013-12-29 18:37 - 2013-12-29 18:37 - 00188000 _____ C:\Users\Gisi\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-27 19:25 - 2013-12-27 19:25 - 00000000 ____D C:\Users\Gisela\Mein Backup Datei 2013-12-27 19:18 - 2013-12-27 19:18 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisela\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.34311595515392672.1.1.Run.exe 2013-12-27 19:16 - 2013-12-27 19:16 - 00000000 ____D C:\Users\Gisela\AppData\Local\Macromedia 2013-12-26 14:47 - 2013-12-26 14:47 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisi\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.196311478738175353.1.1.Run.exe 2013-12-25 11:32 - 2013-12-25 11:33 - 24097311 _____ C:\Users\Gisi\Downloads\vlc-2.1.2-win32.exe 2013-12-25 11:27 - 2013-12-25 11:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-12-25 11:24 - 2013-12-25 11:25 - 29040552 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-i586.exe 2013-12-25 11:22 - 2013-12-25 11:23 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64(1).exe 2013-12-25 11:22 - 2013-12-25 11:22 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Oracle 2013-12-25 11:20 - 2013-12-25 11:28 - 00000000 ____D C:\ProgramData\Oracle 2013-12-25 11:20 - 2013-12-25 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-12-25 11:20 - 2013-12-25 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files\Java 2013-12-25 11:17 - 2013-12-25 11:18 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64.exe 2013-12-19 20:15 - 2013-12-19 20:15 - 00004704 _____ C:\Users\Gisi\Documents\cc_20131219_201531.reg 2013-12-17 18:43 - 2013-12-17 18:43 - 00002136 _____ C:\Users\Public\Desktop\Samsung New PC Studio.lnk 2013-12-17 18:41 - 2010-04-27 03:25 - 00161280 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdm.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00161280 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bmdm.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00127488 _____ (MCCI) C:\Windows\system32\Drivers\ss_bbus.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00127488 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscebus.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00018944 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdfl.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00018944 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bmdfl.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewhnt.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewh.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bwhnt.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecmnt.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecm.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bcmnt.sys 2013-12-17 18:39 - 2010-07-04 19:11 - 00025960 _____ (Teruten Inc) C:\Windows\system32\FsExService64.exe 2013-12-17 18:39 - 2010-06-14 09:32 - 00016448 _____ (Teruten Inc) C:\Windows\system32\Drivers\TFsExDisk.sys 2013-12-17 18:18 - 2013-12-17 18:25 - 173838160 _____ C:\Users\Gisi\Downloads\New_PC_Studio_1.5.1.10064_2.exe 2013-12-17 17:53 - 2013-12-17 17:53 - 00002020 _____ C:\Users\Gisi\Desktop\Anpassen Fences.lnk 2013-12-17 17:53 - 2013-12-17 17:53 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Stardock 2013-12-17 17:52 - 2013-12-17 17:52 - 00002020 _____ C:\Users\Gisela\Desktop\Anpassen Fences.lnk 2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 __HDC C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6} 2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Stardock 2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Users\Gisela\AppData\Local\PackageAware 2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Program Files (x86)\Stardock 2013-12-17 17:51 - 2013-12-17 17:51 - 00000000 ____D C:\Users\Gisi\AppData\Local\PackageAware 2013-12-17 17:50 - 2013-12-17 17:51 - 09477848 _____ (Stardock Corporation ) C:\Users\Gisi\Downloads\fences101_public.exe 2013-12-16 23:40 - 2013-12-17 16:31 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\dvdcss 2013-12-16 23:39 - 2013-12-16 23:39 - 00000000 ____D C:\Users\Gisi\AppData\Local\Sonic_Solutions 2013-12-16 22:53 - 2013-12-16 22:53 - 00000000 ____D C:\Users\Gisi\Documents\AnyDVDHD 2013-12-16 22:51 - 2013-12-29 18:36 - 00000040 _____ C:\ProgramData\.zreglib 2013-12-16 22:48 - 2013-12-16 22:48 - 00001095 _____ C:\Users\Public\Desktop\AnyDVD.lnk 2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\ProgramData\SlySoft 2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\Program Files (x86)\SlySoft 2013-12-16 22:47 - 2013-12-16 22:47 - 10518000 _____ C:\Users\Gisi\Downloads\SetupAnyDVD7380.exe 2013-12-16 22:39 - 2013-12-27 22:33 - 00000000 ____D C:\ProgramData\Updater 2013-12-16 22:39 - 2013-12-27 22:33 - 00000000 ____D C:\ProgramData\RHelpers 2013-12-16 22:39 - 2013-12-27 22:31 - 00000000 ____D C:\Program Files (x86)\SearchProtect 2013-12-16 22:39 - 2013-12-27 19:12 - 00000000 ____D C:\Users\Gisela\AppData\Local\SearchProtect 2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisi\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk 2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisela\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk 2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\Users\Gisi\AppData\Local\SearchProtect 2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\DVD Shrink 2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\Program Files (x86)\DVD Shrink DE 2013-12-16 22:38 - 2013-12-16 22:38 - 01258692 _____ (DVD Shrink ) C:\Users\Gisi\Downloads\dvdshrink1.31.21.de1._decss-frei_1.setup1.exe 2013-12-16 22:02 - 2013-12-16 22:02 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Canneverbe Limited 2013-12-12 12:11 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-12 12:11 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-12 12:11 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-12 12:10 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-12 12:09 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-12 12:09 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-12 12:09 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-12 12:09 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-12 12:09 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-12 12:09 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-12 12:09 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-12 12:09 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-12 12:09 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-12 12:09 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-12 12:09 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-12 12:09 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-12 12:09 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-12 12:09 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-12 12:09 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-12 12:09 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-12 12:09 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-12 12:09 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-12 12:09 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-12 12:09 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-12 12:09 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-12 12:09 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-12 12:09 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-12 12:09 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-12 12:09 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-12 12:09 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-12 12:08 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-12 12:08 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-12 12:08 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-12 12:08 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-12 12:08 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-12 11:06 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-12 11:06 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-12 11:06 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-12 11:06 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-12 11:06 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 11:06 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-12 11:06 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 11:06 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 11:06 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-12 11:06 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 11:06 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 11:06 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-12 11:06 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-12 11:06 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-12 11:06 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 11:06 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-12 11:06 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-12 11:06 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-12 11:06 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-11 07:04 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-12-11 07:04 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-12-11 07:04 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-12-11 07:04 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-12-11 07:04 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-12-11 07:04 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-12-11 07:04 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-12-01 09:23 - 2013-12-01 09:34 - 00000000 ____D C:\Users\Gisi\Documents\Meditation_Selbstliebe ==================== One Month Modified Files and Folders ======= 2013-12-29 21:23 - 2013-12-29 21:22 - 00026784 _____ C:\Users\Gisi\Downloads\FRST.txt 2013-12-29 21:21 - 2013-12-29 21:21 - 00000000 ____D C:\FRST 2013-12-29 21:21 - 2013-12-29 21:20 - 01931302 _____ (Farbar) C:\Users\Gisi\Downloads\FRST64.exe 2013-12-29 21:20 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Local\Mobogenie 2013-12-29 21:20 - 2012-08-23 08:54 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job 2013-12-29 21:18 - 2013-12-29 21:18 - 00000474 _____ C:\Users\Gisi\Downloads\defogger_disable.log 2013-12-29 21:18 - 2013-12-29 21:18 - 00000000 _____ C:\Users\Gisela\defogger_reenable 2013-12-29 21:18 - 2012-08-23 08:52 - 00000000 ____D C:\Users\Gisela 2013-12-29 21:16 - 2013-12-29 21:16 - 00050477 _____ C:\Users\Gisi\Downloads\Defogger.exe 2013-12-29 21:16 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\newnext.me 2013-12-29 21:16 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\.android 2013-12-29 21:15 - 2013-12-29 21:15 - 00001013 _____ C:\Users\Gisela\Desktop\Mobogenie.lnk 2013-12-29 21:15 - 2013-12-29 21:15 - 00000296 _____ C:\Windows\Tasks\Digital Sites.job 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\Documents\Mobogenie 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\DigitalSites 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\0D0S1L2Z1P1B 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Local\genienext 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Local\cache 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 _____ C:\Users\Gisela\daemonprocess.txt 2013-12-29 21:14 - 2013-12-29 21:14 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-12-29 21:12 - 2013-12-29 21:12 - 00672832 _____ ( ) C:\Users\Gisi\Downloads\ZipExtractorSetup.exe 2013-12-29 21:12 - 2012-09-12 18:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-29 21:07 - 2013-10-20 11:21 - 00237568 ___SH C:\Users\Gisi\Desktop\Thumbs.db 2013-12-29 21:07 - 2012-11-11 17:36 - 00000000 ____D C:\Users\Gisi\Desktop\Bilder 2013-12-29 20:54 - 2012-09-30 16:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-29 20:14 - 2009-07-14 06:10 - 02051895 _____ C:\Windows\WindowsUpdate.log 2013-12-29 18:45 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-29 18:45 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-29 18:37 - 2013-12-29 18:37 - 00188000 _____ C:\Users\Gisi\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-29 18:36 - 2013-12-16 22:51 - 00000040 _____ C:\ProgramData\.zreglib 2013-12-29 18:36 - 2012-09-12 18:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-29 18:36 - 2011-01-13 16:33 - 00000000 ____D C:\ProgramData\NVIDIA 2013-12-29 18:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-29 18:36 - 2009-07-14 05:51 - 00092996 _____ C:\Windows\setupact.log 2013-12-27 22:33 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\Updater 2013-12-27 22:33 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\RHelpers 2013-12-27 22:33 - 2012-09-16 17:39 - 00000000 ____D C:\Program Files\Web Assistant 2013-12-27 22:33 - 2011-01-13 16:30 - 00201448 _____ C:\Windows\PFRO.log 2013-12-27 22:31 - 2013-12-16 22:39 - 00000000 ____D C:\Program Files (x86)\SearchProtect 2013-12-27 22:31 - 2012-09-16 18:04 - 00000000 ____D C:\Program Files (x86)\SweetIM 2013-12-27 19:25 - 2013-12-27 19:25 - 00000000 ____D C:\Users\Gisela\Mein Backup Datei 2013-12-27 19:25 - 2012-08-23 08:52 - 00000000 ____D C:\Users\Gisela\AppData\Local\SoftThinks 2013-12-27 19:25 - 2011-01-13 23:54 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-12-27 19:18 - 2013-12-27 19:18 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisela\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.34311595515392672.1.1.Run.exe 2013-12-27 19:16 - 2013-12-27 19:16 - 00000000 ____D C:\Users\Gisela\AppData\Local\Macromedia 2013-12-27 19:13 - 2012-11-16 21:07 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Lexware 2013-12-27 19:13 - 2012-08-23 08:54 - 00001415 _____ C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-27 19:13 - 2012-08-23 08:54 - 00000000 ___RD C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-12-27 19:13 - 2012-08-23 08:52 - 00000000 ___RD C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-27 19:12 - 2013-12-16 22:39 - 00000000 ____D C:\Users\Gisela\AppData\Local\SearchProtect 2013-12-27 19:12 - 2012-08-23 08:54 - 00000071 _____ C:\Windows\SysWOW64\ToasterLauncherLog.log 2013-12-26 14:47 - 2013-12-26 14:47 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisi\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.196311478738175353.1.1.Run.exe 2013-12-26 12:24 - 2009-07-14 18:58 - 07267914 _____ C:\Windows\system32\perfh007.dat 2013-12-26 12:24 - 2009-07-14 18:58 - 02278306 _____ C:\Windows\system32\perfc007.dat 2013-12-26 12:24 - 2009-07-14 06:13 - 00006260 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-26 12:22 - 2013-01-02 17:52 - 00000000 ____D C:\Users\Gisi\AppData\Local\Windows Live 2013-12-25 15:08 - 2012-12-20 07:24 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Skype 2013-12-25 13:44 - 2011-01-13 23:55 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-12-25 13:44 - 2011-01-13 23:55 - 00000000 ____D C:\ProgramData\Skype 2013-12-25 11:41 - 2012-09-16 17:15 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-12-25 11:33 - 2013-12-25 11:32 - 24097311 _____ C:\Users\Gisi\Downloads\vlc-2.1.2-win32.exe 2013-12-25 11:28 - 2013-12-25 11:20 - 00000000 ____D C:\ProgramData\Oracle 2013-12-25 11:27 - 2013-12-25 11:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-12-25 11:27 - 2012-10-21 16:49 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-12-25 11:27 - 2012-10-21 16:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-12-25 11:27 - 2012-10-21 16:49 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-12-25 11:27 - 2012-10-21 16:49 - 00000000 ____D C:\Program Files (x86)\Java 2013-12-25 11:25 - 2013-12-25 11:24 - 29040552 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-i586.exe 2013-12-25 11:23 - 2013-12-25 11:22 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64(1).exe 2013-12-25 11:22 - 2013-12-25 11:22 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Oracle 2013-12-25 11:20 - 2013-12-25 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-12-25 11:20 - 2013-12-25 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files\Java 2013-12-25 11:18 - 2013-12-25 11:17 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64.exe 2013-12-25 10:57 - 2013-06-05 22:16 - 00000000 ____D C:\ProgramData\BlueStacks 2013-12-25 10:57 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-12-23 15:57 - 2013-05-14 20:54 - 00049817 _____ C:\Users\Gisi\Documents\Gisis_Bücherverwaltung.bookcook 2013-12-23 09:42 - 2012-08-23 20:05 - 00000000 ____D C:\Users\Gisi\Documents\Vermögensspiegel 2013-12-19 20:15 - 2013-12-19 20:15 - 00004704 _____ C:\Users\Gisi\Documents\cc_20131219_201531.reg 2013-12-19 19:55 - 2012-08-23 10:29 - 00000000 ____D C:\Users\Gisi 2013-12-19 07:22 - 2012-08-23 20:04 - 00000000 ____D C:\Users\Gisi\Documents\Förderverein Eugen-Bolz-Grundschule 2013-12-18 21:03 - 2012-08-23 20:04 - 00000000 ____D C:\Users\Gisi\Documents\Erbengemeinschaft 2013-12-17 18:43 - 2013-12-17 18:43 - 00002136 _____ C:\Users\Public\Desktop\Samsung New PC Studio.lnk 2013-12-17 18:43 - 2012-09-27 19:40 - 00000000 ___HD C:\Users\Gisela\AppData\Local\Downloaded Installations 2013-12-17 18:43 - 2012-08-23 08:52 - 00188000 ____H C:\Users\Gisela\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-17 18:38 - 2012-09-27 22:11 - 00000000 ____D C:\Users\Gisela\Documents\samsung 2013-12-17 18:29 - 2012-10-03 11:16 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution 2013-12-17 18:25 - 2013-12-17 18:18 - 173838160 _____ C:\Users\Gisi\Downloads\New_PC_Studio_1.5.1.10064_2.exe 2013-12-17 17:59 - 2012-11-25 16:02 - 00000000 ____D C:\Users\Gisi\Desktop\Baum 2013-12-17 17:53 - 2013-12-17 17:53 - 00002020 _____ C:\Users\Gisi\Desktop\Anpassen Fences.lnk 2013-12-17 17:53 - 2013-12-17 17:53 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Stardock 2013-12-17 17:52 - 2013-12-17 17:52 - 00002020 _____ C:\Users\Gisela\Desktop\Anpassen Fences.lnk 2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 __HDC C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6} 2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Stardock 2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Users\Gisela\AppData\Local\PackageAware 2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Program Files (x86)\Stardock 2013-12-17 17:51 - 2013-12-17 17:51 - 00000000 ____D C:\Users\Gisi\AppData\Local\PackageAware 2013-12-17 17:51 - 2013-12-17 17:50 - 09477848 _____ (Stardock Corporation ) C:\Users\Gisi\Downloads\fences101_public.exe 2013-12-17 16:34 - 2012-09-16 17:16 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\vlc 2013-12-17 16:31 - 2013-12-16 23:40 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\dvdcss 2013-12-17 15:44 - 2011-01-14 00:12 - 00000000 ____D C:\ProgramData\Sonic 2013-12-16 23:40 - 2012-08-23 10:30 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Roxio 2013-12-16 23:39 - 2013-12-16 23:39 - 00000000 ____D C:\Users\Gisi\AppData\Local\Sonic_Solutions 2013-12-16 22:53 - 2013-12-16 22:53 - 00000000 ____D C:\Users\Gisi\Documents\AnyDVDHD 2013-12-16 22:50 - 2013-07-16 17:16 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2013-12-16 22:48 - 2013-12-16 22:48 - 00001095 _____ C:\Users\Public\Desktop\AnyDVD.lnk 2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\ProgramData\SlySoft 2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\Program Files (x86)\SlySoft 2013-12-16 22:47 - 2013-12-16 22:47 - 10518000 _____ C:\Users\Gisi\Downloads\SetupAnyDVD7380.exe 2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisi\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk 2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisela\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk 2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\Users\Gisi\AppData\Local\SearchProtect 2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\DVD Shrink 2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\Program Files (x86)\DVD Shrink DE 2013-12-16 22:38 - 2013-12-16 22:38 - 01258692 _____ (DVD Shrink ) C:\Users\Gisi\Downloads\dvdshrink1.31.21.de1._decss-frei_1.setup1.exe 2013-12-16 22:02 - 2013-12-16 22:02 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Canneverbe Limited 2013-12-16 22:02 - 2013-07-16 17:16 - 00001943 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2013-12-16 22:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help 2013-12-16 21:58 - 2013-11-23 21:25 - 00002908 _____ C:\Users\Public\Desktop\Quicken 2014.lnk 2013-12-16 19:59 - 2013-10-27 21:31 - 00000000 ____D C:\Users\Gisi\AppData\Local\Deployment 2013-12-14 19:42 - 2013-07-14 21:31 - 00000000 ____D C:\Windows\system32\MRT 2013-12-14 19:38 - 2012-08-23 11:33 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-12 22:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-12-12 18:34 - 2012-08-23 20:04 - 00000000 ____D C:\Users\Gisi\Desktop\Notizen 2013-12-12 18:32 - 2009-07-14 05:45 - 00637360 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-12 12:10 - 2012-10-15 19:23 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-11 13:54 - 2012-09-07 08:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 13:54 - 2012-09-07 08:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 07:15 - 2012-09-12 18:25 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-11 06:40 - 2013-10-27 21:32 - 00004687 _____ C:\Windows\avmacc.log 2013-12-08 12:23 - 2011-01-14 00:07 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-12-08 07:33 - 2013-04-14 07:38 - 00000000 ____D C:\Users\Gisi\AppData\Local\FreePDF_XP 2013-12-07 08:22 - 2013-02-26 20:33 - 00000000 ____D C:\Program Files\Microsoft Office 15 2013-12-06 20:58 - 2013-06-09 14:01 - 00007168 _____ C:\Users\Gisi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-06 15:25 - 2012-08-23 20:03 - 00000000 ____D C:\Users\Gisi\Documents\Buddhismus 2013-12-01 09:34 - 2013-12-01 09:23 - 00000000 ____D C:\Users\Gisi\Documents\Meditation_Selbstliebe 2013-11-30 08:08 - 2012-10-21 13:48 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\TIPP10 Some content of TEMP: ==================== C:\Users\Gisela\AppData\Local\Temp\bdfilters.dll C:\Users\Gisela\AppData\Local\Temp\Execute2App.exe C:\Users\Gisela\AppData\Local\Temp\GdiPlus.dll C:\Users\Gisela\AppData\Local\Temp\HssInstaller64.exe C:\Users\Gisela\AppData\Local\Temp\incredibar_installer.exe C:\Users\Gisela\AppData\Local\Temp\InstallerMessageBox.exe C:\Users\Gisela\AppData\Local\Temp\Kies2RemoveAll.exe C:\Users\Gisela\AppData\Local\Temp\MSNFB04.exe C:\Users\Gisela\AppData\Local\Temp\msvcp90.dll C:\Users\Gisela\AppData\Local\Temp\msvcr90.dll C:\Users\Gisela\AppData\Local\Temp\NPSInstallerProxy.exe C:\Users\Gisela\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll C:\Users\Gisela\AppData\Local\Temp\OfficeSetup.exe C:\Users\Gisela\AppData\Local\Temp\Setup.x64.de-DE_ProPlusRetail_R3PKH-82NF2-VCGB7-2P366-P7GXQ_act_1_.exe C:\Users\Gisela\AppData\Local\Temp\Setup.x86.de-DE_ProPlusRetail_R3PKH-82NF2-VCGB7-2P366-P7GXQ_act_1_.exe C:\Users\Gisela\AppData\Local\Temp\SIMEEIInstaller.exe C:\Users\Gisela\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\Gisela\AppData\Local\Temp\vlc-2.0.2-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Und dann hier noch das Additional-File von FRST: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01
Ran by Gisi at 2013-12-29 21:24:49
Running from C:\Users\Gisi\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
AccelerometerP11 (x32 Version: 2.00.11.15 - STMicroelectronics)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Advanced Audio FX Engine (x32 Version: 1.12.05 - Creative Technology Ltd)
ALL16820x Utility (x32 Version: 3.0.902 - ALLNET GmbH)
AnyDVD (x32 Version: 7.3.8.0 - SlySoft)
Ask Toolbar (x32 Version: 12.7.0.2393 - APN, LLC) <==== ATTENTION
Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team)
Bandicam (x32 Version: 1.9.0.397 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (x32 Version: - Bandisoft.com)
BOOKcook Bücherverwaltung 1.41.1 (x32 Version: - XLM Software Axel Meierhöfer)
Boot Media Builder fuer Paragon Backup and Recovery™ 12 Home (x32 Version: 1.00.0000 - Paragon Software)
Camtasia Studio 7 (x32 Version: 7.0.0 - TechSmith Corporation)
Canon MX710 series MP Drivers (Version: - )
CCleaner (Version: 4.04 - Piriform)
CDBurnerXP (x32 Version: 4.5.2.4291 - CDBurnerXP)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft)
DDBAC (x32 Version: 5.3.21 - DataDesign)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dell DataSafe Local Backup - Support Software (x32 Version: - Dell)
Dell DataSafe Local Backup (x32 Version: 9.4.47 - Dell)
Dell DataSafe Online (x32 Version: 2.1.19634 - Dell)
Dell Dock (Version: 2.0 - Stardock Corporation)
Dell Dock (x32 Version: 2.0 - Stardock Corporation)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (x32 Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.)
Dell Webcam Central (x32 Version: 2.00.35 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions)
DVD Shrink 3.2 deutsch (DeCSS-frei) (x32 Version: - DVD Shrink)
EVEREST Home Edition v2.20 (x32 Version: 2.20 - Lavalys Inc)
Everio MediaBrowser 4 (x32 Version: 4.00.214 - PIXELA)
Fences (Version: 1.0 - Stardock Corporation)
Fences (x32 Version: - Stardock Corporation)
FilesFrog Update Checker (x32 Version: - ) <==== ATTENTION
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.31.0 - MAGIX AG)
FreePDF (Remove only) (x32 Version: - )
FreeRIP MP3 Converter 4.4.1 (x32 Version: 4.4.1 - GreenTree Applications SRL)
FRITZ!Box USB-Fernanschluss (HKCU Version: 2.3.1.0 - AVM Berlin)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.)
GPL Ghostscript (Version: 9.06 - Artifex Software Inc.)
HP FWUpdateEDO2 (x32 Version: 1.2.0.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft)
Intel PROSet Wireless (Version: - )
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (Version: 13.02.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014 - Intel Corporation)
Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.)
Java(TM) 6 Update 32 (x32 Version: 6.0.320 - Oracle)
JMicron Flash Media Controller Driver (x32 Version: 1.0.50.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Karteikasten 2.4 (Version: 2.4 - Flo & Seb Engineering)
Lexware buchhalter 2013 (x32 Version: 18.04.00.0021 - Haufe-Lexware GmbH Co.KG)
Lexware Elster (x32 Version: 13.00.00.0027 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (x32 Version: 20.00.00.0059 - Haufe-Lexware GmbH Co.KG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6 - MAGIX AG)
MAGIX Video deluxe MX Plus (x32 Version: 11.0.3.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
McAfee SecurityCenter (x32 Version: 11.6.511 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (Version: 15.0.4551.1005 - Microsoft Corporation)
Microsoft Office Project Professional 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mobogenie (x32 Version: - Mobogenie.com)
Mozilla Firefox 15.0.1 (x86 de) (x32 Version: 15.0.1 - Mozilla)
Mozilla Firefox 16.0.1 (x86 de) (HKCU Version: 16.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 16.0.1 - Mozilla)
Mozilla Thunderbird 15.0.1 (x86 de) (x32 Version: 15.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
NVIDIA Display Control Panel (Version: 6.14.12.5939 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.5939 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1005 - Microsoft Corporation)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005 - Microsoft Corporation)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1005 - Microsoft Corporation)
Open It! (x32 Version: 1.1.1 - OpenIt)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)
Paragon Backup and Recovery™ 12 Home (x32 Version: 90.00.0003 - Paragon Software)
PC Connectivity Solution (x32 Version: 8.15.0.0 - Nokia)
Photomizer (x32 Version: 1.0.12.229 - Engelmann Media GmbH)
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions)
Quicken 2014 (x32 Version: 21.36.00.0178 - Haufe-Lexware GmbH & Co.KG)
QuickImmobilie 2012 (x32 Version: 12.0.0 - Haufe-Lexware Real Estate AG)
Quickset64 (Version: 10.8.5 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
Recovery Media Builder for Paragon Backup and Recovery™ 12 Home (Version: 1.00.0000 - Paragon Software)
RedMon - Redirection Port Monitor (Version: - )
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation)
Roxio Activation Module (x32 Version: 1.0 - Roxio)
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio)
Roxio Burn (x32 Version: 1.6 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.311 - Roxio)
Roxio Creator Starter (x32 Version: 12.1.40.0 - Roxio)
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio)
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio)
Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Mobile phone USB driver Drive Software (Version: - )
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio USB Driver Installer (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (x32 Version: 6.83.6.2.1 - Samsung)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft)
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
SketchUp 8 (x32 Version: 3.0.16944 - Trimble Navigation Limited)
Skype Toolbars (x32 Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.9 (x32 Version: 6.9.106 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions)
Stellarium 0.12.2 (Version: 0.12.2 - Stellarium team)
SweetIM for Messenger 3.7 (x32 Version: 3.7.0005 - SweetIM Technologies Ltd.) <==== ATTENTION
Synaptics Pointing Device Driver (Version: 15.1.4.0 - Synaptics Incorporated)
TAXMAN 2013 für Vermieter (x32 Version: 19.06.00.0003 - Haufe-Lexware GmbH & Co.KG)
TIPP10 Version 2.1.0 (x32 Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6 - Intel)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Updater (x32 Version: 2.6.49 - Creative Island Media, LLC)
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
Web Assistant 2.0.0.604 (Version: 2.0.0.604 - IncrediBar) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation)
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0 - Nokia)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001 - CACE Technologies)
XMind (x32 Version: 3.3.0 - XMind Ltd.)
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\Digital Sites.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => ?
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => ?
==================== Loaded Modules (whitelisted) =============
2013-08-05 07:15 - 2013-08-05 07:15 - 00070712 _____ () C:\Windows\system32\bdmpega64.acm
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-05 16:21 - 2010-03-05 16:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-08-15 08:42 - 2013-08-15 08:42 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\6adce3800cbb5d24db126fa82691c75c\VistaBridgeLibrary.ni.dll
2013-02-26 20:33 - 2013-08-23 15:45 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-02-26 20:33 - 2013-08-23 15:44 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/27/2013 10:30:02 PM) (Source: PC-Doctor) (User: )
Description: (9676) Asapi: (22:30:02:1220)(9676) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.
Error: (12/27/2013 10:30:02 PM) (Source: PC-Doctor) (User: )
Description: (9676) Asapi: (22:30:02:1220)(9676) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'
Error: (12/27/2013 10:20:03 PM) (Source: PC-Doctor) (User: )
Description: (11684) Asapi: (22:20:03:2990)(11684) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.
Error: (12/27/2013 10:20:03 PM) (Source: PC-Doctor) (User: )
Description: (11684) Asapi: (22:20:03:2830)(11684) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'
Error: (12/27/2013 10:10:16 PM) (Source: PC-Doctor) (User: )
Description: (10328) Asapi: (22:10:16:1990)(10328) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.
Error: (12/27/2013 10:10:16 PM) (Source: PC-Doctor) (User: )
Description: (10328) Asapi: (22:10:15:9650)(10328) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'
Error: (12/27/2013 10:00:15 PM) (Source: PC-Doctor) (User: )
Description: (11996) Asapi: (22:00:15:4420)(11996) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.
Error: (12/27/2013 10:00:15 PM) (Source: PC-Doctor) (User: )
Description: (11996) Asapi: (22:00:15:3490)(11996) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'
Error: (12/27/2013 09:50:11 PM) (Source: PC-Doctor) (User: )
Description: (10740) Asapi: (21:50:11:5810)(10740) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.
Error: (12/27/2013 09:50:11 PM) (Source: PC-Doctor) (User: )
Description: (10740) Asapi: (21:50:11:4870)(10740) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'
System errors:
=============
Error: (12/27/2013 07:14:22 PM) (Source: DCOM) (User: )
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}
Error: (12/26/2013 07:11:37 PM) (Source: Disk) (User: )
Description: Das Gerät \Device\Harddisk1\DR3 ist für den Zugriff noch nicht bereit.
Error: (12/22/2013 10:57:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/21/2013 09:00:16 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/20/2013 01:32:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/19/2013 07:07:56 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/18/2013 07:07:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/18/2013 03:14:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/17/2013 03:43:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/16/2013 10:50:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Microsoft Office Sessions:
=========================
Error: (12/27/2013 10:30:02 PM) (Source: PC-Doctor)(User: )
Description: (9676) Asapi: (22:30:02:1220)(9676) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.
Error: (12/27/2013 10:30:02 PM) (Source: PC-Doctor)(User: )
Description: (9676) Asapi: (22:30:02:1220)(9676) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'
Error: (12/27/2013 10:20:03 PM) (Source: PC-Doctor)(User: )
Description: (11684) Asapi: (22:20:03:2990)(11684) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.
Error: (12/27/2013 10:20:03 PM) (Source: PC-Doctor)(User: )
Description: (11684) Asapi: (22:20:03:2830)(11684) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'
Error: (12/27/2013 10:10:16 PM) (Source: PC-Doctor)(User: )
Description: (10328) Asapi: (22:10:16:1990)(10328) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.
Error: (12/27/2013 10:10:16 PM) (Source: PC-Doctor)(User: )
Description: (10328) Asapi: (22:10:15:9650)(10328) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'
Error: (12/27/2013 10:00:15 PM) (Source: PC-Doctor)(User: )
Description: (11996) Asapi: (22:00:15:4420)(11996) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.
Error: (12/27/2013 10:00:15 PM) (Source: PC-Doctor)(User: )
Description: (11996) Asapi: (22:00:15:3490)(11996) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'
Error: (12/27/2013 09:50:11 PM) (Source: PC-Doctor)(User: )
Description: (10740) Asapi: (21:50:11:5810)(10740) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.
Error: (12/27/2013 09:50:11 PM) (Source: PC-Doctor)(User: )
Description: (10740) Asapi: (21:50:11:4870)(10740) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'
CodeIntegrity Errors:
===================================
Date: 2013-12-27 19:54:39.749
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-27 19:54:39.749
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-27 19:54:39.749
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-06-05 21:05:27.254
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-06-05 21:05:27.254
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-06-05 21:05:27.254
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-15 23:36:31.678
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Gisela\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-15 23:36:31.558
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Gisela\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-15 23:36:31.148
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-05-15 23:36:31.038
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 46%
Total physical RAM: 4028.38 MB
Available physical RAM: 2154.76 MB
Total Pagefile: 8054.94 MB
Available Pagefile: 4855.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:264.88 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
 Ich habe diesen Rechner (Dell XPs 15) über WLAN mit einer Fritzbox in Betrieb. Parallel dazu greifen auch noch ein Handy, ein Tablet und mein alter Pentium auf das Internet zu, sind die jetzt alle auch infiziert oder gefährdet? Wäre echt super wenn mir jemand helfen könnte. Vielen Dank vorab! LG Markus |
|
30.12.2013, 04:03
| #2 |
| /// the machine /// TB-Ausbilder    | Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
30.12.2013, 12:29
| #3 |
| | Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik Guten morgen und vielen Dank für deine prompte Reaktion.
__________________Ich habe Malwarebyte aktualisiert und ausgeführt, ... hatte gehofft alle log-files nach den scans zusammen zu posten. Ich habe deshalb leider das logfile von malwarebyte nicht seperat gespeichert. Das Problem ist nun, das der letzte scan nicht in der logfile - Liste angezeigt wird.  Hab alles andere nach Deinen Vorgaben ausgeführt,.... KEINE Veränderung, weiterhin grüne Textstellen! Habe hier die anderen files: adw - log Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 30/12/2013 um 10:28:27
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Gisela - GISELA-PC
# Gestartet von : C:\Users\Gisi\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : APNMCP
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gelöscht : C:\Program Files (x86)\FreeRIP
[!] Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Program Files (x86)\Searchprotect
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\Users\Gisela\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Gisela\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Gisela\AppData\Local\Searchprotect
Ordner Gelöscht : C:\Users\Gisela\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Gisela\AppData\Local\Temp\hotspot shield
Ordner Gelöscht : C:\Users\Gisela\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Ordner Gelöscht : C:\Users\Gisela\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Gisi\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Gisi\AppData\Local\Searchprotect
Ordner Gelöscht : C:\Users\Gisi\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Gisela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Datei Gelöscht : C:\Users\Gisela\Desktop\Check for Updates.lnk
Datei Gelöscht : C:\Users\Gisela\Desktop\Mobogenie.lnk
Datei Gelöscht : C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\uc86hzij.default\searchplugins\conduit-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bucharchiv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bucharchiv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKLM\Software\AedgePerformanceBCN
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\Software\incredibar.com
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v15.0.1 (de)
[ Datei : C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\uc86hzij.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP5CD030DA-FEC3-4F24-8AE6-DB4B33AE99E9");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Conduit Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5CD030DA-FEC3-4F24-8AE6-DB4B33AE99E9&SSPV=");
[ Datei : C:\Users\Gisi\AppData\Roaming\Mozilla\Firefox\Profiles\bnd6cso4.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Gisela\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [22227 octets] - [30/12/2013 10:21:47]
AdwCleaner[S0].txt - [21255 octets] - [30/12/2013 10:28:27]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [21316 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Gisela on 30.12.2013 at 10:46:14,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.12.2013 at 10:46:15,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01 Ran by Gisi (ATTENTION: The logged in user is not administrator) on GISELA-PC on 30-12-2013 10:47:27 Running from C:\Users\Gisi\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (www.rene-zeidler.de) C:\Users\Gisi\Downloads\SnippingToolPlusv3-4-1-0\Snipping Tool Plus.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Everio MediaBrowser 4\MBCameraMonitor.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe (AVM Berlin) C:\Users\Gisi\AppData\Local\Apps\2.0\1HYEYL8J.ZVB\EG3QMWG4.83O\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\fritzbox-usb-fernanschluss.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation) HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3206816 2010-08-04] (Dell Inc.) HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] () HKLM\...\Run: [Karteikasten] - C:\Program Files\Flo & Seb Engineering\Karteikasten\WitzAnzeigen.exe [32256 2012-04-21] (Flo & Seb Engineering) HKLM\...\Run: [Snipping Tool Plus] - C:\Users\Gisi\Downloads\SnippingToolPlusv3-4-1-0\Snipping Tool Plus.exe [733184 2012-11-13] (www.rene-zeidler.de) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-20] (Creative Technology Ltd) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.) HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] () HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus\Trayserver_DE.exe [90112 2008-08-07] (MAGIX AG) HKLM-x32\...\Run: [NPSStartup] - [x] HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-12] (Softthinks) HKLM-x32\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] () HKLM-x32\...\RunOnce: [STToasterLauncher] - C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-12] () HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\Runonce: [Del9523939] - cmd.exe /Q /D /c del "C:\Users\Gisela\AppData\Local\Temp\0.del" [x] HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [Snipping Tool Plus] - C:\Users\Gisi\Downloads\SnippingToolPlusv3-4-1-0\Snipping Tool Plus.exe [733184 2012-11-13] (www.rene-zeidler.de) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung) HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\Gisi\AppData\Local\Apps\2.0\1HYEYL8J.ZVB\EG3QMWG4.83O\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\AVMAutoStart.exe [139264 2013-10-27] (AVM Berlin) HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7654312 2013-12-12] (SlySoft, Inc.) MountPoints2: E - E:\Password.exe MountPoints2: {60dd0f2c-e97d-11e2-a4ee-f04da2655ab0} - E:\Password.exe MountPoints2: {ba45afa6-4a8f-11e2-aa56-f04da2655ab0} - E:\DTVP_Launcher.exe AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [ ] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {26D9475E-E572-49CB-BAB2-887CDF71E03B} URL = SearchScopes: HKCU - {6F280418-4F6E-494F-A922-8D2EDF098A9D} URL = BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport_x64.dll" No File BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120823143746.dll (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\mcafee\msk\mskapbho.dll () BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport.dll" No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120919093932.dll (McAfee, Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport_x64.dll" No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport.dll" No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Gisi\AppData\Roaming\Mozilla\Firefox\Profiles\bnd6cso4.default FF NewTab: hxxp://www.google.com FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Websteroids - C:\Users\Gisi\AppData\Roaming\Mozilla\Firefox\Profiles\bnd6cso4.default\Extensions\support@websteroidsapp.com FF Extension: DownloadHelper - C:\Users\Gisi\AppData\Roaming\Mozilla\Firefox\Profiles\bnd6cso4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [220528 2010-08-30] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.) R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2013-10-27] (AVM Berlin) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.) U3 mfeavfk01; No ImagePath R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-12-13] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-12-13] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-12-13] (Paragon) S3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [54088 2010-11-24] (usb camera) S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x] S3 sxuptp; system32\DRIVERS\sxuptp.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-30 10:47 - 2013-12-30 10:47 - 00000626 _____ C:\Users\Gisela\Desktop\JRT_01.txt 2013-12-30 10:46 - 2013-12-30 10:46 - 00000626 _____ C:\Users\Gisela\Desktop\JRT.txt 2013-12-30 10:44 - 2013-12-30 10:44 - 01034531 _____ (Thisisu) C:\Users\Gisi\Downloads\JRT.exe 2013-12-30 10:36 - 2013-12-30 10:36 - 00021587 _____ C:\Users\Gisi\Desktop\AdwCleaner[S0].txt 2013-12-30 10:24 - 2013-12-30 10:24 - 00022227 _____ C:\Users\Gisela\Desktop\AdwCleaner[R0].txt 2013-12-30 10:21 - 2013-12-30 10:30 - 00000000 ____D C:\AdwCleaner 2013-12-30 10:20 - 2013-12-30 10:20 - 01233962 _____ C:\Users\Gisi\Downloads\adwcleaner.exe 2013-12-30 09:40 - 2013-12-30 09:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gisi\Downloads\mbam-setup-1.75.0.1300(1).exe 2013-12-30 01:56 - 2013-12-30 10:28 - 00000411 _____ C:\Users\Gisi\daemonprocess.txt 2013-12-29 21:59 - 2013-12-29 21:59 - 00004247 _____ C:\Users\Gisela\Desktop\gmer.log 2013-12-29 21:48 - 2013-12-29 21:48 - 00377856 _____ C:\Users\Gisi\Downloads\gmer_2.1.19163.exe 2013-12-29 21:24 - 2013-12-29 21:26 - 00030401 _____ C:\Users\Gisi\Downloads\Addition.txt 2013-12-29 21:22 - 2013-12-30 10:47 - 00024977 _____ C:\Users\Gisi\Downloads\FRST.txt 2013-12-29 21:21 - 2013-12-29 21:21 - 00000000 ____D C:\FRST 2013-12-29 21:20 - 2013-12-29 21:21 - 01931302 _____ (Farbar) C:\Users\Gisi\Downloads\FRST64.exe 2013-12-29 21:18 - 2013-12-29 21:18 - 00000474 _____ C:\Users\Gisi\Downloads\defogger_disable.log 2013-12-29 21:18 - 2013-12-29 21:18 - 00000000 _____ C:\Users\Gisela\defogger_reenable 2013-12-29 21:16 - 2013-12-29 21:16 - 00050477 _____ C:\Users\Gisi\Downloads\Defogger.exe 2013-12-29 21:15 - 2013-12-30 10:15 - 00000296 _____ C:\Windows\Tasks\Digital Sites.job 2013-12-29 21:15 - 2013-12-30 10:07 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\DigitalSites 2013-12-29 21:15 - 2013-12-30 01:48 - 00000137 _____ C:\Users\Gisela\daemonprocess.txt 2013-12-29 21:15 - 2013-12-29 21:32 - 00000000 ____D C:\Users\Gisela\AppData\Local\cache 2013-12-29 21:15 - 2013-12-29 21:16 - 00000000 ____D C:\Users\Gisela\.android 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\0D0S1L2Z1P1B 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Local\genienext 2013-12-29 18:37 - 2013-12-29 18:37 - 00188000 _____ C:\Users\Gisi\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-27 19:25 - 2013-12-27 19:25 - 00000000 ____D C:\Users\Gisela\Mein Backup Datei 2013-12-27 19:18 - 2013-12-27 19:18 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisela\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.34311595515392672.1.1.Run.exe 2013-12-27 19:16 - 2013-12-27 19:16 - 00000000 ____D C:\Users\Gisela\AppData\Local\Macromedia 2013-12-26 14:47 - 2013-12-26 14:47 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisi\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.196311478738175353.1.1.Run.exe 2013-12-25 11:32 - 2013-12-25 11:33 - 24097311 _____ C:\Users\Gisi\Downloads\vlc-2.1.2-win32.exe 2013-12-25 11:27 - 2013-12-25 11:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-12-25 11:24 - 2013-12-25 11:25 - 29040552 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-i586.exe 2013-12-25 11:22 - 2013-12-25 11:23 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64(1).exe 2013-12-25 11:22 - 2013-12-25 11:22 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Oracle 2013-12-25 11:20 - 2013-12-25 11:28 - 00000000 ____D C:\ProgramData\Oracle 2013-12-25 11:20 - 2013-12-25 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-12-25 11:20 - 2013-12-25 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files\Java 2013-12-25 11:17 - 2013-12-25 11:18 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64.exe 2013-12-19 20:15 - 2013-12-19 20:15 - 00004704 _____ C:\Users\Gisi\Documents\cc_20131219_201531.reg 2013-12-17 18:43 - 2013-12-17 18:43 - 00002136 _____ C:\Users\Public\Desktop\Samsung New PC Studio.lnk 2013-12-17 18:41 - 2010-04-27 03:25 - 00161280 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdm.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00161280 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bmdm.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00127488 _____ (MCCI) C:\Windows\system32\Drivers\ss_bbus.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00127488 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscebus.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00018944 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdfl.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00018944 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bmdfl.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewhnt.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewh.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bwhnt.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecmnt.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecm.sys 2013-12-17 18:41 - 2010-04-27 03:25 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bcmnt.sys 2013-12-17 18:39 - 2010-07-04 19:11 - 00025960 _____ (Teruten Inc) C:\Windows\system32\FsExService64.exe 2013-12-17 18:39 - 2010-06-14 09:32 - 00016448 _____ (Teruten Inc) C:\Windows\system32\Drivers\TFsExDisk.sys 2013-12-17 18:18 - 2013-12-17 18:25 - 173838160 _____ C:\Users\Gisi\Downloads\New_PC_Studio_1.5.1.10064_2.exe 2013-12-17 17:53 - 2013-12-17 17:53 - 00002020 _____ C:\Users\Gisi\Desktop\Anpassen Fences.lnk 2013-12-17 17:53 - 2013-12-17 17:53 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Stardock 2013-12-17 17:52 - 2013-12-17 17:52 - 00002020 _____ C:\Users\Gisela\Desktop\Anpassen Fences.lnk 2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 __HDC C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6} 2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Stardock 2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Program Files (x86)\Stardock 2013-12-17 17:50 - 2013-12-17 17:51 - 09477848 _____ (Stardock Corporation ) C:\Users\Gisi\Downloads\fences101_public.exe 2013-12-16 23:40 - 2013-12-17 16:31 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\dvdcss 2013-12-16 23:39 - 2013-12-16 23:39 - 00000000 ____D C:\Users\Gisi\AppData\Local\Sonic_Solutions 2013-12-16 22:53 - 2013-12-16 22:53 - 00000000 ____D C:\Users\Gisi\Documents\AnyDVDHD 2013-12-16 22:51 - 2013-12-30 10:33 - 00000040 _____ C:\ProgramData\.zreglib 2013-12-16 22:48 - 2013-12-16 22:48 - 00001095 _____ C:\Users\Public\Desktop\AnyDVD.lnk 2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\ProgramData\SlySoft 2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\Program Files (x86)\SlySoft 2013-12-16 22:47 - 2013-12-16 22:47 - 10518000 _____ C:\Users\Gisi\Downloads\SetupAnyDVD7380.exe 2013-12-16 22:39 - 2013-12-27 22:33 - 00000000 ____D C:\ProgramData\Updater 2013-12-16 22:39 - 2013-12-27 22:33 - 00000000 ____D C:\ProgramData\RHelpers 2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisi\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk 2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisela\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk 2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\DVD Shrink 2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\Program Files (x86)\DVD Shrink DE 2013-12-16 22:38 - 2013-12-16 22:38 - 01258692 _____ (DVD Shrink ) C:\Users\Gisi\Downloads\dvdshrink1.31.21.de1._decss-frei_1.setup1.exe 2013-12-16 22:02 - 2013-12-16 22:02 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Canneverbe Limited 2013-12-12 12:11 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-12 12:11 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-12 12:11 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-12 12:10 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-12 12:09 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-12 12:09 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-12 12:09 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-12 12:09 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-12 12:09 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-12 12:09 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-12 12:09 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-12 12:09 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-12 12:09 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-12 12:09 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-12 12:09 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-12 12:09 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-12 12:09 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-12 12:09 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-12 12:09 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-12 12:09 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-12 12:09 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-12 12:09 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-12 12:09 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-12 12:09 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-12 12:09 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-12 12:09 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-12 12:09 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-12 12:09 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-12 12:09 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-12 12:09 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-12 12:08 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-12 12:08 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-12 12:08 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-12 12:08 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-12 12:08 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-12 11:06 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-12 11:06 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-12 11:06 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-12 11:06 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-12 11:06 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 11:06 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-12 11:06 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 11:06 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 11:06 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-12 11:06 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 11:06 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 11:06 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-12 11:06 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-12 11:06 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-12 11:06 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 11:06 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-12 11:06 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-12 11:06 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-12 11:06 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-11 07:04 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-12-11 07:04 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-12-11 07:04 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-12-11 07:04 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-12-11 07:04 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-12-11 07:04 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-12-11 07:04 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-12-01 09:23 - 2013-12-01 09:34 - 00000000 ____D C:\Users\Gisi\Documents\Meditation_Selbstliebe ==================== One Month Modified Files and Folders ======= 2013-12-30 10:48 - 2013-12-29 21:22 - 00024977 _____ C:\Users\Gisi\Downloads\FRST.txt 2013-12-30 10:47 - 2013-12-30 10:47 - 00000626 _____ C:\Users\Gisela\Desktop\JRT_01.txt 2013-12-30 10:46 - 2013-12-30 10:46 - 00000626 _____ C:\Users\Gisela\Desktop\JRT.txt 2013-12-30 10:44 - 2013-12-30 10:44 - 01034531 _____ (Thisisu) C:\Users\Gisi\Downloads\JRT.exe 2013-12-30 10:40 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-30 10:40 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-30 10:36 - 2013-12-30 10:36 - 00021587 _____ C:\Users\Gisi\Desktop\AdwCleaner[S0].txt 2013-12-30 10:33 - 2013-12-16 22:51 - 00000040 _____ C:\ProgramData\.zreglib 2013-12-30 10:33 - 2012-09-12 18:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-30 10:32 - 2011-01-13 16:33 - 00000000 ____D C:\ProgramData\NVIDIA 2013-12-30 10:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-30 10:32 - 2009-07-14 05:51 - 00093220 _____ C:\Windows\setupact.log 2013-12-30 10:31 - 2009-07-14 06:10 - 02093955 _____ C:\Windows\WindowsUpdate.log 2013-12-30 10:30 - 2013-12-30 10:21 - 00000000 ____D C:\AdwCleaner 2013-12-30 10:29 - 2012-10-12 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-30 10:28 - 2013-12-30 01:56 - 00000411 _____ C:\Users\Gisi\daemonprocess.txt 2013-12-30 10:24 - 2013-12-30 10:24 - 00022227 _____ C:\Users\Gisela\Desktop\AdwCleaner[R0].txt 2013-12-30 10:20 - 2013-12-30 10:20 - 01233962 _____ C:\Users\Gisi\Downloads\adwcleaner.exe 2013-12-30 10:15 - 2013-12-29 21:15 - 00000296 _____ C:\Windows\Tasks\Digital Sites.job 2013-12-30 10:14 - 2011-01-13 16:30 - 00204114 _____ C:\Windows\PFRO.log 2013-12-30 10:12 - 2012-09-12 18:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-30 10:07 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\DigitalSites 2013-12-30 09:54 - 2012-09-30 16:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-30 09:42 - 2013-06-05 06:19 - 00001103 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-30 09:42 - 2013-06-05 06:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-30 09:40 - 2013-12-30 09:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gisi\Downloads\mbam-setup-1.75.0.1300(1).exe 2013-12-30 01:56 - 2012-08-23 10:29 - 00000000 ____D C:\Users\Gisi 2013-12-30 01:48 - 2013-12-29 21:15 - 00000137 _____ C:\Users\Gisela\daemonprocess.txt 2013-12-30 01:40 - 2012-08-23 08:54 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job 2013-12-29 21:59 - 2013-12-29 21:59 - 00004247 _____ C:\Users\Gisela\Desktop\gmer.log 2013-12-29 21:48 - 2013-12-29 21:48 - 00377856 _____ C:\Users\Gisi\Downloads\gmer_2.1.19163.exe 2013-12-29 21:47 - 2013-01-02 17:52 - 00000000 ____D C:\Users\Gisi\AppData\Local\Windows Live 2013-12-29 21:32 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Local\cache 2013-12-29 21:26 - 2013-12-29 21:24 - 00030401 _____ C:\Users\Gisi\Downloads\Addition.txt 2013-12-29 21:21 - 2013-12-29 21:21 - 00000000 ____D C:\FRST 2013-12-29 21:21 - 2013-12-29 21:20 - 01931302 _____ (Farbar) C:\Users\Gisi\Downloads\FRST64.exe 2013-12-29 21:18 - 2013-12-29 21:18 - 00000474 _____ C:\Users\Gisi\Downloads\defogger_disable.log 2013-12-29 21:18 - 2013-12-29 21:18 - 00000000 _____ C:\Users\Gisela\defogger_reenable 2013-12-29 21:18 - 2012-08-23 08:52 - 00000000 ____D C:\Users\Gisela 2013-12-29 21:16 - 2013-12-29 21:16 - 00050477 _____ C:\Users\Gisi\Downloads\Defogger.exe 2013-12-29 21:16 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\.android 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\0D0S1L2Z1P1B 2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Local\genienext 2013-12-29 21:07 - 2013-10-20 11:21 - 00237568 ___SH C:\Users\Gisi\Desktop\Thumbs.db 2013-12-29 21:07 - 2012-11-11 17:36 - 00000000 ____D C:\Users\Gisi\Desktop\Bilder 2013-12-29 18:37 - 2013-12-29 18:37 - 00188000 _____ C:\Users\Gisi\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-27 22:33 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\Updater 2013-12-27 22:33 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\RHelpers 2013-12-27 19:25 - 2013-12-27 19:25 - 00000000 ____D C:\Users\Gisela\Mein Backup Datei 2013-12-27 19:25 - 2012-08-23 08:52 - 00000000 ____D C:\Users\Gisela\AppData\Local\SoftThinks 2013-12-27 19:25 - 2011-01-13 23:54 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-12-27 19:18 - 2013-12-27 19:18 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisela\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.34311595515392672.1.1.Run.exe 2013-12-27 19:16 - 2013-12-27 19:16 - 00000000 ____D C:\Users\Gisela\AppData\Local\Macromedia 2013-12-27 19:13 - 2012-11-16 21:07 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Lexware 2013-12-27 19:13 - 2012-08-23 08:54 - 00001415 _____ C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-27 19:13 - 2012-08-23 08:54 - 00000000 ___RD C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-12-27 19:13 - 2012-08-23 08:52 - 00000000 ___RD C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-27 19:12 - 2012-08-23 08:54 - 00000071 _____ C:\Windows\SysWOW64\ToasterLauncherLog.log 2013-12-26 14:47 - 2013-12-26 14:47 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisi\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.196311478738175353.1.1.Run.exe 2013-12-26 12:24 - 2009-07-14 18:58 - 07267914 _____ C:\Windows\system32\perfh007.dat 2013-12-26 12:24 - 2009-07-14 18:58 - 02278306 _____ C:\Windows\system32\perfc007.dat 2013-12-26 12:24 - 2009-07-14 06:13 - 00006260 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-25 15:08 - 2012-12-20 07:24 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Skype 2013-12-25 13:44 - 2011-01-13 23:55 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-12-25 13:44 - 2011-01-13 23:55 - 00000000 ____D C:\ProgramData\Skype 2013-12-25 11:41 - 2012-09-16 17:15 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-12-25 11:33 - 2013-12-25 11:32 - 24097311 _____ C:\Users\Gisi\Downloads\vlc-2.1.2-win32.exe 2013-12-25 11:28 - 2013-12-25 11:20 - 00000000 ____D C:\ProgramData\Oracle 2013-12-25 11:27 - 2013-12-25 11:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-12-25 11:27 - 2012-10-21 16:49 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-12-25 11:27 - 2012-10-21 16:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-12-25 11:27 - 2012-10-21 16:49 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-12-25 11:27 - 2012-10-21 16:49 - 00000000 ____D C:\Program Files (x86)\Java 2013-12-25 11:25 - 2013-12-25 11:24 - 29040552 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-i586.exe 2013-12-25 11:23 - 2013-12-25 11:22 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64(1).exe 2013-12-25 11:22 - 2013-12-25 11:22 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Oracle 2013-12-25 11:20 - 2013-12-25 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-12-25 11:20 - 2013-12-25 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files\Java 2013-12-25 11:18 - 2013-12-25 11:17 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64.exe 2013-12-25 10:57 - 2013-06-05 22:16 - 00000000 ____D C:\ProgramData\BlueStacks 2013-12-25 10:57 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-12-23 15:57 - 2013-05-14 20:54 - 00049817 _____ C:\Users\Gisi\Documents\Gisis_Bücherverwaltung.bookcook 2013-12-23 09:42 - 2012-08-23 20:05 - 00000000 ____D C:\Users\Gisi\Documents\Vermögensspiegel 2013-12-19 20:15 - 2013-12-19 20:15 - 00004704 _____ C:\Users\Gisi\Documents\cc_20131219_201531.reg 2013-12-19 07:22 - 2012-08-23 20:04 - 00000000 ____D C:\Users\Gisi\Documents\Förderverein Eugen-Bolz-Grundschule 2013-12-18 21:03 - 2012-08-23 20:04 - 00000000 ____D C:\Users\Gisi\Documents\Erbengemeinschaft 2013-12-17 18:43 - 2013-12-17 18:43 - 00002136 _____ C:\Users\Public\Desktop\Samsung New PC Studio.lnk 2013-12-17 18:43 - 2012-09-27 19:40 - 00000000 ___HD C:\Users\Gisela\AppData\Local\Downloaded Installations 2013-12-17 18:43 - 2012-08-23 08:52 - 00188000 ____H C:\Users\Gisela\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-17 18:38 - 2012-09-27 22:11 - 00000000 ____D C:\Users\Gisela\Documents\samsung 2013-12-17 18:29 - 2012-10-03 11:16 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution 2013-12-17 18:25 - 2013-12-17 18:18 - 173838160 _____ C:\Users\Gisi\Downloads\New_PC_Studio_1.5.1.10064_2.exe 2013-12-17 17:59 - 2012-11-25 16:02 - 00000000 ____D C:\Users\Gisi\Desktop\Baum 2013-12-17 17:53 - 2013-12-17 17:53 - 00002020 _____ C:\Users\Gisi\Desktop\Anpassen Fences.lnk 2013-12-17 17:53 - 2013-12-17 17:53 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Stardock 2013-12-17 17:52 - 2013-12-17 17:52 - 00002020 _____ C:\Users\Gisela\Desktop\Anpassen Fences.lnk 2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 __HDC C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6} 2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Stardock 2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Program Files (x86)\Stardock 2013-12-17 17:51 - 2013-12-17 17:50 - 09477848 _____ (Stardock Corporation ) C:\Users\Gisi\Downloads\fences101_public.exe 2013-12-17 16:34 - 2012-09-16 17:16 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\vlc 2013-12-17 16:31 - 2013-12-16 23:40 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\dvdcss 2013-12-17 15:44 - 2011-01-14 00:12 - 00000000 ____D C:\ProgramData\Sonic 2013-12-16 23:40 - 2012-08-23 10:30 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Roxio 2013-12-16 23:39 - 2013-12-16 23:39 - 00000000 ____D C:\Users\Gisi\AppData\Local\Sonic_Solutions 2013-12-16 22:53 - 2013-12-16 22:53 - 00000000 ____D C:\Users\Gisi\Documents\AnyDVDHD 2013-12-16 22:50 - 2013-07-16 17:16 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2013-12-16 22:48 - 2013-12-16 22:48 - 00001095 _____ C:\Users\Public\Desktop\AnyDVD.lnk 2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\ProgramData\SlySoft 2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\Program Files (x86)\SlySoft 2013-12-16 22:47 - 2013-12-16 22:47 - 10518000 _____ C:\Users\Gisi\Downloads\SetupAnyDVD7380.exe 2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisi\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk 2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisela\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk 2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\DVD Shrink 2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\Program Files (x86)\DVD Shrink DE 2013-12-16 22:38 - 2013-12-16 22:38 - 01258692 _____ (DVD Shrink ) C:\Users\Gisi\Downloads\dvdshrink1.31.21.de1._decss-frei_1.setup1.exe 2013-12-16 22:02 - 2013-12-16 22:02 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Canneverbe Limited 2013-12-16 22:02 - 2013-07-16 17:16 - 00001943 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2013-12-16 22:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help 2013-12-16 21:58 - 2013-11-23 21:25 - 00002908 _____ C:\Users\Public\Desktop\Quicken 2014.lnk 2013-12-16 19:59 - 2013-10-27 21:31 - 00000000 ____D C:\Users\Gisi\AppData\Local\Deployment 2013-12-14 19:42 - 2013-07-14 21:31 - 00000000 ____D C:\Windows\system32\MRT 2013-12-14 19:38 - 2012-08-23 11:33 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-12 22:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-12-12 18:34 - 2012-08-23 20:04 - 00000000 ____D C:\Users\Gisi\Desktop\Notizen 2013-12-12 18:32 - 2009-07-14 05:45 - 00637360 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-12 12:10 - 2012-10-15 19:23 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-11 13:54 - 2012-09-07 08:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-11 13:54 - 2012-09-07 08:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 07:15 - 2012-09-12 18:25 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-11 06:40 - 2013-10-27 21:32 - 00004687 _____ C:\Windows\avmacc.log 2013-12-08 12:23 - 2011-01-14 00:07 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-12-08 07:33 - 2013-04-14 07:38 - 00000000 ____D C:\Users\Gisi\AppData\Local\FreePDF_XP 2013-12-07 08:22 - 2013-02-26 20:33 - 00000000 ____D C:\Program Files\Microsoft Office 15 2013-12-06 20:58 - 2013-06-09 14:01 - 00007168 _____ C:\Users\Gisi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-06 15:25 - 2012-08-23 20:03 - 00000000 ____D C:\Users\Gisi\Documents\Buddhismus 2013-12-01 09:34 - 2013-12-01 09:23 - 00000000 ____D C:\Users\Gisi\Documents\Meditation_Selbstliebe 2013-11-30 08:08 - 2012-10-21 13:48 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\TIPP10 Some content of TEMP: ==================== C:\Users\Gisela\AppData\Local\Temp\bdfilters.dll C:\Users\Gisela\AppData\Local\Temp\Execute2App.exe C:\Users\Gisela\AppData\Local\Temp\GdiPlus.dll C:\Users\Gisela\AppData\Local\Temp\HssInstaller64.exe C:\Users\Gisela\AppData\Local\Temp\incredibar_installer.exe C:\Users\Gisela\AppData\Local\Temp\InstallerMessageBox.exe C:\Users\Gisela\AppData\Local\Temp\Kies2RemoveAll.exe C:\Users\Gisela\AppData\Local\Temp\MSNFB04.exe C:\Users\Gisela\AppData\Local\Temp\msvcp90.dll C:\Users\Gisela\AppData\Local\Temp\msvcr90.dll C:\Users\Gisela\AppData\Local\Temp\NPSInstallerProxy.exe C:\Users\Gisela\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll C:\Users\Gisela\AppData\Local\Temp\OfficeSetup.exe C:\Users\Gisela\AppData\Local\Temp\Quarantine.exe C:\Users\Gisela\AppData\Local\Temp\Setup.x64.de-DE_ProPlusRetail_R3PKH-82NF2-VCGB7-2P366-P7GXQ_act_1_.exe C:\Users\Gisela\AppData\Local\Temp\Setup.x86.de-DE_ProPlusRetail_R3PKH-82NF2-VCGB7-2P366-P7GXQ_act_1_.exe C:\Users\Gisela\AppData\Local\Temp\SIMEEIInstaller.exe C:\Users\Gisela\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\Gisela\AppData\Local\Temp\vlc-2.0.2-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ --- --- --- Soll ich die ganze prozedur nochmal durchgehen damit Du das malwarebyte - log- file bekommst? Gruß Markus So, nachtrag zu meiner vorherigen Antwort. Ich habe das log-file von maleware bytes gefunden, .. sorry! war unter dem Admin Account abgelegt! Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.30.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Gisela :: GISELA-PC [Administrator] 30.12.2013 09:46:58 MBAM-log-2013-12-30 (10-06-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 245406 Laufzeit: 15 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites (PUP.Optional.Updater) -> Keine Aktion durchgeführt. HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Daten: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Gisela\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Keine Aktion durchgeführt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0H1L1J1L1S1R1N -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\Gisela\AppData\Roaming\DigitalSites\UpdateProc (PUP.Optional.Updater) -> Keine Aktion durchgeführt. C:\Users\Gisela\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\Gisela\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 7 C:\Users\Gisi\Downloads\ZipExtractorSetup.exe (PUP.Optional.Jumpyapps) -> Keine Aktion durchgeführt. C:\Users\Gisela\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe (PUP.Optional.Updater) -> Keine Aktion durchgeführt. C:\Users\Gisela\AppData\Roaming\DigitalSites\UpdateProc\config.dat (PUP.Optional.Updater) -> Keine Aktion durchgeführt. C:\Users\Gisela\AppData\Roaming\DigitalSites\UpdateProc\prod.dat (PUP.Optional.Updater) -> Keine Aktion durchgeführt. C:\Users\Gisela\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\Gisela\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\Gisela\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. (Ende) Gruß Markus |
|
30.12.2013, 15:16
| #4 |
| | Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik Hallo, nachdem ich das Malware - logfile unter dem Admin Account gefunden habe, hab ich die beiden anderen Tools auch nochmal direkt mit der Admin Anmeldung ausgeführt. Insbesondere das JRT Tool hat jetzt deutlich länger gescannt als beim ersten mal. ich poste Dir hier mal die log - files: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 30/12/2013 um 14:43:38
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Gisela - GISELA-PC
# Gestartet von : C:\Users\Gisi\Downloads\TrojanerBoard\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Gisela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v15.0.1 (de)
[ Datei : C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\uc86hzij.default\prefs.js ]
[ Datei : C:\Users\Gisi\AppData\Roaming\Mozilla\Firefox\Profiles\bnd6cso4.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Gisela\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [22227 octets] - [30/12/2013 10:21:47]
AdwCleaner[R1].txt - [1282 octets] - [30/12/2013 12:16:28]
AdwCleaner[R2].txt - [1344 octets] - [30/12/2013 14:42:44]
AdwCleaner[S0].txt - [21587 octets] - [30/12/2013 10:28:27]
AdwCleaner[S1].txt - [1265 octets] - [30/12/2013 14:43:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1325 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Gisela on 30.12.2013 at 14:48:15,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-64726236-25179691-968344860-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-64726236-25179691-968344860-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-BetterInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-BetterInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-BetterInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-BetterInstaller_RASMANCS
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\user.js
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.12.2013 at 14:58:44,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by Gisela (administrator) on GISELA-PC on 30-12-2013 15:02:03
Running from C:\Users\Gisi\Downloads\TrojanerBoard
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(www.rene-zeidler.de) C:\Users\Gisi\Downloads\SnippingToolPlusv3-4-1-0\Snipping Tool Plus.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Everio MediaBrowser 4\MBCameraMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\Integration\Integrator.exe
(Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3206816 2010-08-04] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
HKLM\...\Run: [Karteikasten] - C:\Program Files\Flo & Seb Engineering\Karteikasten\WitzAnzeigen.exe [32256 2012-04-21] (Flo & Seb Engineering)
HKLM\...\Run: [Snipping Tool Plus] - C:\Users\Gisi\Downloads\SnippingToolPlusv3-4-1-0\Snipping Tool Plus.exe [733184 2012-11-13] (www.rene-zeidler.de)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-20] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus\Trayserver_DE.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [NPSStartup] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-12] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] ()
HKLM-x32\...\RunOnce: [STToasterLauncher] - C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-12] ()
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [93096 2013-12-12] (SlySoft, Inc.)
HKCU\...\Run: [AutoStartNPSAgent] - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\Gisi\...\Run: [Snipping Tool Plus] - C:\Users\Gisi\Downloads\SnippingToolPlusv3-4-1-0\Snipping Tool Plus.exe [733184 2012-11-13] (www.rene-zeidler.de)
HKU\Gisi\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\Gisi\...\Run: [AVMUSBFernanschluss] - C:\Users\Gisi\AppData\Local\Apps\2.0\1HYEYL8J.ZVB\EG3QMWG4.83O\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\AVMAutoStart.exe [139264 2013-10-27] (AVM Berlin)
HKU\Gisi\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7654312 2013-12-12] (SlySoft, Inc.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [ ] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {26D9475E-E572-49CB-BAB2-887CDF71E03B} URL =
SearchScopes: HKCU - {6F280418-4F6E-494F-A922-8D2EDF098A9D} URL =
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport_x64.dll" No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120823143746.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\mcafee\msk\mskapbho.dll ()
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport.dll" No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120919093932.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport_x64.dll" No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport.dll" No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\uc86hzij.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Websteroids - C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\uc86hzij.default\Extensions\support@websteroidsapp.com
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [220528 2010-08-30] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2013-10-27] (AVM Berlin)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-12-13] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-12-13] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-12-13] (Paragon)
S3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [54088 2010-11-24] (usb camera)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
S3 sxuptp; system32\DRIVERS\sxuptp.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-30 14:59 - 2013-12-30 14:59 - 00001598 _____ C:\Users\Gisela\Desktop\JRT_adm.txt
2013-12-30 14:58 - 2013-12-30 14:58 - 00001598 _____ C:\Users\Gisela\Desktop\JRT.txt
2013-12-30 14:48 - 2013-12-30 14:48 - 00000000 ____D C:\Windows\ERUNT
2013-12-30 14:46 - 2013-12-30 14:46 - 00001405 _____ C:\Users\Gisela\Desktop\AdwCleaner[S1].txt
2013-12-30 14:45 - 2013-12-30 14:45 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\www.rene-zeidler.de
2013-12-30 14:45 - 2013-12-30 14:45 - 00000000 ____D C:\Users\Gisela\AppData\Local\www.rene-zeidler.de
2013-12-30 13:30 - 2013-12-30 13:30 - 00000000 ____D C:\Users\Gisela\Documents\Lexware
2013-12-30 12:15 - 2013-12-30 15:02 - 00000000 ____D C:\Users\Gisi\Downloads\TrojanerBoard
2013-12-30 12:09 - 2013-12-30 12:09 - 00000000 ____D C:\Users\Gisi\Desktop\Virus
2013-12-30 10:47 - 2013-12-30 10:47 - 00000626 _____ C:\Users\Gisela\Desktop\JRT_01.txt
2013-12-30 10:24 - 2013-12-30 10:24 - 00022227 _____ C:\Users\Gisela\Desktop\AdwCleaner[R0].txt
2013-12-30 10:21 - 2013-12-30 14:43 - 00000000 ____D C:\AdwCleaner
2013-12-30 01:56 - 2013-12-30 10:28 - 00000411 _____ C:\Users\Gisi\daemonprocess.txt
2013-12-29 21:59 - 2013-12-29 21:59 - 00004247 _____ C:\Users\Gisela\Desktop\gmer.log
2013-12-29 21:21 - 2013-12-29 21:21 - 00000000 ____D C:\FRST
2013-12-29 21:18 - 2013-12-29 21:18 - 00000000 _____ C:\Users\Gisela\defogger_reenable
2013-12-29 21:15 - 2013-12-30 14:15 - 00000296 _____ C:\Windows\Tasks\Digital Sites.job
2013-12-29 21:15 - 2013-12-30 10:07 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\DigitalSites
2013-12-29 21:15 - 2013-12-30 01:48 - 00000137 _____ C:\Users\Gisela\daemonprocess.txt
2013-12-29 21:15 - 2013-12-29 21:32 - 00000000 ____D C:\Users\Gisela\AppData\Local\cache
2013-12-29 21:15 - 2013-12-29 21:16 - 00000000 ____D C:\Users\Gisela\.android
2013-12-29 21:15 - 2013-12-29 21:15 - 00003240 _____ C:\Windows\System32\Tasks\Digital Sites
2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\0D0S1L2Z1P1B
2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Local\genienext
2013-12-29 18:37 - 2013-12-29 18:37 - 00188000 _____ C:\Users\Gisi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-27 19:25 - 2013-12-27 19:25 - 00000000 ____D C:\Users\Gisela\Mein Backup Datei
2013-12-27 19:18 - 2013-12-27 19:18 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisela\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.34311595515392672.1.1.Run.exe
2013-12-27 19:16 - 2013-12-27 19:16 - 00000000 ____D C:\Users\Gisela\AppData\Local\Macromedia
2013-12-26 14:47 - 2013-12-26 14:47 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisi\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.196311478738175353.1.1.Run.exe
2013-12-25 11:32 - 2013-12-25 11:33 - 24097311 _____ C:\Users\Gisi\Downloads\vlc-2.1.2-win32.exe
2013-12-25 11:27 - 2013-12-25 11:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-25 11:24 - 2013-12-25 11:25 - 29040552 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-i586.exe
2013-12-25 11:22 - 2013-12-25 11:23 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64(1).exe
2013-12-25 11:22 - 2013-12-25 11:22 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Oracle
2013-12-25 11:20 - 2013-12-25 11:28 - 00000000 ____D C:\ProgramData\Oracle
2013-12-25 11:20 - 2013-12-25 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-25 11:20 - 2013-12-25 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files\Java
2013-12-25 11:17 - 2013-12-25 11:18 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64.exe
2013-12-19 20:15 - 2013-12-19 20:15 - 00004704 _____ C:\Users\Gisi\Documents\cc_20131219_201531.reg
2013-12-17 18:43 - 2013-12-17 18:43 - 00002136 _____ C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2013-12-17 18:41 - 2010-04-27 03:25 - 00161280 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdm.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00161280 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bmdm.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00127488 _____ (MCCI) C:\Windows\system32\Drivers\ss_bbus.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00127488 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscebus.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00018944 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdfl.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00018944 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bmdfl.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewhnt.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewh.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bwhnt.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecmnt.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecm.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bcmnt.sys
2013-12-17 18:39 - 2010-07-04 19:11 - 00025960 _____ (Teruten Inc) C:\Windows\system32\FsExService64.exe
2013-12-17 18:39 - 2010-06-14 09:32 - 00016448 _____ (Teruten Inc) C:\Windows\system32\Drivers\TFsExDisk.sys
2013-12-17 18:18 - 2013-12-17 18:25 - 173838160 _____ C:\Users\Gisi\Downloads\New_PC_Studio_1.5.1.10064_2.exe
2013-12-17 17:53 - 2013-12-17 17:53 - 00002020 _____ C:\Users\Gisi\Desktop\Anpassen Fences.lnk
2013-12-17 17:53 - 2013-12-17 17:53 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Stardock
2013-12-17 17:52 - 2013-12-17 17:52 - 00002020 _____ C:\Users\Gisela\Desktop\Anpassen Fences.lnk
2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 __HDC C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Stardock
2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Program Files (x86)\Stardock
2013-12-17 17:50 - 2013-12-17 17:51 - 09477848 _____ (Stardock Corporation ) C:\Users\Gisi\Downloads\fences101_public.exe
2013-12-16 23:40 - 2013-12-17 16:31 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\dvdcss
2013-12-16 23:39 - 2013-12-16 23:39 - 00000000 ____D C:\Users\Gisi\AppData\Local\Sonic_Solutions
2013-12-16 22:53 - 2013-12-16 22:53 - 00000000 ____D C:\Users\Gisi\Documents\AnyDVDHD
2013-12-16 22:51 - 2013-12-30 13:32 - 00000040 _____ C:\ProgramData\.zreglib
2013-12-16 22:48 - 2013-12-16 22:48 - 00001095 _____ C:\Users\Public\Desktop\AnyDVD.lnk
2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\ProgramData\SlySoft
2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\Program Files (x86)\SlySoft
2013-12-16 22:47 - 2013-12-16 22:47 - 10518000 _____ C:\Users\Gisi\Downloads\SetupAnyDVD7380.exe
2013-12-16 22:39 - 2013-12-27 22:33 - 00000000 ____D C:\ProgramData\Updater
2013-12-16 22:39 - 2013-12-27 22:33 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisi\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk
2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisela\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk
2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\DVD Shrink
2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\Program Files (x86)\DVD Shrink DE
2013-12-16 22:38 - 2013-12-16 22:38 - 01258692 _____ (DVD Shrink ) C:\Users\Gisi\Downloads\dvdshrink1.31.21.de1._decss-frei_1.setup1.exe
2013-12-16 22:02 - 2013-12-16 22:02 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Canneverbe Limited
2013-12-12 12:11 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 12:11 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 12:11 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 12:10 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 12:09 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 12:09 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 12:09 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 12:09 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 12:09 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 12:09 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 12:09 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 12:09 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 12:09 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 12:09 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 12:09 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 12:09 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 12:09 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 12:09 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 12:09 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 12:09 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 12:09 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 12:09 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 12:09 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 12:09 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 12:09 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 12:09 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 12:09 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 12:09 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 12:09 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 12:09 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 12:08 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 12:08 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 12:08 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 12:08 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 12:08 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 11:06 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 11:06 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 11:06 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 11:06 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 11:06 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 11:06 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 11:06 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 11:06 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 11:06 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 11:06 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 11:06 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 11:06 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 11:06 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 11:06 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 11:06 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 11:06 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 11:06 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 11:06 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 11:06 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 07:04 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-11 07:04 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-11 07:04 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-11 07:04 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-11 07:04 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-12-11 07:04 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-12-11 07:04 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-12-01 09:23 - 2013-12-01 09:34 - 00000000 ____D C:\Users\Gisi\Documents\Meditation_Selbstliebe
==================== One Month Modified Files and Folders =======
2013-12-30 15:03 - 2012-10-15 19:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-30 15:02 - 2013-12-30 12:15 - 00000000 ____D C:\Users\Gisi\Downloads\TrojanerBoard
2013-12-30 15:00 - 2013-02-26 20:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-30 15:00 - 2012-08-23 08:54 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-12-30 14:59 - 2013-12-30 14:59 - 00001598 _____ C:\Users\Gisela\Desktop\JRT_adm.txt
2013-12-30 14:58 - 2013-12-30 14:58 - 00001598 _____ C:\Users\Gisela\Desktop\JRT.txt
2013-12-30 14:54 - 2012-09-30 16:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-30 14:52 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-30 14:52 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-30 14:48 - 2013-12-30 14:48 - 00000000 ____D C:\Windows\ERUNT
2013-12-30 14:46 - 2013-12-30 14:46 - 00001405 _____ C:\Users\Gisela\Desktop\AdwCleaner[S1].txt
2013-12-30 14:45 - 2013-12-30 14:45 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\www.rene-zeidler.de
2013-12-30 14:45 - 2013-12-30 14:45 - 00000000 ____D C:\Users\Gisela\AppData\Local\www.rene-zeidler.de
2013-12-30 14:45 - 2012-08-23 08:54 - 00000071 _____ C:\Windows\SysWOW64\ToasterLauncherLog.log
2013-12-30 14:45 - 2012-08-23 08:52 - 00000000 ____D C:\Users\Gisela\AppData\Local\SoftThinks
2013-12-30 14:45 - 2011-01-13 23:54 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-12-30 14:44 - 2012-09-12 18:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-30 14:44 - 2011-01-13 16:33 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-30 14:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-30 14:44 - 2009-07-14 05:51 - 00093332 _____ C:\Windows\setupact.log
2013-12-30 14:43 - 2013-12-30 10:21 - 00000000 ____D C:\AdwCleaner
2013-12-30 14:43 - 2009-07-14 06:10 - 01064084 _____ C:\Windows\WindowsUpdate.log
2013-12-30 14:15 - 2013-12-29 21:15 - 00000296 _____ C:\Windows\Tasks\Digital Sites.job
2013-12-30 14:12 - 2012-09-12 18:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-30 13:32 - 2013-12-16 22:51 - 00000040 _____ C:\ProgramData\.zreglib
2013-12-30 13:30 - 2013-12-30 13:30 - 00000000 ____D C:\Users\Gisela\Documents\Lexware
2013-12-30 13:21 - 2012-08-23 11:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-12-30 13:21 - 2012-08-23 11:00 - 00000000 ____D C:\ProgramData\PCDr
2013-12-30 12:09 - 2013-12-30 12:09 - 00000000 ____D C:\Users\Gisi\Desktop\Virus
2013-12-30 10:47 - 2013-12-30 10:47 - 00000626 _____ C:\Users\Gisela\Desktop\JRT_01.txt
2013-12-30 10:29 - 2012-10-12 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-30 10:28 - 2013-12-30 01:56 - 00000411 _____ C:\Users\Gisi\daemonprocess.txt
2013-12-30 10:24 - 2013-12-30 10:24 - 00022227 _____ C:\Users\Gisela\Desktop\AdwCleaner[R0].txt
2013-12-30 10:14 - 2011-01-13 16:30 - 00204114 _____ C:\Windows\PFRO.log
2013-12-30 10:07 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\DigitalSites
2013-12-30 09:42 - 2013-06-05 06:19 - 00001103 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-30 09:42 - 2013-06-05 06:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-30 01:56 - 2012-08-23 10:29 - 00000000 ____D C:\Users\Gisi
2013-12-30 01:48 - 2013-12-29 21:15 - 00000137 _____ C:\Users\Gisela\daemonprocess.txt
2013-12-29 21:59 - 2013-12-29 21:59 - 00004247 _____ C:\Users\Gisela\Desktop\gmer.log
2013-12-29 21:47 - 2013-01-02 17:52 - 00000000 ____D C:\Users\Gisi\AppData\Local\Windows Live
2013-12-29 21:32 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Local\cache
2013-12-29 21:21 - 2013-12-29 21:21 - 00000000 ____D C:\FRST
2013-12-29 21:18 - 2013-12-29 21:18 - 00000000 _____ C:\Users\Gisela\defogger_reenable
2013-12-29 21:18 - 2012-08-23 08:52 - 00000000 ____D C:\Users\Gisela
2013-12-29 21:16 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\.android
2013-12-29 21:15 - 2013-12-29 21:15 - 00003240 _____ C:\Windows\System32\Tasks\Digital Sites
2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\0D0S1L2Z1P1B
2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Local\genienext
2013-12-29 21:07 - 2013-10-20 11:21 - 00237568 ___SH C:\Users\Gisi\Desktop\Thumbs.db
2013-12-29 21:07 - 2012-11-11 17:36 - 00000000 ____D C:\Users\Gisi\Desktop\Bilder
2013-12-29 18:37 - 2013-12-29 18:37 - 00188000 _____ C:\Users\Gisi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-27 22:33 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\Updater
2013-12-27 22:33 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-27 19:25 - 2013-12-27 19:25 - 00000000 ____D C:\Users\Gisela\Mein Backup Datei
2013-12-27 19:18 - 2013-12-27 19:18 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisela\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.34311595515392672.1.1.Run.exe
2013-12-27 19:16 - 2013-12-27 19:16 - 00000000 ____D C:\Users\Gisela\AppData\Local\Macromedia
2013-12-27 19:13 - 2012-11-16 21:07 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Lexware
2013-12-27 19:13 - 2012-08-23 08:54 - 00001415 _____ C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-27 19:13 - 2012-08-23 08:54 - 00000000 ___RD C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-27 19:13 - 2012-08-23 08:52 - 00000000 ___RD C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-26 14:47 - 2013-12-26 14:47 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisi\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.196311478738175353.1.1.Run.exe
2013-12-26 12:24 - 2009-07-14 18:58 - 07267914 _____ C:\Windows\system32\perfh007.dat
2013-12-26 12:24 - 2009-07-14 18:58 - 02278306 _____ C:\Windows\system32\perfc007.dat
2013-12-26 12:24 - 2009-07-14 06:13 - 00006260 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-25 15:08 - 2012-12-20 07:24 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Skype
2013-12-25 13:44 - 2011-01-13 23:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-25 13:44 - 2011-01-13 23:55 - 00000000 ____D C:\ProgramData\Skype
2013-12-25 11:41 - 2012-09-16 17:15 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-25 11:33 - 2013-12-25 11:32 - 24097311 _____ C:\Users\Gisi\Downloads\vlc-2.1.2-win32.exe
2013-12-25 11:28 - 2013-12-25 11:20 - 00000000 ____D C:\ProgramData\Oracle
2013-12-25 11:27 - 2013-12-25 11:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-25 11:27 - 2012-10-21 16:49 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-25 11:27 - 2012-10-21 16:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-25 11:27 - 2012-10-21 16:49 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-25 11:27 - 2012-10-21 16:49 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-25 11:25 - 2013-12-25 11:24 - 29040552 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-i586.exe
2013-12-25 11:23 - 2013-12-25 11:22 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64(1).exe
2013-12-25 11:22 - 2013-12-25 11:22 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Oracle
2013-12-25 11:20 - 2013-12-25 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-25 11:20 - 2013-12-25 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files\Java
2013-12-25 11:18 - 2013-12-25 11:17 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64.exe
2013-12-25 10:57 - 2013-06-05 22:16 - 00000000 ____D C:\ProgramData\BlueStacks
2013-12-25 10:57 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-23 15:57 - 2013-05-14 20:54 - 00049817 _____ C:\Users\Gisi\Documents\Gisis_Bücherverwaltung.bookcook
2013-12-23 09:42 - 2012-08-23 20:05 - 00000000 ____D C:\Users\Gisi\Documents\Vermögensspiegel
2013-12-19 20:15 - 2013-12-19 20:15 - 00004704 _____ C:\Users\Gisi\Documents\cc_20131219_201531.reg
2013-12-19 07:22 - 2012-08-23 20:04 - 00000000 ____D C:\Users\Gisi\Documents\Förderverein Eugen-Bolz-Grundschule
2013-12-18 21:03 - 2012-08-23 20:04 - 00000000 ____D C:\Users\Gisi\Documents\Erbengemeinschaft
2013-12-17 18:43 - 2013-12-17 18:43 - 00002136 _____ C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2013-12-17 18:43 - 2012-09-27 19:40 - 00000000 ___HD C:\Users\Gisela\AppData\Local\Downloaded Installations
2013-12-17 18:43 - 2012-08-23 08:52 - 00188000 ____H C:\Users\Gisela\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-17 18:38 - 2012-09-27 22:11 - 00000000 ____D C:\Users\Gisela\Documents\samsung
2013-12-17 18:29 - 2012-10-03 11:16 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2013-12-17 18:25 - 2013-12-17 18:18 - 173838160 _____ C:\Users\Gisi\Downloads\New_PC_Studio_1.5.1.10064_2.exe
2013-12-17 17:59 - 2012-11-25 16:02 - 00000000 ____D C:\Users\Gisi\Desktop\Baum
2013-12-17 17:53 - 2013-12-17 17:53 - 00002020 _____ C:\Users\Gisi\Desktop\Anpassen Fences.lnk
2013-12-17 17:53 - 2013-12-17 17:53 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Stardock
2013-12-17 17:52 - 2013-12-17 17:52 - 00002020 _____ C:\Users\Gisela\Desktop\Anpassen Fences.lnk
2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 __HDC C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Stardock
2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Program Files (x86)\Stardock
2013-12-17 17:51 - 2013-12-17 17:50 - 09477848 _____ (Stardock Corporation ) C:\Users\Gisi\Downloads\fences101_public.exe
2013-12-17 16:34 - 2012-09-16 17:16 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\vlc
2013-12-17 16:31 - 2013-12-16 23:40 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\dvdcss
2013-12-17 15:44 - 2011-01-14 00:12 - 00000000 ____D C:\ProgramData\Sonic
2013-12-17 15:43 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-16 23:40 - 2012-08-23 10:30 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Roxio
2013-12-16 23:39 - 2013-12-16 23:39 - 00000000 ____D C:\Users\Gisi\AppData\Local\Sonic_Solutions
2013-12-16 22:53 - 2013-12-16 22:53 - 00000000 ____D C:\Users\Gisi\Documents\AnyDVDHD
2013-12-16 22:50 - 2013-07-16 17:16 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-12-16 22:48 - 2013-12-16 22:48 - 00001095 _____ C:\Users\Public\Desktop\AnyDVD.lnk
2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\ProgramData\SlySoft
2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\Program Files (x86)\SlySoft
2013-12-16 22:47 - 2013-12-16 22:47 - 10518000 _____ C:\Users\Gisi\Downloads\SetupAnyDVD7380.exe
2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisi\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk
2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisela\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk
2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\DVD Shrink
2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\Program Files (x86)\DVD Shrink DE
2013-12-16 22:38 - 2013-12-16 22:38 - 01258692 _____ (DVD Shrink ) C:\Users\Gisi\Downloads\dvdshrink1.31.21.de1._decss-frei_1.setup1.exe
2013-12-16 22:02 - 2013-12-16 22:02 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Canneverbe Limited
2013-12-16 22:02 - 2013-07-16 17:16 - 00001943 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-12-16 22:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-12-16 21:58 - 2013-11-23 21:25 - 00002908 _____ C:\Users\Public\Desktop\Quicken 2014.lnk
2013-12-16 19:59 - 2013-10-27 21:31 - 00000000 ____D C:\Users\Gisi\AppData\Local\Deployment
2013-12-14 19:42 - 2013-07-14 21:31 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 19:38 - 2012-08-23 11:33 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 22:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 18:34 - 2012-08-23 20:04 - 00000000 ____D C:\Users\Gisi\Desktop\Notizen
2013-12-12 18:32 - 2009-07-14 05:45 - 00637360 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 13:54 - 2012-09-30 16:23 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 13:54 - 2012-09-07 08:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 13:54 - 2012-09-07 08:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 07:15 - 2012-09-12 18:25 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-11 06:40 - 2013-10-27 21:32 - 00004687 _____ C:\Windows\avmacc.log
2013-12-08 12:23 - 2011-01-14 00:07 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-08 07:33 - 2013-04-14 07:38 - 00000000 ____D C:\Users\Gisi\AppData\Local\FreePDF_XP
2013-12-06 20:58 - 2013-06-09 14:01 - 00007168 _____ C:\Users\Gisi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-06 15:25 - 2012-08-23 20:03 - 00000000 ____D C:\Users\Gisi\Documents\Buddhismus
2013-12-06 12:07 - 2012-09-12 18:25 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 12:07 - 2012-09-12 18:25 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-01 09:34 - 2013-12-01 09:23 - 00000000 ____D C:\Users\Gisi\Documents\Meditation_Selbstliebe
2013-11-30 08:08 - 2012-10-21 13:48 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\TIPP10
Some content of TEMP:
====================
C:\Users\Gisela\AppData\Local\Temp\bdfilters.dll
C:\Users\Gisela\AppData\Local\Temp\Execute2App.exe
C:\Users\Gisela\AppData\Local\Temp\GdiPlus.dll
C:\Users\Gisela\AppData\Local\Temp\HssInstaller64.exe
C:\Users\Gisela\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Gisela\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\Gisela\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\Gisela\AppData\Local\Temp\m2oeqbr4.dll
C:\Users\Gisela\AppData\Local\Temp\MSNFB04.exe
C:\Users\Gisela\AppData\Local\Temp\msvcp90.dll
C:\Users\Gisela\AppData\Local\Temp\msvcr90.dll
C:\Users\Gisela\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\Gisela\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\Gisela\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Gisela\AppData\Local\Temp\Quarantine.exe
C:\Users\Gisela\AppData\Local\Temp\Setup.x64.de-DE_ProPlusRetail_R3PKH-82NF2-VCGB7-2P366-P7GXQ_act_1_.exe
C:\Users\Gisela\AppData\Local\Temp\Setup.x86.de-DE_ProPlusRetail_R3PKH-82NF2-VCGB7-2P366-P7GXQ_act_1_.exe
C:\Users\Gisela\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Gisela\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Gisela\AppData\Local\Temp\vlc-2.0.2-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 00:44
==================== End Of Log ============================
--- --- --- Gruß Markus |
|
31.12.2013, 14:44
| #5 |
| /// the machine /// TB-Ausbilder | Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und MusikESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.01.2014, 11:05
| #6 |
| | Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik Guten morgen Schrauber, ..und ein gutes Neues Jahr! Habe die Scan's gemacht. Bei meinem Virenschutz (McAfee) habe ich keine Möglichkeit gefunden die Firewall und McAfee seperat abzuschalten. Habe im SecurityCentre nur die Möglichkeit gehabt die Firewall zu deaktivieren, hoffe das ware ausreichend so. Es gab bei den Scan's zumindest keine Fehlermeldungen! Hier die Log-files: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=504ab7645446fc43890978e02dc028d1
# engine=16463
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-31 08:56:31
# local_time=2013-12-31 09:56:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777213 100 88 25787660 137305987 0 0
# compatibility_mode=5893 16776574 66 85 14918123 140153241 0 0
# scanned=378948
# found=0
# cleaned=0
# scan_time=22227
und das zweite: Code:
ATTFilter Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` McAfee Anti-Virus und Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 32 Java 7 Update 45 Adobe Flash Player 11.9.900.170 Adobe Reader XI Mozilla Firefox 15.0.1 Firefox out of Date! Mozilla Thunderbird 15.0.1 Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe mcafee VirusScan mcods.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by Gisela (administrator) on GISELA-PC on 01-01-2014 11:01:20
Running from C:\Users\Gisela\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(www.rene-zeidler.de) C:\Users\Gisi\Downloads\SnippingToolPlusv3-4-1-0\Snipping Tool Plus.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\WINDOWS\System32\vds.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Everio MediaBrowser 4\MBCameraMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3206816 2010-08-04] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
HKLM\...\Run: [Karteikasten] - C:\Program Files\Flo & Seb Engineering\Karteikasten\WitzAnzeigen.exe [32256 2012-04-21] (Flo & Seb Engineering)
HKLM\...\Run: [Snipping Tool Plus] - C:\Users\Gisi\Downloads\SnippingToolPlusv3-4-1-0\Snipping Tool Plus.exe [733184 2012-11-13] (www.rene-zeidler.de)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-20] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus\Trayserver_DE.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [NPSStartup] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-12] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] ()
HKLM-x32\...\RunOnce: [STToasterLauncher] - C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-12] ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKCU\...\Run: [AutoStartNPSAgent] - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\Gisi\...\Run: [Snipping Tool Plus] - C:\Users\Gisi\Downloads\SnippingToolPlusv3-4-1-0\Snipping Tool Plus.exe [733184 2012-11-13] (www.rene-zeidler.de)
HKU\Gisi\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\Gisi\...\Run: [AVMUSBFernanschluss] - C:\Users\Gisi\AppData\Local\Apps\2.0\1HYEYL8J.ZVB\EG3QMWG4.83O\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\AVMAutoStart.exe [139264 2013-10-27] (AVM Berlin)
HKU\Gisi\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [ ] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Gisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {26D9475E-E572-49CB-BAB2-887CDF71E03B} URL =
SearchScopes: HKCU - {6F280418-4F6E-494F-A922-8D2EDF098A9D} URL =
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport_x64.dll" No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120823143746.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\mcafee\msk\mskapbho.dll ()
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport.dll" No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120919093932.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport_x64.dll" No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {53475432-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT2-V7\Passport.dll" No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\uc86hzij.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Websteroids - C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\uc86hzij.default\Extensions\support@websteroidsapp.com
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [220528 2010-08-30] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2013-10-27] (AVM Berlin)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-12-13] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-12-13] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-12-13] (Paragon)
S3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [54088 2010-11-24] (usb camera)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
S3 sxuptp; system32\DRIVERS\sxuptp.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-01 11:01 - 2014-01-01 11:01 - 00026091 _____ C:\Users\Gisela\Desktop\FRST.txt
2014-01-01 11:00 - 2013-12-29 21:21 - 01931302 _____ (Farbar) C:\Users\Gisela\Desktop\FRST64.exe
2013-12-31 22:26 - 2013-12-31 15:35 - 00891200 _____ C:\Users\Gisela\Desktop\SecurityCheck.exe
2013-12-31 15:36 - 2013-12-31 15:36 - 00891200 _____ C:\Users\Gisela\Downloads\SecurityCheck(1).exe
2013-12-31 15:35 - 2013-12-31 15:35 - 00891200 _____ C:\Users\Gisela\Downloads\SecurityCheck.exe
2013-12-31 15:11 - 2013-12-31 15:12 - 02347384 _____ (ESET) C:\Users\Gisi\Downloads\esetsmartinstaller_enu.exe
2013-12-30 15:36 - 2013-12-30 15:36 - 00000024 _____ C:\Windows\FC995EB18B389A83.log
2013-12-30 15:05 - 2013-12-30 15:05 - 00058833 _____ C:\Users\Gisela\Desktop\FRST_adm.txt
2013-12-30 14:59 - 2013-12-30 14:59 - 00001598 _____ C:\Users\Gisela\Desktop\JRT_adm.txt
2013-12-30 14:58 - 2013-12-30 14:58 - 00001598 _____ C:\Users\Gisela\Desktop\JRT.txt
2013-12-30 14:48 - 2013-12-30 14:48 - 00000000 ____D C:\Windows\ERUNT
2013-12-30 14:46 - 2013-12-30 14:46 - 00001405 _____ C:\Users\Gisela\Desktop\AdwCleaner[S1].txt
2013-12-30 14:45 - 2013-12-30 14:45 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\www.rene-zeidler.de
2013-12-30 14:45 - 2013-12-30 14:45 - 00000000 ____D C:\Users\Gisela\AppData\Local\www.rene-zeidler.de
2013-12-30 13:30 - 2013-12-30 13:30 - 00000000 ____D C:\Users\Gisela\Documents\Lexware
2013-12-30 12:15 - 2013-12-31 15:39 - 00000000 ____D C:\Users\Gisi\Downloads\TrojanerBoard
2013-12-30 12:09 - 2013-12-30 12:09 - 00000000 ____D C:\Users\Gisi\Desktop\Virus
2013-12-30 10:47 - 2013-12-30 10:47 - 00000626 _____ C:\Users\Gisela\Desktop\JRT_01.txt
2013-12-30 10:24 - 2013-12-30 10:24 - 00022227 _____ C:\Users\Gisela\Desktop\AdwCleaner[R0].txt
2013-12-30 10:21 - 2013-12-30 14:43 - 00000000 ____D C:\AdwCleaner
2013-12-30 01:56 - 2013-12-30 10:28 - 00000411 _____ C:\Users\Gisi\daemonprocess.txt
2013-12-29 21:59 - 2013-12-29 21:59 - 00004247 _____ C:\Users\Gisela\Desktop\gmer.log
2013-12-29 21:21 - 2013-12-29 21:21 - 00000000 ____D C:\FRST
2013-12-29 21:18 - 2013-12-29 21:18 - 00000000 _____ C:\Users\Gisela\defogger_reenable
2013-12-29 21:15 - 2014-01-01 10:19 - 00000296 _____ C:\Windows\Tasks\Digital Sites.job
2013-12-29 21:15 - 2013-12-30 10:07 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\DigitalSites
2013-12-29 21:15 - 2013-12-30 01:48 - 00000137 _____ C:\Users\Gisela\daemonprocess.txt
2013-12-29 21:15 - 2013-12-29 21:32 - 00000000 ____D C:\Users\Gisela\AppData\Local\cache
2013-12-29 21:15 - 2013-12-29 21:16 - 00000000 ____D C:\Users\Gisela\.android
2013-12-29 21:15 - 2013-12-29 21:15 - 00003240 _____ C:\Windows\System32\Tasks\Digital Sites
2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\0D0S1L2Z1P1B
2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Local\genienext
2013-12-29 18:37 - 2013-12-29 18:37 - 00188000 _____ C:\Users\Gisi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-27 19:25 - 2013-12-27 19:25 - 00000000 ____D C:\Users\Gisela\Mein Backup Datei
2013-12-27 19:18 - 2013-12-27 19:18 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisela\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.34311595515392672.1.1.Run.exe
2013-12-27 19:16 - 2013-12-27 19:16 - 00000000 ____D C:\Users\Gisela\AppData\Local\Macromedia
2013-12-26 14:47 - 2013-12-26 14:47 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisi\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.196311478738175353.1.1.Run.exe
2013-12-25 11:32 - 2013-12-25 11:33 - 24097311 _____ C:\Users\Gisi\Downloads\vlc-2.1.2-win32.exe
2013-12-25 11:27 - 2013-12-25 11:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-25 11:24 - 2013-12-25 11:25 - 29040552 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-i586.exe
2013-12-25 11:22 - 2013-12-25 11:23 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64(1).exe
2013-12-25 11:22 - 2013-12-25 11:22 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Oracle
2013-12-25 11:20 - 2013-12-25 11:28 - 00000000 ____D C:\ProgramData\Oracle
2013-12-25 11:20 - 2013-12-25 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-25 11:20 - 2013-12-25 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files\Java
2013-12-25 11:17 - 2013-12-25 11:18 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64.exe
2013-12-19 20:15 - 2013-12-19 20:15 - 00004704 _____ C:\Users\Gisi\Documents\cc_20131219_201531.reg
2013-12-17 18:43 - 2013-12-17 18:43 - 00002136 _____ C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2013-12-17 18:41 - 2010-04-27 03:25 - 00161280 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdm.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00161280 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bmdm.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00127488 _____ (MCCI) C:\Windows\system32\Drivers\ss_bbus.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00127488 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscebus.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00018944 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscemdfl.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00018944 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bmdfl.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewhnt.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscewh.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00015872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bwhnt.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecmnt.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscecm.sys
2013-12-17 18:41 - 2010-04-27 03:25 - 00015360 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ss_bcmnt.sys
2013-12-17 18:39 - 2010-07-04 19:11 - 00025960 _____ (Teruten Inc) C:\Windows\system32\FsExService64.exe
2013-12-17 18:39 - 2010-06-14 09:32 - 00016448 _____ (Teruten Inc) C:\Windows\system32\Drivers\TFsExDisk.sys
2013-12-17 18:18 - 2013-12-17 18:25 - 173838160 _____ C:\Users\Gisi\Downloads\New_PC_Studio_1.5.1.10064_2.exe
2013-12-17 17:53 - 2013-12-17 17:53 - 00002020 _____ C:\Users\Gisi\Desktop\Anpassen Fences.lnk
2013-12-17 17:53 - 2013-12-17 17:53 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Stardock
2013-12-17 17:52 - 2013-12-17 17:52 - 00002020 _____ C:\Users\Gisela\Desktop\Anpassen Fences.lnk
2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 __HDC C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Stardock
2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Program Files (x86)\Stardock
2013-12-17 17:50 - 2013-12-17 17:51 - 09477848 _____ (Stardock Corporation ) C:\Users\Gisi\Downloads\fences101_public.exe
2013-12-16 23:40 - 2013-12-17 16:31 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\dvdcss
2013-12-16 23:39 - 2013-12-16 23:39 - 00000000 ____D C:\Users\Gisi\AppData\Local\Sonic_Solutions
2013-12-16 22:53 - 2013-12-16 22:53 - 00000000 ____D C:\Users\Gisi\Documents\AnyDVDHD
2013-12-16 22:51 - 2013-12-30 13:32 - 00000040 _____ C:\ProgramData\.zreglib
2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\ProgramData\SlySoft
2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\Program Files (x86)\SlySoft
2013-12-16 22:47 - 2013-12-16 22:47 - 10518000 _____ C:\Users\Gisi\Downloads\SetupAnyDVD7380.exe
2013-12-16 22:39 - 2013-12-27 22:33 - 00000000 ____D C:\ProgramData\Updater
2013-12-16 22:39 - 2013-12-27 22:33 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisi\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk
2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisela\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk
2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\DVD Shrink
2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\Program Files (x86)\DVD Shrink DE
2013-12-16 22:38 - 2013-12-16 22:38 - 01258692 _____ (DVD Shrink ) C:\Users\Gisi\Downloads\dvdshrink1.31.21.de1._decss-frei_1.setup1.exe
2013-12-16 22:02 - 2013-12-16 22:02 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Canneverbe Limited
2013-12-12 12:11 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 12:11 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 12:11 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 12:10 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 12:09 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 12:09 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 12:09 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 12:09 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 12:09 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 12:09 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 12:09 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 12:09 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 12:09 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 12:09 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 12:09 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 12:09 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 12:09 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 12:09 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 12:09 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 12:09 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 12:09 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 12:09 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 12:09 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 12:09 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 12:09 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 12:09 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 12:09 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 12:09 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 12:09 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 12:09 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 12:08 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 12:08 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 12:08 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 12:08 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 12:08 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 11:06 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 11:06 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 11:06 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 11:06 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 11:06 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 11:06 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 11:06 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 11:06 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 11:06 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 11:06 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 11:06 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 11:06 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 11:06 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 11:06 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 11:06 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 11:06 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 11:06 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 11:06 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 11:06 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 07:04 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-11 07:04 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-11 07:04 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-11 07:04 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-11 07:04 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-12-11 07:04 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-12-11 07:04 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
==================== One Month Modified Files and Folders =======
2014-01-01 11:03 - 2014-01-01 11:01 - 00026091 _____ C:\Users\Gisela\Desktop\FRST.txt
2014-01-01 10:54 - 2012-09-30 16:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 10:52 - 2012-09-12 18:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 10:52 - 2012-08-23 08:54 - 00000071 _____ C:\Windows\SysWOW64\ToasterLauncherLog.log
2014-01-01 10:52 - 2012-08-23 08:52 - 00000000 ____D C:\Users\Gisela\AppData\Local\SoftThinks
2014-01-01 10:52 - 2011-01-13 23:54 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2014-01-01 10:19 - 2013-12-29 21:15 - 00000296 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-01 10:19 - 2012-09-12 18:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 09:34 - 2009-07-14 06:10 - 01148079 _____ C:\Windows\WindowsUpdate.log
2014-01-01 09:22 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 09:22 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 09:21 - 2009-07-14 18:58 - 07327802 _____ C:\Windows\system32\perfh007.dat
2014-01-01 09:21 - 2009-07-14 18:58 - 02297970 _____ C:\Windows\system32\perfc007.dat
2014-01-01 09:21 - 2009-07-14 06:13 - 00006260 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-01 09:14 - 2011-01-13 16:33 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-01 09:14 - 2011-01-13 16:30 - 00211452 _____ C:\Windows\PFRO.log
2014-01-01 09:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 09:14 - 2009-07-14 05:51 - 00093556 _____ C:\Windows\setupact.log
2013-12-31 23:20 - 2012-08-23 08:54 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-12-31 15:39 - 2013-12-30 12:15 - 00000000 ____D C:\Users\Gisi\Downloads\TrojanerBoard
2013-12-31 15:36 - 2013-12-31 15:36 - 00891200 _____ C:\Users\Gisela\Downloads\SecurityCheck(1).exe
2013-12-31 15:35 - 2013-12-31 22:26 - 00891200 _____ C:\Users\Gisela\Desktop\SecurityCheck.exe
2013-12-31 15:35 - 2013-12-31 15:35 - 00891200 _____ C:\Users\Gisela\Downloads\SecurityCheck.exe
2013-12-31 15:12 - 2013-12-31 15:11 - 02347384 _____ (ESET) C:\Users\Gisi\Downloads\esetsmartinstaller_enu.exe
2013-12-31 09:26 - 2013-10-27 21:31 - 00000000 ____D C:\Users\Gisi\AppData\Local\Deployment
2013-12-30 18:47 - 2012-08-23 08:54 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-12-30 15:36 - 2013-12-30 15:36 - 00000024 _____ C:\Windows\FC995EB18B389A83.log
2013-12-30 15:33 - 2012-08-23 08:54 - 00004272 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-12-30 15:31 - 2012-08-23 11:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-12-30 15:30 - 2012-08-23 11:00 - 00000000 ____D C:\ProgramData\PCDr
2013-12-30 15:05 - 2013-12-30 15:05 - 00058833 _____ C:\Users\Gisela\Desktop\FRST_adm.txt
2013-12-30 15:03 - 2012-10-15 19:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-30 15:00 - 2013-02-26 20:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-30 14:59 - 2013-12-30 14:59 - 00001598 _____ C:\Users\Gisela\Desktop\JRT_adm.txt
2013-12-30 14:58 - 2013-12-30 14:58 - 00001598 _____ C:\Users\Gisela\Desktop\JRT.txt
2013-12-30 14:48 - 2013-12-30 14:48 - 00000000 ____D C:\Windows\ERUNT
2013-12-30 14:46 - 2013-12-30 14:46 - 00001405 _____ C:\Users\Gisela\Desktop\AdwCleaner[S1].txt
2013-12-30 14:45 - 2013-12-30 14:45 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\www.rene-zeidler.de
2013-12-30 14:45 - 2013-12-30 14:45 - 00000000 ____D C:\Users\Gisela\AppData\Local\www.rene-zeidler.de
2013-12-30 14:43 - 2013-12-30 10:21 - 00000000 ____D C:\AdwCleaner
2013-12-30 13:32 - 2013-12-16 22:51 - 00000040 _____ C:\ProgramData\.zreglib
2013-12-30 13:30 - 2013-12-30 13:30 - 00000000 ____D C:\Users\Gisela\Documents\Lexware
2013-12-30 12:09 - 2013-12-30 12:09 - 00000000 ____D C:\Users\Gisi\Desktop\Virus
2013-12-30 10:47 - 2013-12-30 10:47 - 00000626 _____ C:\Users\Gisela\Desktop\JRT_01.txt
2013-12-30 10:29 - 2012-10-12 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-30 10:28 - 2013-12-30 01:56 - 00000411 _____ C:\Users\Gisi\daemonprocess.txt
2013-12-30 10:24 - 2013-12-30 10:24 - 00022227 _____ C:\Users\Gisela\Desktop\AdwCleaner[R0].txt
2013-12-30 10:07 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\DigitalSites
2013-12-30 09:42 - 2013-06-05 06:19 - 00001103 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-30 09:42 - 2013-06-05 06:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-30 01:56 - 2012-08-23 10:29 - 00000000 ____D C:\Users\Gisi
2013-12-30 01:48 - 2013-12-29 21:15 - 00000137 _____ C:\Users\Gisela\daemonprocess.txt
2013-12-29 21:59 - 2013-12-29 21:59 - 00004247 _____ C:\Users\Gisela\Desktop\gmer.log
2013-12-29 21:47 - 2013-01-02 17:52 - 00000000 ____D C:\Users\Gisi\AppData\Local\Windows Live
2013-12-29 21:32 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Local\cache
2013-12-29 21:21 - 2014-01-01 11:00 - 01931302 _____ (Farbar) C:\Users\Gisela\Desktop\FRST64.exe
2013-12-29 21:21 - 2013-12-29 21:21 - 00000000 ____D C:\FRST
2013-12-29 21:18 - 2013-12-29 21:18 - 00000000 _____ C:\Users\Gisela\defogger_reenable
2013-12-29 21:18 - 2012-08-23 08:52 - 00000000 ____D C:\Users\Gisela
2013-12-29 21:16 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\.android
2013-12-29 21:15 - 2013-12-29 21:15 - 00003240 _____ C:\Windows\System32\Tasks\Digital Sites
2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\0D0S1L2Z1P1B
2013-12-29 21:15 - 2013-12-29 21:15 - 00000000 ____D C:\Users\Gisela\AppData\Local\genienext
2013-12-29 21:07 - 2013-10-20 11:21 - 00237568 ___SH C:\Users\Gisi\Desktop\Thumbs.db
2013-12-29 21:07 - 2012-11-11 17:36 - 00000000 ____D C:\Users\Gisi\Desktop\Bilder
2013-12-29 18:37 - 2013-12-29 18:37 - 00188000 _____ C:\Users\Gisi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-27 22:33 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\Updater
2013-12-27 22:33 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-27 19:25 - 2013-12-27 19:25 - 00000000 ____D C:\Users\Gisela\Mein Backup Datei
2013-12-27 19:18 - 2013-12-27 19:18 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisela\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.34311595515392672.1.1.Run.exe
2013-12-27 19:16 - 2013-12-27 19:16 - 00000000 ____D C:\Users\Gisela\AppData\Local\Macromedia
2013-12-27 19:13 - 2012-11-16 21:07 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Lexware
2013-12-27 19:13 - 2012-08-23 08:54 - 00001415 _____ C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-27 19:13 - 2012-08-23 08:54 - 00000000 ___RD C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-27 19:13 - 2012-08-23 08:52 - 00000000 ___RD C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-26 14:47 - 2013-12-26 14:47 - 00347816 _____ (Microsoft Corporation) C:\Users\Gisi\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.196311478738175353.1.1.Run.exe
2013-12-25 15:08 - 2012-12-20 07:24 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Skype
2013-12-25 13:44 - 2011-01-13 23:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-25 13:44 - 2011-01-13 23:55 - 00000000 ____D C:\ProgramData\Skype
2013-12-25 11:41 - 2012-09-16 17:15 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-25 11:33 - 2013-12-25 11:32 - 24097311 _____ C:\Users\Gisi\Downloads\vlc-2.1.2-win32.exe
2013-12-25 11:28 - 2013-12-25 11:20 - 00000000 ____D C:\ProgramData\Oracle
2013-12-25 11:27 - 2013-12-25 11:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-25 11:27 - 2012-10-21 16:49 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-25 11:27 - 2012-10-21 16:49 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-25 11:27 - 2012-10-21 16:49 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-25 11:27 - 2012-10-21 16:49 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-25 11:25 - 2013-12-25 11:24 - 29040552 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-i586.exe
2013-12-25 11:23 - 2013-12-25 11:22 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64(1).exe
2013-12-25 11:22 - 2013-12-25 11:22 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Oracle
2013-12-25 11:20 - 2013-12-25 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-25 11:20 - 2013-12-25 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-25 11:20 - 2013-12-25 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files\Java
2013-12-25 11:18 - 2013-12-25 11:17 - 30694824 _____ (Oracle Corporation) C:\Users\Gisi\Downloads\jre-7u45-windows-x64.exe
2013-12-25 10:57 - 2013-06-05 22:16 - 00000000 ____D C:\ProgramData\BlueStacks
2013-12-25 10:57 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-23 15:57 - 2013-05-14 20:54 - 00049817 _____ C:\Users\Gisi\Documents\Gisis_Bücherverwaltung.bookcook
2013-12-23 09:42 - 2012-08-23 20:05 - 00000000 ____D C:\Users\Gisi\Documents\Vermögensspiegel
2013-12-19 20:15 - 2013-12-19 20:15 - 00004704 _____ C:\Users\Gisi\Documents\cc_20131219_201531.reg
2013-12-19 07:22 - 2012-08-23 20:04 - 00000000 ____D C:\Users\Gisi\Documents\Förderverein Eugen-Bolz-Grundschule
2013-12-18 21:03 - 2012-08-23 20:04 - 00000000 ____D C:\Users\Gisi\Documents\Erbengemeinschaft
2013-12-17 18:43 - 2013-12-17 18:43 - 00002136 _____ C:\Users\Public\Desktop\Samsung New PC Studio.lnk
2013-12-17 18:43 - 2012-09-27 19:40 - 00000000 ___HD C:\Users\Gisela\AppData\Local\Downloaded Installations
2013-12-17 18:43 - 2012-08-23 08:52 - 00188000 ____H C:\Users\Gisela\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-17 18:38 - 2012-09-27 22:11 - 00000000 ____D C:\Users\Gisela\Documents\samsung
2013-12-17 18:29 - 2012-10-03 11:16 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2013-12-17 18:25 - 2013-12-17 18:18 - 173838160 _____ C:\Users\Gisi\Downloads\New_PC_Studio_1.5.1.10064_2.exe
2013-12-17 17:59 - 2012-11-25 16:02 - 00000000 ____D C:\Users\Gisi\Desktop\Baum
2013-12-17 17:53 - 2013-12-17 17:53 - 00002020 _____ C:\Users\Gisi\Desktop\Anpassen Fences.lnk
2013-12-17 17:53 - 2013-12-17 17:53 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Stardock
2013-12-17 17:52 - 2013-12-17 17:52 - 00002020 _____ C:\Users\Gisela\Desktop\Anpassen Fences.lnk
2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 __HDC C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Stardock
2013-12-17 17:52 - 2013-12-17 17:52 - 00000000 ____D C:\Program Files (x86)\Stardock
2013-12-17 17:51 - 2013-12-17 17:50 - 09477848 _____ (Stardock Corporation ) C:\Users\Gisi\Downloads\fences101_public.exe
2013-12-17 16:34 - 2012-09-16 17:16 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\vlc
2013-12-17 16:31 - 2013-12-16 23:40 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\dvdcss
2013-12-17 15:44 - 2011-01-14 00:12 - 00000000 ____D C:\ProgramData\Sonic
2013-12-17 15:43 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-16 23:40 - 2012-08-23 10:30 - 00000000 ____D C:\Users\Gisi\AppData\Roaming\Roxio
2013-12-16 23:39 - 2013-12-16 23:39 - 00000000 ____D C:\Users\Gisi\AppData\Local\Sonic_Solutions
2013-12-16 22:53 - 2013-12-16 22:53 - 00000000 ____D C:\Users\Gisi\Documents\AnyDVDHD
2013-12-16 22:50 - 2013-07-16 17:16 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\ProgramData\SlySoft
2013-12-16 22:48 - 2013-12-16 22:48 - 00000000 ____D C:\Program Files (x86)\SlySoft
2013-12-16 22:47 - 2013-12-16 22:47 - 10518000 _____ C:\Users\Gisi\Downloads\SetupAnyDVD7380.exe
2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisi\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk
2013-12-16 22:39 - 2013-12-16 22:39 - 00001072 _____ C:\Users\Gisela\Desktop\DVD Shrink 3.2 deutsch (DeCSS-frei).lnk
2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\ProgramData\DVD Shrink
2013-12-16 22:39 - 2013-12-16 22:39 - 00000000 ____D C:\Program Files (x86)\DVD Shrink DE
2013-12-16 22:38 - 2013-12-16 22:38 - 01258692 _____ (DVD Shrink ) C:\Users\Gisi\Downloads\dvdshrink1.31.21.de1._decss-frei_1.setup1.exe
2013-12-16 22:02 - 2013-12-16 22:02 - 00000000 ____D C:\Users\Gisela\AppData\Roaming\Canneverbe Limited
2013-12-16 22:02 - 2013-07-16 17:16 - 00001943 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-12-16 22:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-12-16 21:58 - 2013-11-23 21:25 - 00002908 _____ C:\Users\Public\Desktop\Quicken 2014.lnk
2013-12-14 19:42 - 2013-07-14 21:31 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 19:38 - 2012-08-23 11:33 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 22:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 18:34 - 2012-08-23 20:04 - 00000000 ____D C:\Users\Gisi\Desktop\Notizen
2013-12-12 18:32 - 2009-07-14 05:45 - 00637360 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 13:54 - 2012-09-30 16:23 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 13:54 - 2012-09-07 08:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 13:54 - 2012-09-07 08:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 07:15 - 2012-09-12 18:25 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-11 06:40 - 2013-10-27 21:32 - 00004687 _____ C:\Windows\avmacc.log
2013-12-08 12:23 - 2011-01-14 00:07 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-08 07:33 - 2013-04-14 07:38 - 00000000 ____D C:\Users\Gisi\AppData\Local\FreePDF_XP
2013-12-06 20:58 - 2013-06-09 14:01 - 00007168 _____ C:\Users\Gisi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-06 15:25 - 2012-08-23 20:03 - 00000000 ____D C:\Users\Gisi\Documents\Buddhismus
2013-12-06 12:07 - 2012-09-12 18:25 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 12:07 - 2012-09-12 18:25 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Some content of TEMP:
====================
C:\Users\Gisela\AppData\Local\Temp\bdfilters.dll
C:\Users\Gisela\AppData\Local\Temp\d5loum5d.dll
C:\Users\Gisela\AppData\Local\Temp\Execute2App.exe
C:\Users\Gisela\AppData\Local\Temp\GdiPlus.dll
C:\Users\Gisela\AppData\Local\Temp\HssInstaller64.exe
C:\Users\Gisela\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Gisela\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\Gisela\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\Gisela\AppData\Local\Temp\m2oeqbr4.dll
C:\Users\Gisela\AppData\Local\Temp\MSNFB04.exe
C:\Users\Gisela\AppData\Local\Temp\msvcp90.dll
C:\Users\Gisela\AppData\Local\Temp\msvcr90.dll
C:\Users\Gisela\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\Gisela\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\Gisela\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Gisela\AppData\Local\Temp\Quarantine.exe
C:\Users\Gisela\AppData\Local\Temp\Setup.x64.de-DE_ProPlusRetail_R3PKH-82NF2-VCGB7-2P366-P7GXQ_act_1_.exe
C:\Users\Gisela\AppData\Local\Temp\Setup.x86.de-DE_ProPlusRetail_R3PKH-82NF2-VCGB7-2P366-P7GXQ_act_1_.exe
C:\Users\Gisela\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Gisela\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Gisela\AppData\Local\Temp\vlc-2.0.2-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 00:44
==================== End Of Log ============================
Gruß Markus |
|
01.01.2014, 14:13
| #7 |
| /// the machine /// TB-Ausbilder | Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik Firefox und Thunderbird updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [ ] ()
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.01.2014, 22:06
| #8 |
| | Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik Hallo Schrauber, hier das FRST Log-file: Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2014
Ran by Gisela at 2014-01-01 21:29:53 Run:1
Running from C:\Users\Gisela\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [ ] ()
*****************
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
==== End of Fixlog ====
Markus Hallo, habe deine Anweisungen als Admin ausgeführt und auch tatsächlich keine grünen Linien mehr im Firefox. Als ich aber als User meiner Frau ins Internet bin hatte sich nichts verändert. Habe dann das Fixlist.txt nochmals unter der Anmeldung meiner Frau ausgeführt, ... bis jetzt o.k.! Werde das ganze noch 1-2 Tage beobachten und dann Rückmeldung geben. Erst mal vielen Dank.   Hier noch das zweite FRST File. Gruß Markus Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2014
Ran by Gisi at 2014-01-01 21:43:10 Run:2
Running from C:\Users\Gisi\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [ ] ()
*****************
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Error setting value.
==== End of Fixlog ====
Hat sich leider nichts verändert! Gruß Markus |
|
02.01.2014, 17:04
| #9 |
| /// the machine /// TB-Ausbilder | Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik In welchem Browser hast Du immer noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.01.2014, 19:56
| #10 |
| | Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik ... Ich hab IE und Firefox auf dem Rechner. Wir benutzen aber ausschließlich Firefox, in dem hab ich auch die Probleme. Hab gerade mal IE aufgemacht, soweit ich bis jetzt sehe läuft der ohne Probleme Gruß Markus |
|
03.01.2014, 12:39
| #11 |
| /// the machine /// TB-Ausbilder | Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik Firefox deinstallieren, keine DAten behalten, neu installieren. Dann nochmal testen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.01.2014, 11:27
| #12 |
| | Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik ... hab Firefox als Admin und als User über die Systemeinstellungen deinstalliert, habe auch alles von firefox unter dem Verzeichnis AppData etc. weggeschmissen, das räumt sich durch die "Deinstallation" nicht von alleine auf. Wieso sind nach Neuinstallation alle Lesezeichen und die komplette Leszeichensymbolleiste noch erhalten, die sollten doch alle weg sein oder,.. ich versteh's nicht! Hab ich's jetzt richtig gemacht oder nicht? Ich beobachte das ganze und melde mich morgen wieder! Gruß Markus ------------------------------------------------- Melde mich gleich,...... alles beim alten! grüne Schrift doppelt unterstrichen und Pop Ups von rechts. Gruß Markus ---------------------------------------------------------------------- hab jetzt alles nochmal deinstalliert. Danach für jeden Benutzer einzeln in den Verzeichnisse AppData und Aplication Data die Verzeichnisse Mozilla gelöscht, danach neustart! Dann Firefox nochmal installiert, ... jetzt sieht's besser aus. Bis jetzt keine Pop-Ups und keine grünen Linien. Ich warte mal den Sonntag noch ab, melde mich dann wieder! Gruß Markus |
|
05.01.2014, 11:42
| #13 |
| /// the machine /// TB-Ausbilder | Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.01.2014, 19:29
| #14 | |
| | Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik Hallo Schrauber, herzlichen Dank für Deine Unterstützung, habe den ganzen Sonntag und den Montag keine Probleme mehr gehabt, denke die Kiste ist wieder ganz gesund...  Könntest Du mir noch kurz eine Info zu folgender Frage beantworten? Habe bis jetzt jedenfalls noch keine Probleme auf diesen Geräten. Zitat:
Gruß Markus |
|
07.01.2014, 10:21
| #15 |
| /// the machine /// TB-Ausbilder | Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik Hi, nein, Adware verteilt sich nicht über das Netzwerk
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Intext Nav Link / Textstellen in grün und doppelt unterstrichen / unerwünschte POP-Ups und Musik |
| converter, desktop, device driver, dringend, failed, flash player, homepage, hotspot, mobogenie, mozilla, newtab, phishing, plug-in, pup.optional.installcore.a, pup.optional.jumpyapps, pup.optional.nextlive.a, pup.optional.updater, realtek, registry, security, software, super, svchost.exe, tablet, trojaner, wlan |
Linear-Darstellung
