|
Plagegeister aller Art und deren Bekämpfung: Extended Protection 2.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.01.2014, 17:24 | #1 |
| Extended Protection 2.1 Diese Erweiterung kommt immer wieder bei meinem chrome server auf obwohl ich es immer wieder entferne.... Außerdem öffnet er mir immer wieder diese hxxp://www.nationzoom.com/ seite als startseite, obwohl ich eine andere angegeben habe. kann mir einer sagen woran das liegt und was ich nun tun kann? Danke im Vorraus |
18.01.2014, 17:47 | #2 |
/// TB-Ausbilder | Extended Protection 2.1 Hallo,
__________________mach bitte einen FRST-Scan: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
19.01.2014, 18:27 | #3 |
| Extended Protection 2.1 FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014 03 Ran by steffen (administrator) on STEFFEN-PC on 19-01-2014 18:23:08 Running from C:\Users\steffen\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe () C:\Program Files\ICQ6Toolbar\ICQ Service.exe () C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe (pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (DoctorSoft) C:\Program Files\AnyPC Client\APLangApp.exe () C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Facebook Inc.) C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\steffen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [13834856 2010-02-09] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8129056 2009-12-26] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated) HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2482176 2010-02-22] () HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [UpdatePDRShortCut] - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM\...\Run: [APLangApp] - C:\Program Files\AnyPC Client\APLangApp.exe [13312 2009-11-20] (DoctorSoft) HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [Logan_S2P] - C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe [253952 2007-06-11] () HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [552960 2009-03-09] () HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation) HKCU\...\Run: [Facebook Update] - C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-24] (Facebook Inc.) HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-15] (Garmin Ltd or its subsidiaries) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKCU\...\Run: [NextLive] - C:\Users\steffen\AppData\Roaming\newnext.me\nengine.dll [1283584 2014-01-06] (NewNextDotMe) MountPoints2: F - F:\LaunchU3.exe -a MountPoints2: {6dc14340-db68-11df-9657-00245489d605} - F:\LaunchU3.exe -a AppInit_DLLs: => File Not Found Startup: C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\steffen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d4f7c117-3759-754d-6921-960c021e8dd8&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/01/2014&type=hp1000 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nation Zoom HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Nation Zoom HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d4f7c117-3759-754d-6921-960c021e8dd8&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/01/2014&type=hp1000 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390057011&from=tugs&uid=HitachiXHTS545032B9A300_100425PBN3031TKD80YRX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Nation Zoom HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Nation Zoom HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1390057011&from=tugs&uid=HitachiXHTS545032B9A300_100425PBN3031TKD80YRX&q={searchTerms} URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) URLSearchHook: HKLM - (No Name) - {adca5064-9e30-43fe-9856-58b07a3149fe} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe Nation Zoom SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390057011&from=tugs&uid=HitachiXHTS545032B9A300_100425PBN3031TKD80YRX&q={searchTerms} SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d4f7c117-3759-754d-6921-960c021e8dd8&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/01/2014&type=hp1000 SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390057011&from=tugs&uid=HitachiXHTS545032B9A300_100425PBN3031TKD80YRX&q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390057011&from=tugs&uid=HitachiXHTS545032B9A300_100425PBN3031TKD80YRX&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d4f7c117-3759-754d-6921-960c021e8dd8&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=09/01/2014&type=hp1000 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390057011&from=tugs&uid=HitachiXHTS545032B9A300_100425PBN3031TKD80YRX&q={searchTerms} SearchScopes: HKCU - {F09C2463-3A11-4976-AF62-CB3D8067B60D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3322950&CUI=UN12248898314691135&UM=2 BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: No Name - {adca5064-9e30-43fe-9856-58b07a3149fe} - No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {ADCA5064-9E30-43FE-9856-58B07A3149FE} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default FF NewTab: hxxp://www.nationzoom.com/newtab/?type=nt&ts=1390057011&from=tugs&uid=HitachiXHTS545032B9A300_100425PBN3031TKD80YRX FF DefaultSearchEngine: FreemiumA Customized Web Search FF SelectedSearchEngine: FreemiumA Customized Web Search FF Homepage: hxxp://www.nationzoom.com/?type=hp&ts=1390057011&from=tugs&uid=HitachiXHTS545032B9A300_100425PBN3031TKD80YRX FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3322950&SearchSource=2&CUI=UN35014252225894811&UM=2&q= FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\steffen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\searchplugins\conduit-search.xml FF SearchPlugin: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\searchplugins\freemiuma-customized-web-search.xml FF SearchPlugin: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\searchplugins\Web Search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\nationzoom.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Garmin Communicator - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-25] FF Extension: ICQ Toolbar - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-07-25] FF Extension: FreemiumA - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\{afa59d4f-18ec-4866-949b-f406270e15cb} [2014-01-18] FF Extension: WEB.DE MailCheck - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\toolbar@web.de.xpi [2013-09-02] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-16] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe Nation Zoom Chrome: ======= CHR HomePage: hxxp://www.nationzoom.com/?type=hp&ts=1390057011&from=tugs&uid=HitachiXHTS545032B9A300_100425PBN3031TKD80YRX CHR Extension: (Bookmark Manager) - C:\Users\steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-01-18] CHR Extension: (Google Wallet) - C:\Users\steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12] CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-12] CHR HKLM\...\Chrome\Extension: [dbgalemaidlifaeappogmgmgifhkfkee] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-12] CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-09-12] CHR HKLM\...\Chrome\Extension: [hkhjppglbhfdpdameiopkfoopdchkgef] - C:\Users\steffen\AppData\Local\CRE\hkhjppglbhfdpdameiopkfoopdchkgef.crx [2014-01-12] CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-01-18] CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\steffen\AppData\Local\Wajam\Chrome\wajam.crx [2012-10-05] CHR HKCU\...\Chrome\Extension: [hkhjppglbhfdpdameiopkfoopdchkgef] - C:\Users\steffen\AppData\Local\CRE\hkhjppglbhfdpdameiopkfoopdchkgef.crx [2014-01-12] CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe Nation Zoom CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG) R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-05-14] (Ellora Assets Corp.) R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-15] (Garmin Ltd or its subsidiaries) R2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [247096 2010-09-06] () R2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2010-02-10] () R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () ==================== Drivers (Whitelisted) ==================== R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [42416 2010-02-10] (ST Microelectronics) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG) R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.) S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2010-06-10] (Windows (R) 2003 DDK 3790 provider) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [14808 2009-11-02] () R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-19 18:22 - 2014-01-19 18:22 - 00024526 _____ C:\Users\steffen\Downloads\Addition.txt 2014-01-19 18:21 - 2014-01-19 18:23 - 00023722 _____ C:\Users\steffen\Downloads\FRST.txt 2014-01-19 18:21 - 2014-01-19 18:21 - 00000000 ____D C:\FRST 2014-01-19 18:20 - 2014-01-19 18:21 - 01221120 _____ (Farbar) C:\Users\steffen\Downloads\FRST.exe 2014-01-19 18:19 - 2014-01-19 18:20 - 02076672 _____ (Farbar) C:\Users\steffen\Downloads\FRST64.exe 2014-01-19 11:41 - 2014-01-19 11:43 - 00000000 ____D C:\Users\steffen\Desktop\Gruppenarbeit Entfaltung 2014-01-19 11:40 - 2014-01-19 11:41 - 00000000 ____D C:\Users\steffen\Desktop\Musik-referat 2014-01-18 16:20 - 2014-01-18 16:20 - 00001085 _____ C:\Users\steffen\Desktop\Continue VuuPC Installation.lnk 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\OpenOffice 2014-01-18 16:10 - 2014-01-18 16:48 - 00000000 ____D C:\Program Files\Optimizer Pro 2014-01-18 16:10 - 2014-01-18 16:10 - 00000000 ____D C:\Users\steffen\Documents\Optimizer Pro 2014-01-18 16:04 - 2014-01-18 16:04 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk 2014-01-18 16:02 - 2014-01-18 16:14 - 00000000 ____D C:\Program Files\OpenOffice 4 2014-01-18 16:01 - 2014-01-18 16:02 - 00000000 ____D C:\Users\steffen\Desktop\OpenOffice 4.0.0 (en-US) Installation Files 2014-01-18 15:59 - 2014-01-18 16:48 - 00000000 ____D C:\Program Files\MyPC Backup 2014-01-18 15:58 - 2014-01-19 18:15 - 00000000 ____D C:\Users\steffen\AppData\Roaming\newnext.me 2014-01-18 15:58 - 2014-01-18 16:54 - 00000000 ____D C:\Users\steffen\AppData\Local\Mobogenie 2014-01-18 15:58 - 2014-01-18 16:11 - 00000000 ____D C:\Users\steffen\AppData\Local\genienext 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\Documents\Mobogenie 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\AppData\Local\cache 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\.android 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 _____ C:\Users\steffen\daemonprocess.txt 2014-01-18 15:57 - 2014-01-18 16:54 - 00000000 ____D C:\Program Files\Mobogenie 2014-01-18 15:57 - 2014-01-18 15:59 - 00000000 ____D C:\Users\steffen\AppData\Local\Lollipop 2014-01-18 15:57 - 2014-01-18 15:59 - 00000000 ____D C:\ProgramData\WPM 2014-01-18 10:39 - 2014-01-18 10:39 - 00000000 ____D C:\windows\system32\SearchProtect 2014-01-18 10:39 - 2014-01-18 10:39 - 00000000 ____D C:\Program Files\Conduit 2014-01-18 10:38 - 2014-01-18 11:27 - 00000000 ____D C:\Users\steffen\AppData\Local\Conduit 2014-01-18 10:38 - 2014-01-18 10:38 - 00000000 ____D C:\Users\steffen\AppData\Local\NativeMessaging 2014-01-18 10:38 - 2014-01-18 10:38 - 00000000 ____D C:\Users\steffen\AppData\Local\CRE 2014-01-18 10:38 - 2014-01-18 10:38 - 00000000 ____D C:\ProgramData\Conduit 2014-01-18 10:37 - 2014-01-18 10:37 - 00000000 ____D C:\Users\steffen\AppData\Local\DownloadGuide 2014-01-18 10:36 - 2014-01-18 11:25 - 00000000 ____D C:\Program Files\Sweet Home 3D 2014-01-18 10:35 - 2014-01-18 10:36 - 33746304 _____ (eTeks ) C:\Users\steffen\Desktop\SweetHome3D-4-2-windows-oc.exe 2014-01-15 21:53 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-01-15 21:53 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys 2014-01-15 21:53 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-01-14 13:14 - 2014-01-14 13:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-01-10 12:00 - 2014-01-11 11:01 - 00000000 ____D C:\Users\steffen\Desktop\LI 2014-01-09 11:52 - 2014-01-18 15:56 - 00001336 _____ C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-01-09 10:49 - 2014-01-09 11:16 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 ____D C:\Users\steffen\AppData\Roaming\TuneUp Software 2014-01-09 10:45 - 2014-01-18 16:55 - 00000000 ____D C:\Users\steffen\AppData\Roaming\DVDVideoSoft 2014-01-03 23:08 - 2014-01-06 11:49 - 00000000 ____D C:\Users\steffen\Documents\Ahnenblatt 2014-01-03 23:08 - 2014-01-06 11:49 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Ahnenblatt 2014-01-03 22:27 - 2014-01-03 22:29 - 00000000 ____D C:\Users\steffen\Documents\MyHeritage 2014-01-03 22:26 - 2004-12-07 11:11 - 00258352 _____ (Microsoft Corporation) C:\windows\system32\unicows.dll 2014-01-03 22:25 - 2014-01-06 11:49 - 00000000 ____D C:\Program Files\MyHeritage 2014-01-03 13:10 - 2014-01-06 11:47 - 00000444 __RSH C:\Users\steffen\ntuser.pol 2014-01-03 13:10 - 2014-01-03 13:10 - 00001072 _____ C:\Users\Public\Desktop\Finale NotePad 2012.lnk 2014-01-03 13:09 - 2014-01-03 13:10 - 00000000 ____D C:\Program Files\Finale NotePad 2012 2014-01-03 13:07 - 2014-01-03 13:09 - 103516232 _____ (MakeMusic) C:\Users\steffen\Desktop\InstallFinaleNotePad2012.exe 2014-01-03 11:46 - 2014-01-03 11:47 - 00000000 ____D C:\Users\steffen\.lilypond-fonts.cache-2 2014-01-03 11:36 - 2014-01-03 11:36 - 00000027 _____ C:\windows\{_ini} 2014-01-03 11:36 - 2014-01-03 11:36 - 00000000 ____D C:\Users\steffen\Documents\schobuk 2013-12-20 13:36 - 2013-12-20 13:37 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-01-19 18:23 - 2014-01-19 18:21 - 00023722 _____ C:\Users\steffen\Downloads\FRST.txt 2014-01-19 18:22 - 2014-01-19 18:22 - 00024526 _____ C:\Users\steffen\Downloads\Addition.txt 2014-01-19 18:21 - 2014-01-19 18:21 - 00000000 ____D C:\FRST 2014-01-19 18:21 - 2014-01-19 18:20 - 01221120 _____ (Farbar) C:\Users\steffen\Downloads\FRST.exe 2014-01-19 18:20 - 2014-01-19 18:19 - 02076672 _____ (Farbar) C:\Users\steffen\Downloads\FRST64.exe 2014-01-19 18:15 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\AppData\Roaming\newnext.me 2014-01-19 18:15 - 2013-09-02 21:06 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Skype 2014-01-19 18:15 - 2010-03-16 18:54 - 01737347 _____ C:\windows\WindowsUpdate.log 2014-01-19 11:43 - 2014-01-19 11:41 - 00000000 ____D C:\Users\steffen\Desktop\Gruppenarbeit Entfaltung 2014-01-19 11:41 - 2014-01-19 11:40 - 00000000 ____D C:\Users\steffen\Desktop\Musik-referat 2014-01-19 11:41 - 2013-12-12 11:34 - 00119296 ___SH C:\Users\steffen\Desktop\Thumbs.db 2014-01-19 11:33 - 2009-07-14 05:34 - 00014752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-19 11:33 - 2009-07-14 05:34 - 00014752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-19 11:27 - 2011-07-18 15:16 - 00000000 ___RD C:\Users\steffen\Dropbox 2014-01-19 11:27 - 2011-07-18 15:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Dropbox 2014-01-19 11:25 - 2010-08-04 11:26 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-01-19 11:24 - 2013-06-10 17:03 - 00015729 _____ C:\windows\setupact.log 2014-01-19 11:24 - 2010-03-16 03:04 - 00787534 _____ C:\windows\PFRO.log 2014-01-19 11:24 - 2009-07-14 05:33 - 00478064 _____ C:\windows\system32\FNTCACHE.DAT 2014-01-18 16:55 - 2014-01-09 10:45 - 00000000 ____D C:\Users\steffen\AppData\Roaming\DVDVideoSoft 2014-01-18 16:54 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\AppData\Local\Mobogenie 2014-01-18 16:54 - 2014-01-18 15:57 - 00000000 ____D C:\Program Files\Mobogenie 2014-01-18 16:48 - 2014-01-18 16:10 - 00000000 ____D C:\Program Files\Optimizer Pro 2014-01-18 16:48 - 2014-01-18 15:59 - 00000000 ____D C:\Program Files\MyPC Backup 2014-01-18 16:20 - 2014-01-18 16:20 - 00001085 _____ C:\Users\steffen\Desktop\Continue VuuPC Installation.lnk 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\OpenOffice 2014-01-18 16:14 - 2014-01-18 16:02 - 00000000 ____D C:\Program Files\OpenOffice 4 2014-01-18 16:11 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\AppData\Local\genienext 2014-01-18 16:10 - 2014-01-18 16:10 - 00000000 ____D C:\Users\steffen\Documents\Optimizer Pro 2014-01-18 16:08 - 2010-08-04 11:36 - 00138224 _____ C:\Users\steffen\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-18 16:04 - 2014-01-18 16:04 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk 2014-01-18 16:02 - 2014-01-18 16:01 - 00000000 ____D C:\Users\steffen\Desktop\OpenOffice 4.0.0 (en-US) Installation Files 2014-01-18 15:59 - 2014-01-18 15:57 - 00000000 ____D C:\Users\steffen\AppData\Local\Lollipop 2014-01-18 15:59 - 2014-01-18 15:57 - 00000000 ____D C:\ProgramData\WPM 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\Documents\Mobogenie 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\AppData\Local\cache 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\.android 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 _____ C:\Users\steffen\daemonprocess.txt 2014-01-18 15:56 - 2014-01-09 11:52 - 00001336 _____ C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-01-18 15:56 - 2013-09-12 08:38 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-18 15:56 - 2010-08-04 17:09 - 00001323 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-01-18 15:56 - 2010-08-04 11:46 - 00001627 _____ C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-18 11:27 - 2014-01-18 10:38 - 00000000 ____D C:\Users\steffen\AppData\Local\Conduit 2014-01-18 11:25 - 2014-01-18 10:36 - 00000000 ____D C:\Program Files\Sweet Home 3D 2014-01-18 10:39 - 2014-01-18 10:39 - 00000000 ____D C:\windows\system32\SearchProtect 2014-01-18 10:39 - 2014-01-18 10:39 - 00000000 ____D C:\Program Files\Conduit 2014-01-18 10:38 - 2014-01-18 10:38 - 00000000 ____D C:\Users\steffen\AppData\Local\NativeMessaging 2014-01-18 10:38 - 2014-01-18 10:38 - 00000000 ____D C:\Users\steffen\AppData\Local\CRE 2014-01-18 10:38 - 2014-01-18 10:38 - 00000000 ____D C:\ProgramData\Conduit 2014-01-18 10:37 - 2014-01-18 10:37 - 00000000 ____D C:\Users\steffen\AppData\Local\DownloadGuide 2014-01-18 10:36 - 2014-01-18 10:35 - 33746304 _____ (eTeks ) C:\Users\steffen\Desktop\SweetHome3D-4-2-windows-oc.exe 2014-01-17 22:05 - 2013-08-03 20:45 - 00000000 ____D C:\Users\steffen\Desktop\JULE + JENS 2014-01-17 14:23 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\NDF 2014-01-17 13:55 - 2013-03-20 20:35 - 00000000 ____D C:\Users\steffen\Meins 2014-01-16 11:17 - 2013-05-13 10:35 - 00000000 ____D C:\Users\steffen\Desktop\Jens 2014-01-16 08:58 - 2011-07-18 15:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-15 22:22 - 2013-08-20 16:45 - 00000000 ____D C:\windows\system32\MRT 2014-01-15 22:20 - 2010-10-21 12:35 - 83425928 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-01-14 13:14 - 2014-01-14 13:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-01-11 11:01 - 2014-01-10 12:00 - 00000000 ____D C:\Users\steffen\Desktop\LI 2014-01-10 11:20 - 2009-07-26 21:06 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI 2014-01-09 11:16 - 2014-01-09 10:49 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 ____D C:\Users\steffen\AppData\Roaming\TuneUp Software 2014-01-09 10:47 - 2011-02-04 19:04 - 00000000 ____D C:\Program Files\Freemake 2014-01-09 10:46 - 2011-02-04 18:17 - 00000000 ____D C:\Users\steffen\Documents\DVDVideoSoft 2014-01-09 10:45 - 2013-05-24 09:42 - 00000000 ____D C:\Users\steffen\AppData\Roaming\OpenCandy 2014-01-06 21:49 - 2010-12-02 09:01 - 00132216 _____ C:\Users\steffen\AppData\Roaming\GDIPFONTCACHEV1.DAT 2014-01-06 11:49 - 2014-01-03 23:08 - 00000000 ____D C:\Users\steffen\Documents\Ahnenblatt 2014-01-06 11:49 - 2014-01-03 23:08 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Ahnenblatt 2014-01-06 11:49 - 2014-01-03 22:25 - 00000000 ____D C:\Program Files\MyHeritage 2014-01-06 11:47 - 2014-01-03 13:10 - 00000444 __RSH C:\Users\steffen\ntuser.pol 2014-01-03 22:29 - 2014-01-03 22:27 - 00000000 ____D C:\Users\steffen\Documents\MyHeritage 2014-01-03 13:10 - 2014-01-03 13:10 - 00001072 _____ C:\Users\Public\Desktop\Finale NotePad 2012.lnk 2014-01-03 13:10 - 2014-01-03 13:09 - 00000000 ____D C:\Program Files\Finale NotePad 2012 2014-01-03 13:10 - 2009-07-14 03:37 - 00000000 ___HD C:\windows\system32\GroupPolicy 2014-01-03 13:09 - 2014-01-03 13:07 - 103516232 _____ (MakeMusic) C:\Users\steffen\Desktop\InstallFinaleNotePad2012.exe 2014-01-03 11:47 - 2014-01-03 11:46 - 00000000 ____D C:\Users\steffen\.lilypond-fonts.cache-2 2014-01-03 11:38 - 2009-07-14 05:52 - 00000000 ____D C:\windows\system32\FxsTmp 2014-01-03 11:36 - 2014-01-03 11:36 - 00000027 _____ C:\windows\{_ini} 2014-01-03 11:36 - 2014-01-03 11:36 - 00000000 ____D C:\Users\steffen\Documents\schobuk 2014-01-03 09:53 - 2012-05-15 10:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-12-20 13:37 - 2013-12-20 13:36 - 00000000 ____D C:\Program Files\Mozilla Firefox Some content of TEMP: ==================== C:\Users\steffen\AppData\Local\Temp\avgnt.exe C:\Users\steffen\AppData\Local\Temp\BackupSetup.exe C:\Users\steffen\AppData\Local\Temp\detectionapi_rd.dll C:\Users\steffen\AppData\Local\Temp\directx9tests_rd.dll C:\Users\steffen\AppData\Local\Temp\DLG_shopping-toolbar_softonic_de-DE.exe C:\Users\steffen\AppData\Local\Temp\DseShExt-x86.dll C:\Users\steffen\AppData\Local\Temp\eauninstall.exe C:\Users\steffen\AppData\Local\Temp\ICReinstall_Setup.exe C:\Users\steffen\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe C:\Users\steffen\AppData\Local\Temp\iobwnedxjvdevl.exe C:\Users\steffen\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\steffen\AppData\Local\Temp\local.dll C:\Users\steffen\AppData\Local\Temp\mfc80.dll C:\Users\steffen\AppData\Local\Temp\mfc80u.dll C:\Users\steffen\AppData\Local\Temp\mfcm80.dll C:\Users\steffen\AppData\Local\Temp\mfcm80u.dll C:\Users\steffen\AppData\Local\Temp\msvcm80.dll C:\Users\steffen\AppData\Local\Temp\msvcp80.dll C:\Users\steffen\AppData\Local\Temp\msvcr80.dll C:\Users\steffen\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe C:\Users\steffen\AppData\Local\Temp\nsb634B.exe C:\Users\steffen\AppData\Local\Temp\nsbBB08.exe C:\Users\steffen\AppData\Local\Temp\nsdF99F.exe C:\Users\steffen\AppData\Local\Temp\nsg5563.exe C:\Users\steffen\AppData\Local\Temp\nsqD693.exe C:\Users\steffen\AppData\Local\Temp\nsqF33A.exe C:\Users\steffen\AppData\Local\Temp\nswD3E8.exe C:\Users\steffen\AppData\Local\Temp\schobuk.exe C:\Users\steffen\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\steffen\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe C:\Users\steffen\AppData\Local\Temp\SPStub.exe C:\Users\steffen\AppData\Local\Temp\tbFree.dll C:\Users\steffen\AppData\Local\Temp\uninst1.exe C:\Users\steffen\AppData\Local\Temp\vcredist_x86.exe C:\Users\steffen\AppData\Local\Temp\VIS_DE-2013-12-13.exe C:\Users\steffen\AppData\Local\Temp\VIS_DE-2013-12-13[1].exe C:\Users\steffen\AppData\Local\Temp\_is777F.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-04 12:11 ==================== End Of Log ============================ --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2014 03 Ran by steffen at 2014-01-19 18:23:35 Running from C:\Users\steffen\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Accelerometer (Version: 1.06.08.45 - STMicroelectronics) Adobe Flash Player 10 ActiveX (Version: 10.0.42.34 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03 - Adobe Systems Incorporated) AnyPC Client (Version: 1.0.0.25 - Doctorsoft) Apple Application Support (Version: 2.3.4 - Apple Inc.) Apple Software Update (Version: 2.1.3.127 - Apple Inc.) Atheros Client Installation Program (Version: 1.0.2.1119 - Atheros) Avira Free Antivirus (Version: 14.0.2.286 - Avira) BatteryLifeExtender (Version: 1.0.1 - Samsung) Brother MFL-Pro Suite MFC-5890CN (Version: 1.0.1.0 - Brother Industries, Ltd.) ChargeableUSB (Version: 1.0.0.0 - SAMSUNG) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink DVD Suite (Version: 6.0.2806 - CyberLink Corp.) CyberLink DVD Suite (Version: 6.0.2806 - CyberLink Corp.) Hidden CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) Hidden CyberLink Power2Go (Version: 6.0.3108a - CyberLink Corp.) CyberLink Power2Go (Version: 6.0.3108a - CyberLink Corp.) Hidden CyberLink PowerDirector (Version: 7.0.3213 - CyberLink Corp.) CyberLink PowerDirector (Version: 7.0.3213 - CyberLink Corp.) Hidden CyberLink PowerDVD 8 (Version: 8.0.2815b - CyberLink Corp.) CyberLink PowerDVD 8 (Version: 8.0.2815b - CyberLink Corp.) Hidden CyberLink PowerProducer (Version: 5.0.1.1812 - CyberLink Corp.) CyberLink PowerProducer (Version: 5.0.1.1812 - CyberLink Corp.) Hidden CyberLink YouCam (Version: 2.0.3707 - CyberLink Corp.) CyberLink YouCam (Version: 2.0.3707 - CyberLink Corp.) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden dm-Fotowelt (Version: 5.1.2 - CEWE COLOR AG u Co. OHG) Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.) Easy Display Manager (Version: 3.1 - Samsung Electronics Co., Ltd.) Easy Network Manager (Version: 4.2.8 - Samsung) Easy SpeedUp Manager (Version: 3.0.0.6 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (Version: 4.0.0.3 - Samsung) Elevated Installer (Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden f4 2012 (Version: - audiotranskription.de) Facebook Video Calling 2.0.0.447 (Version: 2.0.447 - Skype Limited) Finale NotePad 2012 (Version: 2012..r1.1 - MakeMusic) FreeMake Toolbar (Version: 6.8.9.0 - FreeMake) Freemake Video Downloader (Version: 3.5.1 - Ellora Assets Corporation) Garmin Express (Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden Garmin Update Service (Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (Version: 32.0.1700.76 - Google Inc.) Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden ICQ Toolbar (Version: 3.0.0 - ICQ) ICQ7.6 (Version: 7.6 - ICQ) Intel PROSet Wireless (Version: - ) Hidden Intel(R) PROSet/Wireless WiFi Software (Version: 13.01.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 9.5.4.1001 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (Version: 01.01.01.1007 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor (Version: 1.0.186.6 - Intel) Java 7 Update 45 (Version: 7.0.450 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Korean Fonts Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated) LSI HDA Modem (Version: 2.2.97 - LSI Corporation) Marvell Miniport Driver (Version: 11.22.3.3 - Marvell) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (Version: 12.0.6423.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (Version: 2.9 - Microsoft Corporation) Microsoft Office XP Professional mit FrontPage (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server Native Client (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (Version: 26.0 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Drivers (Version: 1.10 - NVIDIA Corporation) OpenOffice 4.0.0 (Version: 4.00.9702 - Apache Software Foundation) PaperPort Image Printer (Version: 1.00.0000 - Nuance Communications, Inc.) PDF Architect (Version: 1.0.52.8917 - pdfforge) PDF24 Creator 5.7.0 (Version: - PDF24.org) PDFCreator (Version: 1.6.2 - pdfforge) PerfectTablePlan 5.1.1 (Version: - Oryx Digital Ltd) QuickTime (Version: 7.74.80.86 - Apple Inc.) Readiris Pro 10 (Version: - ) Realtek High Definition Audio Driver (Version: 6.0.1.6013 - Realtek Semiconductor Corp.) Samsung Recovery Solution 4 (Version: 4.0.0.6 - Samsung) Samsung SCX-4500 Series (Version: - Samsung Electronics CO.,LTD) Samsung Support Center (Version: 1.1.0 - Samsung) Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., Ltd.) ScanSoft PaperPort 11 (Version: 11.2.0000 - Nuance Communications, Inc.) Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.) SmarThru 4 (Version: - ) Synaptics Pointing Device Driver (Version: 14.0.10.0 - Synaptics Incorporated) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.3042.00 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation) User Guide (Version: 1.0 - ) VLC media player 1.1.11 (Version: 1.1.11 - VideoLAN) WIDCOMM Bluetooth Software (Version: 6.2.1.800 - Broadcom Corporation) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Sync (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden WinPcap 4.1.2 (Version: 4.1.0.2001 - CACE Technologies) WinRAR (Version: - ) ==================== Restore Points ========================= 18-12-2013 21:10:45 Windows Update 09-01-2014 10:50:08 TuneUp Utilities 2014 wird entfernt 09-01-2014 10:51:49 TuneUp Utilities 2014 (de-DE) wird entfernt 15-01-2014 21:20:02 Windows Update 18-01-2014 14:58:09 Uniblue SpeedUpMyPC installation 18-01-2014 15:02:29 Installed OpenOffice 4.0.0 ==================== Hosts content: ========================== 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1379FE3F-3A28-471E-A420-4BBEFA912DF4} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] () Task: {1D995AB7-A868-46D6-B50A-F678CD63D5BD} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.) Task: {326A118E-3AB9-4E19-A6AB-0A09EA2CDCD3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2096383324-2889373705-592675725-1000Core => C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-24] (Facebook Inc.) Task: {436946A4-8016-4CCF-A9D0-B121190C28F6} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {45A8B007-B1CC-4157-84B1-CA0047D07A90} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-12-14] (SAMSUNG Electronics) Task: {5150384C-4986-4253-AF59-E5ADEBD8A293} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-03-05] (Samsung Electronics Co., Ltd.) Task: {56341EF7-7330-46B6-A1EA-5A1A593630EC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2096383324-2889373705-592675725-1000UA => C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-24] (Facebook Inc.) Task: {5ECEBFCF-DB4E-49FA-B5BE-97C2342E335D} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.) Task: {80F05905-E34E-47E4-9393-95B8E9626536} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-11-11] (Samsung Electronics Co., Ltd.) Task: {94F4355D-9C5F-4245-ACB0-7F50F606F001} - System32\Tasks\APSchedulerC => C:\Program Files\AnyPC Client\APLanMgrC.exe [2009-11-20] (DoctorSoft) Task: {C8488655-83F7-4B5C-87D3-B9AC1CF3C90E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-13] (Adobe Systems Incorporated) Task: {D1D7C3E2-BA2F-4B5D-9A71-2521A563B035} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2096383324-2889373705-592675725-1000Core.job => C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2096383324-2889373705-592675725-1000UA.job => C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cef0f5cccf2e3e.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-10-30 04:08 - 2009-10-30 04:08 - 00022723 _____ () C:\windows\System32\ml163sl3.dll 2010-08-04 21:14 - 2007-01-11 04:28 - 00022723 _____ () C:\windows\System32\sx450sl3.dll 2012-12-20 09:48 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 2011-01-05 10:57 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll 2011-01-05 10:57 - 2002-11-26 13:43 - 00106496 ____N () C:\windows\system32\BrMuSNMP.dll 2010-11-11 16:48 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll 2009-06-03 12:59 - 2009-06-03 12:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll 2009-06-03 12:59 - 2009-06-03 12:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll 2010-08-04 21:17 - 2007-01-09 11:29 - 00184320 _____ () C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\IMFilter.dll 2010-08-04 21:17 - 2007-01-09 11:30 - 01384520 _____ () C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\ssole.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\steffen\AppData\Roaming\Dropbox\bin\libcef.dll 2014-01-16 08:27 - 2014-01-11 11:28 - 00715544 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\libglesv2.dll 2014-01-16 08:27 - 2014-01-11 11:28 - 00100120 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\libegl.dll 2014-01-16 08:27 - 2014-01-11 11:29 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll 2014-01-16 08:27 - 2014-01-11 11:29 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll 2014-01-16 08:27 - 2014-01-11 11:28 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll 2014-01-16 08:27 - 2014-01-11 11:29 - 13615896 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== Faulty Device Manager Devices ============= Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/19/2014 06:18:07 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 18:18:07.601]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/19/2014 06:15:01 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 18:15:01.613]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/19/2014 05:45:25 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 17:45:25.160]: [00002160]: GetDeviceIpAddress: GetAddressByName [BRN001BA95A3E1B] Error Error: (01/18/2014 03:58:01 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {f4a53f49-fec7-4cf0-a3cf-9246e37b604b} Error: (01/18/2014 03:48:41 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/18 15:48:41.676]: [00002184]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/18/2014 00:32:08 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/18 12:32:08.089]: [00002184]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/18/2014 10:39:05 AM) (Source: CltMngSvc) (User: ) Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056) Error: (01/18/2014 10:38:38 AM) (Source: CltMngSvc) (User: ) Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056) Error: (01/18/2014 10:38:06 AM) (Source: CltMngSvc) (User: ) Description: CltMngSvcServiceMain Version 2. (Error: 87) Error: (01/18/2014 10:11:22 AM) (Source: Microsoft-Windows-RestartManager) (User: steffen-PC) Description: Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden. System errors: ============= Error: (01/19/2014 06:20:28 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21 registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (01/19/2014 06:15:18 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21 registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (01/19/2014 11:28:01 AM) (Source: DCOM) (User: ) Description: {CC957078-B838-47C4-A7CF-626E7A82FC58} Error: (01/19/2014 11:26:47 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/19/2014 11:26:47 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht. Error: (01/19/2014 11:26:07 AM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21 registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (01/19/2014 11:25:53 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (01/19/2014 11:25:46 AM) (Source: Service Control Manager) (User: ) Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/19/2014 11:25:03 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (01/18/2014 04:10:14 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MgAssist Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Microsoft Office Sessions: ========================= Error: (01/19/2014 06:18:07 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 18:18:07.601]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/19/2014 06:15:01 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 18:15:01.613]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/19/2014 05:45:25 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 17:45:25.160]: [00002160]: GetDeviceIpAddress: GetAddressByName [BRN001BA95A3E1B] Error Error: (01/18/2014 03:58:01 PM) (Source: VSS)(User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {f4a53f49-fec7-4cf0-a3cf-9246e37b604b} Error: (01/18/2014 03:48:41 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/18 15:48:41.676]: [00002184]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/18/2014 00:32:08 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/18 12:32:08.089]: [00002184]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/18/2014 10:39:05 AM) (Source: CltMngSvc)(User: ) Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056) Error: (01/18/2014 10:38:38 AM) (Source: CltMngSvc)(User: ) Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056) Error: (01/18/2014 10:38:06 AM) (Source: CltMngSvc)(User: ) Description: CltMngSvcServiceMain Version 2. (Error: 87) Error: (01/18/2014 10:11:22 AM) (Source: Microsoft-Windows-RestartManager)(User: steffen-PC) Description: 1C:\Windows\explorer.exeWindows-Explorer0411728360 ==================== Memory info =========================== Percentage of memory in use: 46% Total physical RAM: 3060.45 MB Available physical RAM: 1644.56 MB Total Pagefile: 6119.2 MB Available Pagefile: 4077.04 MB Total Virtual: 2047.88 MB Available Virtual: 1897.34 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:141.49 GB) (Free:19.18 GB) NTFS Drive d: () (Fixed) (Total:141.5 GB) (Free:70.79 GB) NTFS Drive e: (Disc) (CDROM) (Total:1.51 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 97265681) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=141 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
19.01.2014, 18:30 | #4 |
/// TB-Ausbilder | Extended Protection 2.1 ok. Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Starte noch einmal FRST.
__________________ cheers, Leo |
20.01.2014, 11:00 | #5 |
| Extended Protection 2.1 AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 20/01/2014 um 10:48:40 # Aktualisiert 12/01/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzername : steffen - STEFFEN-PC # Gestartet von : C:\Users\steffen\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : BackupStack Dienst Gelöscht : ICQ Service ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\Conduit Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\ProgramData\Systweak Ordner Gelöscht : C:\ProgramData\WPM Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it! Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro Ordner Gelöscht : C:\Program Files\Advanced System Protector Ordner Gelöscht : C:\Program Files\Conduit Ordner Gelöscht : C:\Program Files\FoxTab Ordner Gelöscht : C:\Program Files\ICQ6Toolbar Ordner Gelöscht : C:\Program Files\Mobogenie Ordner Gelöscht : C:\Program Files\MyPC Backup Ordner Gelöscht : C:\Program Files\openit Ordner Gelöscht : C:\Program Files\optimizer pro Ordner Gelöscht : C:\Program Files\RegClean Pro Ordner Gelöscht : C:\Program Files\Trymedia Ordner Gelöscht : C:\Program Files\Plus-HD-5.0 Ordner Gelöscht : C:\windows\system32\Searchprotect Ordner Gelöscht : C:\Users\steffen\AppData\Local\Conduit Ordner Gelöscht : C:\Users\steffen\AppData\Local\DownloadGuide Ordner Gelöscht : C:\Users\steffen\AppData\Local\genienext Ordner Gelöscht : C:\Users\steffen\AppData\Local\lollipop Ordner Gelöscht : C:\Users\steffen\AppData\Local\Mobogenie Ordner Gelöscht : C:\Users\steffen\AppData\Local\NativeMessaging Ordner Gelöscht : C:\Users\steffen\AppData\Local\Wajam Ordner Gelöscht : C:\Users\steffen\AppData\Local\Temp\NativeMessaging Ordner Gelöscht : C:\Users\steffen\AppData\Local\Temp\CT3322950 Ordner Gelöscht : C:\Users\steffen\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\steffen\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\steffen\AppData\LocalLow\Softonic Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\FoxTab Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\newnext.me Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\pdfforge Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup Ordner Gelöscht : C:\Users\steffen\Documents\Mobogenie Ordner Gelöscht : C:\Users\steffen\Documents\optimizer pro Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\ConduitEngine Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\ICQToolbarData Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Smartbar Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\ValueApps Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\CT3322950 Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\{5EBDCA98-43B3-45BB-87E0-716029FB42AB} Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07} Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com Ordner Gelöscht : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\{afa59d4f-18ec-4866-949b-f406270e15cb} Ordner Gelöscht : C:\Users\steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo Ordner Gelöscht : C:\Users\steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Ordner Gelöscht : C:\Users\steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhjppglbhfdpdameiopkfoopdchkgef Datei Gelöscht : C:\Users\Public\Desktop\Advanced System Protector.lnk Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk Datei Gelöscht : C:\Users\Public\Desktop\RegClean Pro.lnk Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lollipop.lnk Datei Gelöscht : C:\windows\system32\roboot.exe Datei Gelöscht : C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk Datei Gelöscht : C:\Users\steffen\Desktop\Mobogenie.lnk Datei Gelöscht : C:\Users\steffen\Desktop\MyPC Backup.lnk Datei Gelöscht : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\bProtector_extensions.rdf Datei Gelöscht : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\invalidprefs.js Datei Gelöscht : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\searchplugins\conduit-search.xml Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\nationzoom.xml Datei Gelöscht : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\searchplugins\Web Search.xml Datei Gelöscht : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\user.js Datei Gelöscht : C:\Users\steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx Datei Gelöscht : C:\windows\Tasks\Plus-HD-5.0-chromeinstaller.job Datei Gelöscht : C:\windows\Tasks\Plus-HD-5.0-codedownloader.job Datei Gelöscht : C:\windows\Tasks\Plus-HD-5.0-enabler.job Datei Gelöscht : C:\windows\Tasks\Plus-HD-5.0-firefoxinstaller.job Datei Gelöscht : C:\windows\Tasks\Plus-HD-5.0-updater.job ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale NotePad 2012\Benutzerhandbuch.lnk Verknüpfung Desinfiziert : C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Verknüpfung Desinfiziert : C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Verknüpfung Desinfiziert : C:\Users\steffen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\steffen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Verknüpfung Desinfiziert : C:\Users\steffen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\Users\steffen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\steffen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\Users\steffen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\hkhjppglbhfdpdameiopkfoopdchkgef Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\hkhjppglbhfdpdameiopkfoopdchkgef Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Advanced System Protector_Startup] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0047718.BHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0047718.BHO.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0047718.Sandbox Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0047718.Sandbox.1 Schlüssel Gelöscht : HKCU\Software\5ae888be66aed40 Schlüssel Gelöscht : HKLM\SOFTWARE\5ae888be66aed40 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3214568 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3322950 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_zuma-deluxe_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_zuma-deluxe_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411771118} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422772218} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455775518} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466776618} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444774418} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411771118} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22d36aab-58e2-4972-881b-6b8a475aca49} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{604eb3e2-6b4d-4328-aef6-41a15b339be2} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92182fb4-ae7e-4dd1-a8d0-b63404bf5b60} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95389704-673c-4716-8fec-3eb5de296e99} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}] Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\DataMngr [#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\dsiteproducts Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions Schlüssel Gelöscht : HKCU\Software\lollipop Schlüssel Gelöscht : HKCU\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-5.0 Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\BabylonToolbar Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\DomaIQ Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar Schlüssel Gelöscht : HKLM\Software\InstallCore Schlüssel Gelöscht : HKLM\Software\nationzoomSoftware Schlüssel Gelöscht : HKLM\Software\supWPM Schlüssel Gelöscht : HKLM\Software\systweak Schlüssel Gelöscht : HKLM\Software\Trymedia Systems Schlüssel Gelöscht : HKLM\Software\Uniblue Schlüssel Gelöscht : HKLM\Software\Plus-HD-5.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It! Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-5.0 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] -\\ Mozilla Firefox v26.0 (de) [ Datei : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\prefs.js ] Zeile gelöscht : user_pref("CT3322950.1000082.isPlayDisplay", "true"); Zeile gelöscht : user_pref("CT3322950.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}"); Zeile gelöscht : user_pref("CT3322950.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Zeile gelöscht : user_pref("CT3322950.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); Zeile gelöscht : user_pref("CT3322950.FF19Solved", "true"); Zeile gelöscht : user_pref("CT3322950.FirstTime", "true"); Zeile gelöscht : user_pref("CT3322950.FirstTimeFF3", "true"); Zeile gelöscht : user_pref("CT3322950.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3322950&SearchSource=2&CUI=UN35014252225894811&UM=2&q="); Zeile gelöscht : user_pref("CT3322950.UserID", "UN35014252225894811"); Zeile gelöscht : user_pref("CT3322950.addressBarTakeOverEnabledInHidden", "true"); Zeile gelöscht : user_pref("CT3322950.appOptions", "{}"); Zeile gelöscht : user_pref("CT3322950.browser.search.defaultthis.engineName", "true"); Zeile gelöscht : user_pref("CT3322950.countryCode", "DE"); Zeile gelöscht : user_pref("CT3322950.defaultSearch", "true"); Zeile gelöscht : user_pref("CT3322950.enableAlerts", "true"); Zeile gelöscht : user_pref("CT3322950.enableSearchFromAddressBar", "true"); Zeile gelöscht : user_pref("CT3322950.firstTimeDialogOpened", "true"); Zeile gelöscht : user_pref("CT3322950.fixPageNotFoundError", "true"); Zeile gelöscht : user_pref("CT3322950.fixPageNotFoundErrorByUser", "true"); Zeile gelöscht : user_pref("CT3322950.fixPageNotFoundErrorInHidden", "true"); Zeile gelöscht : user_pref("CT3322950.fullUserID", "UN35014252225894811.IN.20140118103754"); Zeile gelöscht : user_pref("CT3322950.homepageuserchanged", true); Zeile gelöscht : user_pref("CT3322950.installDate", "18/01/2014 10:37:56"); Zeile gelöscht : user_pref("CT3322950.installSessionId", "{8A51148E-69C3-4830-9AC6-45B6DAD7DADA}"); Zeile gelöscht : user_pref("CT3322950.installSp", "TRUE"); Zeile gelöscht : user_pref("CT3322950.installType", "conduitnsisintegration"); Zeile gelöscht : user_pref("CT3322950.installUsage", "2014-01-18T13:22:37.3723108+03:00"); Zeile gelöscht : user_pref("CT3322950.installUsageEarly", "2014-01-18T13:22:36.7639108+03:00"); Zeile gelöscht : user_pref("CT3322950.installerVersion", "1.8.1.4"); Zeile gelöscht : user_pref("CT3322950.isCheckedStartAsHidden", true); Zeile gelöscht : user_pref("CT3322950.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Zeile gelöscht : user_pref("CT3322950.isFirstTimeToolbarLoading", "false"); Zeile gelöscht : user_pref("CT3322950.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Zeile gelöscht : user_pref("CT3322950.keyword", "true"); Zeile gelöscht : user_pref("CT3322950.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3322950&octid=CT3322950&SearchSource=15&CUI=UN35014252225894811&SSPV=&Lay=1&UM=2\"}"); Zeile gelöscht : user_pref("CT3322950.lastVersion", "10.23.0.822"); Zeile gelöscht : user_pref("CT3322950.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://FreemiumA.OurToolbar.com/\",\"EB_TOOLB[...] Zeile gelöscht : user_pref("CT3322950.openThankYouPage", "false"); Zeile gelöscht : user_pref("CT3322950.openUninstallPage", "true"); Zeile gelöscht : user_pref("CT3322950.originalHomepage", "hxxp://web.de/"); Zeile gelöscht : user_pref("CT3322950.originalSearchAddressUrl", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d4f7c117-3759-754d-6921-960c021e8dd8&searchtype=ds&fr=linkury-tb&installDate=09/[...] Zeile gelöscht : user_pref("CT3322950.originalSearchEngine", "Google"); Zeile gelöscht : user_pref("CT3322950.originalSearchEngineName", "Google"); Zeile gelöscht : user_pref("CT3322950.revertSettingsEnabled", "true"); Zeile gelöscht : user_pref("CT3322950.search.searchAppId", "130318455674433900"); Zeile gelöscht : user_pref("CT3322950.search.searchCount", "0"); Zeile gelöscht : user_pref("CT3322950.searchFromAddressBarEnabledByUser", "true"); Zeile gelöscht : user_pref("CT3322950.searchInNewTabEnabledByUser", "true"); Zeile gelöscht : user_pref("CT3322950.searchInNewTabEnabledInHidden", "true"); Zeile gelöscht : user_pref("CT3322950.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}"); Zeile gelöscht : user_pref("CT3322950.searchRevert", "true"); Zeile gelöscht : user_pref("CT3322950.searchSuggestEnabledByUser", "true"); Zeile gelöscht : user_pref("CT3322950.searchUninstallUserMode", "2"); Zeile gelöscht : user_pref("CT3322950.searchUserMode", "2"); Zeile gelöscht : user_pref("CT3322950.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3322950\"}"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FreemiumA.OurToolbar.com//xpi\"}"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreemiumA \"}"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_services_Configuration_lastUpdate", "1390127514068"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1390040575069"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_services_appsMetadata_lastUpdate", "1390040574373"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1390040574521"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1390040573571"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1390040573988"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_services_login_10.23.0.722_lastUpdate", "1390056550931"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_services_login_10.23.0.822_lastUpdate", "1390205309762"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1390040574660"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_services_searchAPI_lastUpdate", "1390127513431"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_services_serviceMap_lastUpdate", "1390127513193"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_services_toolbarContextMenu_lastUpdate", "1390040574632"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_services_toolbarSettings_lastUpdate", "1390205309335"); Zeile gelöscht : user_pref("CT3322950.serviceLayer_services_translation_lastUpdate", "1390127513272"); Zeile gelöscht : user_pref("CT3322950.settingsINI", true); Zeile gelöscht : user_pref("CT3322950.shouldFirstTimeDialog", "false"); Zeile gelöscht : user_pref("CT3322950.showToolbarPermission", "false"); Zeile gelöscht : user_pref("CT3322950.smartbar.CTID", "CT3322950"); Zeile gelöscht : user_pref("CT3322950.smartbar.Uninstall", "0"); Zeile gelöscht : user_pref("CT3322950.smartbar.homepage", "true"); Zeile gelöscht : user_pref("CT3322950.smartbar.toolbarName", "FreemiumA "); Zeile gelöscht : user_pref("CT3322950.startPage", "true"); Zeile gelöscht : user_pref("CT3322950.toolbarBornServerTime", "18-1-2014"); Zeile gelöscht : user_pref("CT3322950.toolbarCurrentServerTime", "20-1-2014"); Zeile gelöscht : user_pref("CT3322950.toolbarInstallDate", "18-01-2014 10:37:54"); Zeile gelöscht : user_pref("CT3322950.toolbarLoginClientTime", "Sat Jan 18 2014 11:22:55 GMT+0100"); Zeile gelöscht : user_pref("CT3322950.versionFromInstaller", "10.23.0.722"); Zeile gelöscht : user_pref("CT3322950.xpeMode", "0"); Zeile gelöscht : user_pref("CT3322950_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1390210885822,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", ""); Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "FreemiumA Customized Web Search"); Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3322950&SearchSource=2&CUI=UN35014252225894811&UM=2&q="); Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d4f7c117-3759-754d-6921-960c021e8dd8&searchtype=ds&fr=linkury-tb&installDate=[...] Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3322950"); Zeile gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.yd.delta-search.com/?affID=119528&tt=030213_yd&babsrc=HP_ss&mntrId=18fbbf110000000000007ee4004debad"); Zeile gelöscht : user_pref("avg.install.userSPSettings", "Delta Search"); Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.nationzoom.com/newtab/?type=nt&ts=1390057011&from=tugs&uid=HitachiXHTS545032B9A300_100425PBN3031TKD80YRX"); Zeile gelöscht : user_pref("browser.search.defaultenginename", "FreemiumA Customized Web Search"); Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "FreemiumA Customized Web Search"); Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3322950&CUI=UN35014252225894811&UM=2&SearchSource=3&q={searchTerms}"); Zeile gelöscht : user_pref("browser.search.selectedEngine", "FreemiumA Customized Web Search"); Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.nationzoom.com/?type=hp&ts=1390057011&from=tugs&uid=HitachiXHTS545032B9A300_100425PBN3031TKD80YRX"); Zeile gelöscht : user_pref("extensions.Softonic.admin", false); Zeile gelöscht : user_pref("extensions.Softonic.aflt", "SD"); Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}"); Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false"); Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de"); Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true); Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true); Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false); Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false); Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true); Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=&mi=18fbbf110000000000007ee4004debad&toi=16073"); Zeile gelöscht : user_pref("extensions.Softonic.hpOld0", ""); Zeile gelöscht : user_pref("extensions.Softonic.id", "18fbbf110000000000007ee4004debad"); Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "16073"); Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00009"); Zeile gelöscht : user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&mi=18fbbf110000000000007ee4004debad&toi=16073&q="); Zeile gelöscht : user_pref("extensions.Softonic.newTab", true); Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00009/tb_v1/?SearchSource=15&cc=&mi=18fbbf110000000000007ee4004debad&toi=16073"); Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic"); Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic"); Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false"); Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "2013desingbrand"); Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&mi=18fbbf110000000000007ee4004debad&toi=16073&q="); Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.29.3"); Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.29.313:11:15"); Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.29.3"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.InstallationThankYouPage", true); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.InstallationTime", 1390210700); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.active", true); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.addressbar", "NA"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.addressbarenhanced", ""); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.asyncdb_dbWasSet", true); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.asyncdb_dbWasSet_FF25_FIX", true); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.asyncinternaldb_dbWasSet", true); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.asyncinternaldb_dbWasSet_FF25_FIX", true); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.backgroundver", 1); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.certdomaininstaller", ""); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.changeprevious", false); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.InstallationTime.value", "%221390210700%22"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000781%22%2C%22sub_id%22%3A%220%22%2C%22uz[...] Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.iframe-exists.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.iframe-exists.value", "true"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.jw_token.value", "%22147eccce-554d-50da-1164-f231453d5e54%22"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.description", "Turn YouTube videos to High Definition by default"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.domain", ""); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.enablesearch", false); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.homepage", ""); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.iframe", false); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%224DC63D1A6B3543749A7F852FA3761[...] Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000781%22%2C%22sub_id%22%3A%220%22%2C%[...] Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000781%22%2C%22sub_id%22%3A%220%2[...] Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%224DC63D1A6B3543749A7F[...] Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_appVer.value", "21"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_lastVersion.value", "1"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_meta.value", "%7B%7D"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_nextCheck.expiration", "Mon Jan 20 2014 16:41:35 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_nextCheck.value", "true"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_queue.value", "%7B%7D"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb._country_code_.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb._country_code_.value", "%22DE%22"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%224DC63D1A[...] Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.lastDailyReport", "1390210891107"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.lastUpdate", "1390210891103"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.manifesturl", ""); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.name", "Plus-HD-5.0"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.newtab", ""); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.opensearch", ""); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/47718/plugins/093/ff/plugins.json"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.pluginsversion", 16); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.publisher", "Plus HD"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.searchstatus", 0); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.setnewtab", false); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.thankyou", ""); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.updateinterval", 360); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.ver", 21); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.apps", "47718"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.bic", "143a4dfdf09b5e9790bee1f7b64f2f4d"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.cid", 47718); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.firstrun", false); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.hadappinstalled", true); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.installationdate", 1390210885); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.modetype", "production"); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.reportInstall", true); Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.statsDailyCounter", 1); Zeile gelöscht : user_pref("extensions.crossrider.bic", "143a4dfdf09b5e9790bee1f7b64f2f4d"); Zeile gelöscht : user_pref("extensions.delta.admin", false); Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst"); Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false"); Zeile gelöscht : user_pref("extensions.delta.bbDpng", "5"); Zeile gelöscht : user_pref("extensions.delta.cntry", "DE"); Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de"); Zeile gelöscht : user_pref("extensions.delta.excTlbr", false); Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true); Zeile gelöscht : user_pref("extensions.delta.hdrMd5", ""); Zeile gelöscht : user_pref("extensions.delta.id", "18fbbf110000000000007ee4004debad"); Zeile gelöscht : user_pref("extensions.delta.instlDay", "15950"); Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst"); Zeile gelöscht : user_pref("extensions.delta.lastVrsnTs", ""); Zeile gelöscht : user_pref("extensions.delta.newTab", false); Zeile gelöscht : user_pref("extensions.delta.prdct", "delta"); Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta"); Zeile gelöscht : user_pref("extensions.delta.rvrt", "false"); Zeile gelöscht : user_pref("extensions.delta.sg", "er"); Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base"); Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", ""); Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6"); Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.622:05:33"); Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6"); Zeile gelöscht : user_pref("extensions.delta_i.babExt", ""); Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4993"); Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss"); Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3322950&SearchSource=2&CUI=UN35014252225894811&UM=2&q="); Zeile gelöscht : user_pref("plugin.state.npconduitfirefoxplugin", 2); Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT3322950"); Zeile gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3322950&CUI=UN35014252225894811&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3322950&octid=CT3322950&SearchSource[...] Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3322950&SearchSource=2&CUI=UN35014252225894811&UM=2&q="); Zeile gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT3322950"); Zeile gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT3322950"); Zeile gelöscht : user_pref("smartbar.machineId", "HWAV5VPXP452B7DMU8OHETFUKF+KZGXGEJVCM1XGOL7ZJPQM8E5UBSURKQ5IP4JQCAYBJZJP4VB/9WDENQKNDQ"); Zeile gelöscht : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3322950&CUI=UN35014252225894811&UM=2&SearchSource=13"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E+x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E,x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E-x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E.:2z527.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E.x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E/x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E06CG5EL8:", "6E6D6872737075717277"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E06CG5EL8:.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E7879767B77787D242F4B49474F42357D5D5C3D"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E06CG5EL;8I:K.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E0x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E1x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E2x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E3x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E4x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E5x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E6x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E7x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E8x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E9x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E:x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E;x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E<x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E=x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E>x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E?x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7E@x305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7EAx305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7EBE3G=;D9N9=D.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7EBx305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7ECx305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7EDx305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B+7Etx305.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950./9B-0?3G>D", "676B6B6F3E433F407A4575797A204A77204E257E7E7B252A5521212A552D5B5A5D5F2B32"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B-0?3G>D.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B-0?3G@6:5;", ""); Zeile gelöscht : user_pref("valueApps.CT3322950./9B-0?3G@6:5;.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B-0?3GFA7EF", "2B2E2C3D"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B-0?3GFA7EF.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B-3=3ECCJA=F>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B-3=3ECCJA=F>.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B3=>@44I48?.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B5BA==9CJAG", "3D3A6B6D417240407A73444978797B4B494B7E7C21"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B5BA==9CJAG.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B6B11G4C56B>F;P;ANR@P", "6E6D6872737075716F78767773"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B6B11G4C56B>F;P;ANR@P.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B9643G3/9E", "6A"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B9643G3/9E.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B;45>:BI9I7IE", "2B2E2C3D"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B;45>:BI9I7IE.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B<:222H64<", "393F352F3E"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B<:222H64<.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B<:222H64<L8DAJ", "6D70706E7674747976702A797B727B7C757D21"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B<:222H64<L8DAJ.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B=+03EH8H8J?:", "4443"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B=+03EH8H8J?:.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B?+E2A52D8.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9B?B0D:8AJ62<H", "6D"); Zeile gelöscht : user_pref("valueApps.CT3322950./9B?B0D:8AJ62<H.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950./9BA@0<0BI6A7GN:6@L?", "6C"); Zeile gelöscht : user_pref("valueApps.CT3322950./9BA@0<0BI6A7GN:6@L?.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.PG_ENABLE", "74727565"); Zeile gelöscht : user_pref("valueApps.CT3322950.PG_ENABLE.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.SF_JUST_INSTALLED", "46414C5345"); Zeile gelöscht : user_pref("valueApps.CT3322950.SF_JUST_INSTALLED.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.SF_STATUS", "454E41424C4544"); Zeile gelöscht : user_pref("valueApps.CT3322950.SF_STATUS.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.SF_USER_ID", "6369645F3138313230313431313232353934323738393735"); Zeile gelöscht : user_pref("valueApps.CT3322950.SF_USER_ID.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950._key_cl_active", "36656139663464632D666438372D343466302D383935652D333234363837663839633238"); Zeile gelöscht : user_pref("valueApps.CT3322950._key_cl_active.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.cbfirsttime", "536174204A616E20313820323031342031313A32333A303220474D542B30313030"); Zeile gelöscht : user_pref("valueApps.CT3322950.cbfirsttime.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appStateReportTime", "31333930303430353738363532"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appStateReportTime.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appState_Clarity_Active", "6F6E"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appState_Clarity_Active.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appState_CouponBuddy", "6F6E"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appState_CouponBuddy.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appState_Easytobook", "6F6E"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appState_Easytobook.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appState_Easytobook_targeted", "6F6E"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appState_Easytobook_targeted.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appState_PriceGong", "6F6E"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appState_PriceGong.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appState_WindowShopper", "6F6E"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appState_WindowShopper.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appsConfig.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appsDefaultEnabled", "74727565"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_appsDefaultEnabled.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_calledSetupService", "31"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_calledSetupService.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_currentVersion", "312E31322E302E35"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_currentVersion.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_existingUsersRecoveryDone", "31"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_existingUsersRecoveryDone.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_first_time", "31"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_first_time.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_lastLoginTime", "31333930303430353739313435"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_lastLoginTime.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_localization.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_mamEnabled", "74727565"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_mamEnabled.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_migrated_from_ls", "31"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_migrated_from_ls.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_new_welcome_experience", "31"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_new_welcome_experience.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_settings1.12.0.5.storedInFile", true); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_showWelcomeGadget", "66616C7365"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_showWelcomeGadget.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_stamp", "313130315F30"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_stamp.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_userId", "31313036613231322D353338372D343937642D616432632D323864313061373134626366"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_userId.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_user_approval_interacted", "31"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_user_approval_interacted.storedInFile", false); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_welcomeDialogMode", "31"); Zeile gelöscht : user_pref("valueApps.CT3322950.mam_gk_welcomeDialogMode.storedInFile", false); -\\ Google Chrome v32.0.1700.76 [ Datei : C:\Users\steffen\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [63536 octets] - [20/01/2014 10:45:57] AdwCleaner[S0].txt - [59142 octets] - [20/01/2014 10:48:40] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [59203 octets] ########## FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014 03 Ran by steffen (administrator) on STEFFEN-PC on 20-01-2014 10:58:55 Running from C:\Users\steffen\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe (pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (DoctorSoft) C:\Program Files\AnyPC Client\APLangApp.exe () C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Facebook Inc.) C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\steffen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (ClickMeIn Limited) C:\Program Files\VuuPC\Connectivity.exe (ClickMeIn Limited) C:\Program Files\VuuPC\RemoteEngine.exe (ClickMeIn Limited) C:\Program Files\VuuPC\RemoteEngineHelper.exe (ClickMeIn Limited) C:\Program Files\VuuPC\RemoteEngineHelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [13834856 2010-02-09] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8129056 2009-12-26] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated) HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2482176 2010-02-22] () HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [UpdatePDRShortCut] - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM\...\Run: [APLangApp] - C:\Program Files\AnyPC Client\APLangApp.exe [13312 2009-11-20] (DoctorSoft) HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [Logan_S2P] - C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe [253952 2007-06-11] () HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [552960 2009-03-09] () HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation) HKCU\...\Run: [Facebook Update] - C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-24] (Facebook Inc.) HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-15] (Garmin Ltd or its subsidiaries) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) MountPoints2: F - F:\LaunchU3.exe -a MountPoints2: {6dc14340-db68-11df-9657-00245489d605} - F:\LaunchU3.exe -a AppInit_DLLs: => File Not Found Startup: C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\steffen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: HKLM - (No Name) - {adca5064-9e30-43fe-9856-58b07a3149fe} - No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {F09C2463-3A11-4976-AF62-CB3D8067B60D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3322950&CUI=UN12248898314691135&UM=2 BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: No Name - {adca5064-9e30-43fe-9856-58b07a3149fe} - No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {ADCA5064-9E30-43FE-9856-58B07A3149FE} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\steffen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\searchplugins\freemiuma-customized-web-search.xml FF SearchPlugin: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Garmin Communicator - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-25] FF Extension: WEB.DE MailCheck - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\toolbar@web.de.xpi [2013-09-02] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-16] Chrome: ======= CHR Extension: (Google Wallet) - C:\Users\steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12] CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-12] CHR HKLM\...\Chrome\Extension: [dbgalemaidlifaeappogmgmgifhkfkee] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-12] CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-09-12] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG) R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-05-14] (Ellora Assets Corp.) R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-15] (Garmin Ltd or its subsidiaries) R2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2010-02-10] () R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) R2 RemoteEngineService; C:\Program Files\VuuPC\remoteengine.exe [2967568 2014-01-19] (ClickMeIn Limited) R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () R2 VuuPCConnectivity; C:\Program Files\VuuPC\Connectivity.exe [4747280 2014-01-19] (ClickMeIn Limited) ==================== Drivers (Whitelisted) ==================== R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [42416 2010-02-10] (ST Microelectronics) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG) R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.) S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2010-06-10] (Windows (R) 2003 DDK 3790 provider) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [14808 2009-11-02] () R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-20 10:58 - 2014-01-20 10:58 - 00001120 _____ C:\Users\steffen\Desktop\My VuuPC.lnk 2014-01-20 10:58 - 2014-01-20 10:58 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPC 2014-01-20 10:58 - 2014-01-20 10:58 - 00000000 ____D C:\Program Files\VuuPC 2014-01-20 10:54 - 2014-01-20 10:54 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-01-20 10:45 - 2014-01-20 10:50 - 00000000 ____D C:\AdwCleaner 2014-01-20 10:45 - 2014-01-20 10:45 - 01236282 _____ C:\Users\steffen\Downloads\adwcleaner.exe 2014-01-20 10:45 - 2014-01-20 10:45 - 01236282 _____ C:\Users\steffen\Downloads\adwcleaner(1).exe 2014-01-20 10:38 - 2012-07-25 12:03 - 00017136 _____ C:\windows\system32\sasnative32.exe 2014-01-20 10:37 - 2014-01-20 10:37 - 00000109 _____ C:\Users\steffen\AppData\Roaming\WB.CFG 2014-01-20 10:37 - 2014-01-20 10:37 - 00000005 _____ C:\Users\steffen\AppData\Roaming\WBPU-TTL.DAT 2014-01-20 10:36 - 2014-01-20 10:36 - 00680584 _____ ( ) C:\Users\steffen\Downloads\ZipExtractorSetup.exe 2014-01-20 10:36 - 2014-01-20 10:36 - 00000000 ____D C:\Users\steffen\AppData\Roaming\DigitalSites 2014-01-19 18:22 - 2014-01-19 18:23 - 00024904 _____ C:\Users\steffen\Downloads\Addition.txt 2014-01-19 18:21 - 2014-01-20 10:58 - 00017843 _____ C:\Users\steffen\Downloads\FRST.txt 2014-01-19 18:21 - 2014-01-19 18:21 - 00000000 ____D C:\FRST 2014-01-19 18:20 - 2014-01-19 18:21 - 01221120 _____ (Farbar) C:\Users\steffen\Downloads\FRST.exe 2014-01-19 18:19 - 2014-01-19 18:20 - 02076672 _____ (Farbar) C:\Users\steffen\Downloads\FRST64.exe 2014-01-19 11:41 - 2014-01-19 22:56 - 00000000 ____D C:\Users\steffen\Desktop\Gruppenarbeit Entfaltung 2014-01-19 11:40 - 2014-01-19 22:29 - 00000000 ____D C:\Users\steffen\Desktop\Musik-referat 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\OpenOffice 2014-01-18 16:04 - 2014-01-18 16:04 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk 2014-01-18 16:02 - 2014-01-18 16:14 - 00000000 ____D C:\Program Files\OpenOffice 4 2014-01-18 16:01 - 2014-01-18 16:02 - 00000000 ____D C:\Users\steffen\Desktop\OpenOffice 4.0.0 (en-US) Installation Files 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\AppData\Local\cache 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\.android 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 _____ C:\Users\steffen\daemonprocess.txt 2014-01-18 10:38 - 2014-01-18 10:38 - 00000000 ____D C:\Users\steffen\AppData\Local\CRE 2014-01-18 10:36 - 2014-01-18 11:25 - 00000000 ____D C:\Program Files\Sweet Home 3D 2014-01-18 10:35 - 2014-01-18 10:36 - 33746304 _____ (eTeks ) C:\Users\steffen\Desktop\SweetHome3D-4-2-windows-oc.exe 2014-01-15 21:53 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-01-15 21:53 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys 2014-01-15 21:53 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-01-10 12:00 - 2014-01-11 11:01 - 00000000 ____D C:\Users\steffen\Desktop\LI 2014-01-09 11:52 - 2014-01-20 10:49 - 00001037 _____ C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-01-09 10:49 - 2014-01-09 11:16 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 ____D C:\Users\steffen\AppData\Roaming\TuneUp Software 2014-01-09 10:45 - 2014-01-18 16:55 - 00000000 ____D C:\Users\steffen\AppData\Roaming\DVDVideoSoft 2014-01-03 23:08 - 2014-01-06 11:49 - 00000000 ____D C:\Users\steffen\Documents\Ahnenblatt 2014-01-03 23:08 - 2014-01-06 11:49 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Ahnenblatt 2014-01-03 22:27 - 2014-01-03 22:29 - 00000000 ____D C:\Users\steffen\Documents\MyHeritage 2014-01-03 22:26 - 2004-12-07 11:11 - 00258352 _____ (Microsoft Corporation) C:\windows\system32\unicows.dll 2014-01-03 22:25 - 2014-01-06 11:49 - 00000000 ____D C:\Program Files\MyHeritage 2014-01-03 13:10 - 2014-01-06 11:47 - 00000444 __RSH C:\Users\steffen\ntuser.pol 2014-01-03 13:10 - 2014-01-03 13:10 - 00001072 _____ C:\Users\Public\Desktop\Finale NotePad 2012.lnk 2014-01-03 13:09 - 2014-01-03 13:10 - 00000000 ____D C:\Program Files\Finale NotePad 2012 2014-01-03 13:07 - 2014-01-03 13:09 - 103516232 _____ (MakeMusic) C:\Users\steffen\Desktop\InstallFinaleNotePad2012.exe 2014-01-03 11:46 - 2014-01-03 11:47 - 00000000 ____D C:\Users\steffen\.lilypond-fonts.cache-2 2014-01-03 11:36 - 2014-01-03 11:36 - 00000027 _____ C:\windows\{_ini} 2014-01-03 11:36 - 2014-01-03 11:36 - 00000000 ____D C:\Users\steffen\Documents\schobuk ==================== One Month Modified Files and Folders ======= 2014-01-20 10:59 - 2014-01-19 18:21 - 00017843 _____ C:\Users\steffen\Downloads\FRST.txt 2014-01-20 10:58 - 2014-01-20 10:58 - 00001120 _____ C:\Users\steffen\Desktop\My VuuPC.lnk 2014-01-20 10:58 - 2014-01-20 10:58 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPC 2014-01-20 10:58 - 2014-01-20 10:58 - 00000000 ____D C:\Program Files\VuuPC 2014-01-20 10:56 - 2010-03-16 18:54 - 01788365 _____ C:\windows\WindowsUpdate.log 2014-01-20 10:54 - 2014-01-20 10:54 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-01-20 10:54 - 2011-07-18 15:16 - 00000000 ___RD C:\Users\steffen\Dropbox 2014-01-20 10:54 - 2011-07-18 15:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Dropbox 2014-01-20 10:52 - 2013-06-10 17:03 - 00015875 _____ C:\windows\setupact.log 2014-01-20 10:52 - 2010-08-04 11:26 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-01-20 10:50 - 2014-01-20 10:45 - 00000000 ____D C:\AdwCleaner 2014-01-20 10:49 - 2014-01-09 11:52 - 00001037 _____ C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-01-20 10:49 - 2013-09-12 08:38 - 00001236 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-20 10:49 - 2010-08-04 17:09 - 00001007 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-01-20 10:49 - 2010-08-04 11:46 - 00001152 _____ C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-20 10:45 - 2014-01-20 10:45 - 01236282 _____ C:\Users\steffen\Downloads\adwcleaner.exe 2014-01-20 10:45 - 2014-01-20 10:45 - 01236282 _____ C:\Users\steffen\Downloads\adwcleaner(1).exe 2014-01-20 10:37 - 2014-01-20 10:37 - 00000109 _____ C:\Users\steffen\AppData\Roaming\WB.CFG 2014-01-20 10:37 - 2014-01-20 10:37 - 00000005 _____ C:\Users\steffen\AppData\Roaming\WBPU-TTL.DAT 2014-01-20 10:36 - 2014-01-20 10:36 - 00680584 _____ ( ) C:\Users\steffen\Downloads\ZipExtractorSetup.exe 2014-01-20 10:36 - 2014-01-20 10:36 - 00000000 ____D C:\Users\steffen\AppData\Roaming\DigitalSites 2014-01-20 10:21 - 2009-07-26 21:06 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI 2014-01-20 09:13 - 2009-07-14 05:34 - 00014752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-20 09:13 - 2009-07-14 05:34 - 00014752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-19 22:56 - 2014-01-19 11:41 - 00000000 ____D C:\Users\steffen\Desktop\Gruppenarbeit Entfaltung 2014-01-19 22:29 - 2014-01-19 11:40 - 00000000 ____D C:\Users\steffen\Desktop\Musik-referat 2014-01-19 22:01 - 2013-09-02 21:06 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Skype 2014-01-19 18:23 - 2014-01-19 18:22 - 00024904 _____ C:\Users\steffen\Downloads\Addition.txt 2014-01-19 18:21 - 2014-01-19 18:21 - 00000000 ____D C:\FRST 2014-01-19 18:21 - 2014-01-19 18:20 - 01221120 _____ (Farbar) C:\Users\steffen\Downloads\FRST.exe 2014-01-19 18:20 - 2014-01-19 18:19 - 02076672 _____ (Farbar) C:\Users\steffen\Downloads\FRST64.exe 2014-01-19 11:41 - 2013-12-12 11:34 - 00119296 ___SH C:\Users\steffen\Desktop\Thumbs.db 2014-01-19 11:24 - 2010-03-16 03:04 - 00787534 _____ C:\windows\PFRO.log 2014-01-19 11:24 - 2009-07-14 05:33 - 00478064 _____ C:\windows\system32\FNTCACHE.DAT 2014-01-18 16:55 - 2014-01-09 10:45 - 00000000 ____D C:\Users\steffen\AppData\Roaming\DVDVideoSoft 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\OpenOffice 2014-01-18 16:14 - 2014-01-18 16:02 - 00000000 ____D C:\Program Files\OpenOffice 4 2014-01-18 16:08 - 2010-08-04 11:36 - 00138224 _____ C:\Users\steffen\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-18 16:04 - 2014-01-18 16:04 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk 2014-01-18 16:02 - 2014-01-18 16:01 - 00000000 ____D C:\Users\steffen\Desktop\OpenOffice 4.0.0 (en-US) Installation Files 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\AppData\Local\cache 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\.android 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 _____ C:\Users\steffen\daemonprocess.txt 2014-01-18 11:25 - 2014-01-18 10:36 - 00000000 ____D C:\Program Files\Sweet Home 3D 2014-01-18 10:38 - 2014-01-18 10:38 - 00000000 ____D C:\Users\steffen\AppData\Local\CRE 2014-01-18 10:36 - 2014-01-18 10:35 - 33746304 _____ (eTeks ) C:\Users\steffen\Desktop\SweetHome3D-4-2-windows-oc.exe 2014-01-17 22:05 - 2013-08-03 20:45 - 00000000 ____D C:\Users\steffen\Desktop\JULE + JENS 2014-01-17 14:23 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\NDF 2014-01-17 13:55 - 2013-03-20 20:35 - 00000000 ____D C:\Users\steffen\Meins 2014-01-16 11:17 - 2013-05-13 10:35 - 00000000 ____D C:\Users\steffen\Desktop\Jens 2014-01-16 08:58 - 2011-07-18 15:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-15 22:22 - 2013-08-20 16:45 - 00000000 ____D C:\windows\system32\MRT 2014-01-15 22:20 - 2010-10-21 12:35 - 83425928 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-01-11 11:01 - 2014-01-10 12:00 - 00000000 ____D C:\Users\steffen\Desktop\LI 2014-01-09 11:16 - 2014-01-09 10:49 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 ____D C:\Users\steffen\AppData\Roaming\TuneUp Software 2014-01-09 10:47 - 2011-02-04 19:04 - 00000000 ____D C:\Program Files\Freemake 2014-01-09 10:46 - 2011-02-04 18:17 - 00000000 ____D C:\Users\steffen\Documents\DVDVideoSoft 2014-01-06 21:49 - 2010-12-02 09:01 - 00132216 _____ C:\Users\steffen\AppData\Roaming\GDIPFONTCACHEV1.DAT 2014-01-06 11:49 - 2014-01-03 23:08 - 00000000 ____D C:\Users\steffen\Documents\Ahnenblatt 2014-01-06 11:49 - 2014-01-03 23:08 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Ahnenblatt 2014-01-06 11:49 - 2014-01-03 22:25 - 00000000 ____D C:\Program Files\MyHeritage 2014-01-06 11:47 - 2014-01-03 13:10 - 00000444 __RSH C:\Users\steffen\ntuser.pol 2014-01-03 22:29 - 2014-01-03 22:27 - 00000000 ____D C:\Users\steffen\Documents\MyHeritage 2014-01-03 13:10 - 2014-01-03 13:10 - 00001072 _____ C:\Users\Public\Desktop\Finale NotePad 2012.lnk 2014-01-03 13:10 - 2014-01-03 13:09 - 00000000 ____D C:\Program Files\Finale NotePad 2012 2014-01-03 13:10 - 2009-07-14 03:37 - 00000000 ___HD C:\windows\system32\GroupPolicy 2014-01-03 13:09 - 2014-01-03 13:07 - 103516232 _____ (MakeMusic) C:\Users\steffen\Desktop\InstallFinaleNotePad2012.exe 2014-01-03 11:47 - 2014-01-03 11:46 - 00000000 ____D C:\Users\steffen\.lilypond-fonts.cache-2 2014-01-03 11:38 - 2009-07-14 05:52 - 00000000 ____D C:\windows\system32\FxsTmp 2014-01-03 11:36 - 2014-01-03 11:36 - 00000027 _____ C:\windows\{_ini} 2014-01-03 11:36 - 2014-01-03 11:36 - 00000000 ____D C:\Users\steffen\Documents\schobuk 2014-01-03 09:53 - 2012-05-15 10:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\steffen\AppData\Local\Temp\avgnt.exe C:\Users\steffen\AppData\Local\Temp\BackupSetup.exe C:\Users\steffen\AppData\Local\Temp\detectionapi_rd.dll C:\Users\steffen\AppData\Local\Temp\directx9tests_rd.dll C:\Users\steffen\AppData\Local\Temp\DLG_shopping-toolbar_softonic_de-DE.exe C:\Users\steffen\AppData\Local\Temp\DseShExt-x86.dll C:\Users\steffen\AppData\Local\Temp\eauninstall.exe C:\Users\steffen\AppData\Local\Temp\ICReinstall_Setup.exe C:\Users\steffen\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe C:\Users\steffen\AppData\Local\Temp\iobwnedxjvdevl.exe C:\Users\steffen\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\steffen\AppData\Local\Temp\local.dll C:\Users\steffen\AppData\Local\Temp\mfc80.dll C:\Users\steffen\AppData\Local\Temp\mfc80u.dll C:\Users\steffen\AppData\Local\Temp\mfcm80.dll C:\Users\steffen\AppData\Local\Temp\mfcm80u.dll C:\Users\steffen\AppData\Local\Temp\msvcm80.dll C:\Users\steffen\AppData\Local\Temp\msvcp80.dll C:\Users\steffen\AppData\Local\Temp\msvcr80.dll C:\Users\steffen\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe C:\Users\steffen\AppData\Local\Temp\nsb634B.exe C:\Users\steffen\AppData\Local\Temp\nsbBB08.exe C:\Users\steffen\AppData\Local\Temp\nsdF99F.exe C:\Users\steffen\AppData\Local\Temp\nsg5563.exe C:\Users\steffen\AppData\Local\Temp\nsqD693.exe C:\Users\steffen\AppData\Local\Temp\nsqF33A.exe C:\Users\steffen\AppData\Local\Temp\nswD3E8.exe C:\Users\steffen\AppData\Local\Temp\Quarantine.exe C:\Users\steffen\AppData\Local\Temp\schobuk.exe C:\Users\steffen\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\steffen\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe C:\Users\steffen\AppData\Local\Temp\SPStub.exe C:\Users\steffen\AppData\Local\Temp\tbFree.dll C:\Users\steffen\AppData\Local\Temp\uninst1.exe C:\Users\steffen\AppData\Local\Temp\vcredist_x86.exe C:\Users\steffen\AppData\Local\Temp\VIS_DE-2013-12-13.exe C:\Users\steffen\AppData\Local\Temp\VIS_DE-2013-12-13[1].exe C:\Users\steffen\AppData\Local\Temp\_is777F.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-04 12:11 ==================== End Of Log ============================ --- --- --- |
20.01.2014, 14:00 | #6 |
/// TB-Ausbilder | Extended Protection 2.1 Bestehen noch Probleme? ESET Online Scanner
__________________ --> Extended Protection 2.1 |
20.01.2014, 15:16 | #7 |
| Extended Protection 2.1 das alt bekannte ist weg nur nun öffnen sich immer der browser mit dieser hxxp://ec2-54-242-41-25.compute-1.amazonaws.com/ oder hxxp://www.vuupc.com/expirednotice/index.html Seite zum beispiel... |
20.01.2014, 15:31 | #8 |
/// TB-Ausbilder | Extended Protection 2.1 Starte noch einmal FRST.
__________________ cheers, Leo |
20.01.2014, 15:37 | #9 |
| Extended Protection 2.1 FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014 03 Ran by steffen (administrator) on STEFFEN-PC on 20-01-2014 15:33:08 Running from C:\Users\steffen\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe (pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (DoctorSoft) C:\Program Files\AnyPC Client\APLangApp.exe () C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Facebook Inc.) C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\steffen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (ClickMeIn Limited) C:\Program Files\VuuPC\Connectivity.exe (ClickMeIn Limited) C:\Program Files\VuuPC\RemoteEngine.exe (ClickMeIn Limited) C:\Program Files\VuuPC\RemoteEngineHelper.exe (ClickMeIn Limited) C:\Program Files\VuuPC\RemoteEngineHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [13834856 2010-02-09] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8129056 2009-12-26] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated) HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2482176 2010-02-22] () HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [UpdatePDRShortCut] - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM\...\Run: [APLangApp] - C:\Program Files\AnyPC Client\APLangApp.exe [13312 2009-11-20] (DoctorSoft) HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [Logan_S2P] - C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe [253952 2007-06-11] () HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [552960 2009-03-09] () HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation) HKCU\...\Run: [Facebook Update] - C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-24] (Facebook Inc.) HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-15] (Garmin Ltd or its subsidiaries) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) MountPoints2: F - F:\LaunchU3.exe -a MountPoints2: {6dc14340-db68-11df-9657-00245489d605} - F:\LaunchU3.exe -a AppInit_DLLs: => File Not Found Startup: C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\steffen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: HKLM - (No Name) - {adca5064-9e30-43fe-9856-58b07a3149fe} - No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {F09C2463-3A11-4976-AF62-CB3D8067B60D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3322950&CUI=UN12248898314691135&UM=2 BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: No Name - {adca5064-9e30-43fe-9856-58b07a3149fe} - No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {ADCA5064-9E30-43FE-9856-58B07A3149FE} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\steffen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\searchplugins\freemiuma-customized-web-search.xml FF SearchPlugin: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Garmin Communicator - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-25] FF Extension: WEB.DE MailCheck - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\toolbar@web.de.xpi [2013-09-02] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-16] Chrome: ======= CHR Extension: (Google Wallet) - C:\Users\steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12] CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-12] CHR HKLM\...\Chrome\Extension: [dbgalemaidlifaeappogmgmgifhkfkee] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-12] CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-09-12] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG) R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-05-14] (Ellora Assets Corp.) R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-15] (Garmin Ltd or its subsidiaries) R2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2010-02-10] () R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) R2 RemoteEngineService; C:\Program Files\VuuPC\remoteengine.exe [2967568 2014-01-19] (ClickMeIn Limited) R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () R2 VuuPCConnectivity; C:\Program Files\VuuPC\Connectivity.exe [4747280 2014-01-19] (ClickMeIn Limited) ==================== Drivers (Whitelisted) ==================== R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [42416 2010-02-10] (ST Microelectronics) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG) R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.) S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2010-06-10] (Windows (R) 2003 DDK 3790 provider) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [14808 2009-11-02] () R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-20 10:58 - 2014-01-20 10:58 - 00001120 _____ C:\Users\steffen\Desktop\My VuuPC.lnk 2014-01-20 10:58 - 2014-01-20 10:58 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPC 2014-01-20 10:58 - 2014-01-20 10:58 - 00000000 ____D C:\Program Files\VuuPC 2014-01-20 10:54 - 2014-01-20 10:54 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-01-20 10:45 - 2014-01-20 10:50 - 00000000 ____D C:\AdwCleaner 2014-01-20 10:45 - 2014-01-20 10:45 - 01236282 _____ C:\Users\steffen\Downloads\adwcleaner.exe 2014-01-20 10:45 - 2014-01-20 10:45 - 01236282 _____ C:\Users\steffen\Downloads\adwcleaner(1).exe 2014-01-20 10:38 - 2012-07-25 12:03 - 00017136 _____ C:\windows\system32\sasnative32.exe 2014-01-20 10:37 - 2014-01-20 10:37 - 00000109 _____ C:\Users\steffen\AppData\Roaming\WB.CFG 2014-01-20 10:37 - 2014-01-20 10:37 - 00000005 _____ C:\Users\steffen\AppData\Roaming\WBPU-TTL.DAT 2014-01-20 10:36 - 2014-01-20 10:36 - 00680584 _____ ( ) C:\Users\steffen\Downloads\ZipExtractorSetup.exe 2014-01-20 10:36 - 2014-01-20 10:36 - 00000000 ____D C:\Users\steffen\AppData\Roaming\DigitalSites 2014-01-19 18:22 - 2014-01-19 18:23 - 00024904 _____ C:\Users\steffen\Downloads\Addition.txt 2014-01-19 18:21 - 2014-01-20 15:33 - 00017876 _____ C:\Users\steffen\Downloads\FRST.txt 2014-01-19 18:21 - 2014-01-19 18:21 - 00000000 ____D C:\FRST 2014-01-19 18:20 - 2014-01-19 18:21 - 01221120 _____ (Farbar) C:\Users\steffen\Downloads\FRST.exe 2014-01-19 18:19 - 2014-01-19 18:20 - 02076672 _____ (Farbar) C:\Users\steffen\Downloads\FRST64.exe 2014-01-19 11:41 - 2014-01-19 22:56 - 00000000 ____D C:\Users\steffen\Desktop\Gruppenarbeit Entfaltung 2014-01-19 11:40 - 2014-01-19 22:29 - 00000000 ____D C:\Users\steffen\Desktop\Musik-referat 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\OpenOffice 2014-01-18 16:04 - 2014-01-18 16:04 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk 2014-01-18 16:02 - 2014-01-18 16:14 - 00000000 ____D C:\Program Files\OpenOffice 4 2014-01-18 16:01 - 2014-01-18 16:02 - 00000000 ____D C:\Users\steffen\Desktop\OpenOffice 4.0.0 (en-US) Installation Files 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\AppData\Local\cache 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\.android 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 _____ C:\Users\steffen\daemonprocess.txt 2014-01-18 10:38 - 2014-01-18 10:38 - 00000000 ____D C:\Users\steffen\AppData\Local\CRE 2014-01-18 10:36 - 2014-01-18 11:25 - 00000000 ____D C:\Program Files\Sweet Home 3D 2014-01-18 10:35 - 2014-01-18 10:36 - 33746304 _____ (eTeks ) C:\Users\steffen\Desktop\SweetHome3D-4-2-windows-oc.exe 2014-01-15 21:53 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-01-15 21:53 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys 2014-01-15 21:53 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-01-10 12:00 - 2014-01-11 11:01 - 00000000 ____D C:\Users\steffen\Desktop\LI 2014-01-09 11:52 - 2014-01-20 10:49 - 00001037 _____ C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-01-09 10:49 - 2014-01-09 11:16 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 ____D C:\Users\steffen\AppData\Roaming\TuneUp Software 2014-01-09 10:45 - 2014-01-18 16:55 - 00000000 ____D C:\Users\steffen\AppData\Roaming\DVDVideoSoft 2014-01-03 23:08 - 2014-01-06 11:49 - 00000000 ____D C:\Users\steffen\Documents\Ahnenblatt 2014-01-03 23:08 - 2014-01-06 11:49 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Ahnenblatt 2014-01-03 22:27 - 2014-01-03 22:29 - 00000000 ____D C:\Users\steffen\Documents\MyHeritage 2014-01-03 22:26 - 2004-12-07 11:11 - 00258352 _____ (Microsoft Corporation) C:\windows\system32\unicows.dll 2014-01-03 22:25 - 2014-01-06 11:49 - 00000000 ____D C:\Program Files\MyHeritage 2014-01-03 13:10 - 2014-01-06 11:47 - 00000444 __RSH C:\Users\steffen\ntuser.pol 2014-01-03 13:10 - 2014-01-03 13:10 - 00001072 _____ C:\Users\Public\Desktop\Finale NotePad 2012.lnk 2014-01-03 13:09 - 2014-01-03 13:10 - 00000000 ____D C:\Program Files\Finale NotePad 2012 2014-01-03 13:07 - 2014-01-03 13:09 - 103516232 _____ (MakeMusic) C:\Users\steffen\Desktop\InstallFinaleNotePad2012.exe 2014-01-03 11:46 - 2014-01-03 11:47 - 00000000 ____D C:\Users\steffen\.lilypond-fonts.cache-2 2014-01-03 11:36 - 2014-01-03 11:36 - 00000027 _____ C:\windows\{_ini} 2014-01-03 11:36 - 2014-01-03 11:36 - 00000000 ____D C:\Users\steffen\Documents\schobuk ==================== One Month Modified Files and Folders ======= 2014-01-20 15:33 - 2014-01-19 18:21 - 00017876 _____ C:\Users\steffen\Downloads\FRST.txt 2014-01-20 15:23 - 2010-03-16 18:54 - 01793798 _____ C:\windows\WindowsUpdate.log 2014-01-20 13:59 - 2013-09-02 21:06 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Skype 2014-01-20 11:43 - 2013-08-03 20:45 - 00000000 ____D C:\Users\steffen\Desktop\JULE + JENS 2014-01-20 11:00 - 2009-07-14 05:34 - 00014752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-20 11:00 - 2009-07-14 05:34 - 00014752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-20 10:58 - 2014-01-20 10:58 - 00001120 _____ C:\Users\steffen\Desktop\My VuuPC.lnk 2014-01-20 10:58 - 2014-01-20 10:58 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPC 2014-01-20 10:58 - 2014-01-20 10:58 - 00000000 ____D C:\Program Files\VuuPC 2014-01-20 10:54 - 2014-01-20 10:54 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-01-20 10:54 - 2011-07-18 15:16 - 00000000 ___RD C:\Users\steffen\Dropbox 2014-01-20 10:54 - 2011-07-18 15:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Dropbox 2014-01-20 10:52 - 2013-06-10 17:03 - 00015875 _____ C:\windows\setupact.log 2014-01-20 10:52 - 2010-08-04 11:26 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-01-20 10:50 - 2014-01-20 10:45 - 00000000 ____D C:\AdwCleaner 2014-01-20 10:49 - 2014-01-09 11:52 - 00001037 _____ C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-01-20 10:49 - 2013-09-12 08:38 - 00001236 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-20 10:49 - 2010-08-04 17:09 - 00001007 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-01-20 10:49 - 2010-08-04 11:46 - 00001152 _____ C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-20 10:48 - 2010-08-12 20:32 - 00000000 ____D C:\ProgramData\ICQ 2014-01-20 10:45 - 2014-01-20 10:45 - 01236282 _____ C:\Users\steffen\Downloads\adwcleaner.exe 2014-01-20 10:45 - 2014-01-20 10:45 - 01236282 _____ C:\Users\steffen\Downloads\adwcleaner(1).exe 2014-01-20 10:37 - 2014-01-20 10:37 - 00000109 _____ C:\Users\steffen\AppData\Roaming\WB.CFG 2014-01-20 10:37 - 2014-01-20 10:37 - 00000005 _____ C:\Users\steffen\AppData\Roaming\WBPU-TTL.DAT 2014-01-20 10:36 - 2014-01-20 10:36 - 00680584 _____ ( ) C:\Users\steffen\Downloads\ZipExtractorSetup.exe 2014-01-20 10:36 - 2014-01-20 10:36 - 00000000 ____D C:\Users\steffen\AppData\Roaming\DigitalSites 2014-01-20 10:21 - 2009-07-26 21:06 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI 2014-01-19 22:56 - 2014-01-19 11:41 - 00000000 ____D C:\Users\steffen\Desktop\Gruppenarbeit Entfaltung 2014-01-19 22:29 - 2014-01-19 11:40 - 00000000 ____D C:\Users\steffen\Desktop\Musik-referat 2014-01-19 18:23 - 2014-01-19 18:22 - 00024904 _____ C:\Users\steffen\Downloads\Addition.txt 2014-01-19 18:21 - 2014-01-19 18:21 - 00000000 ____D C:\FRST 2014-01-19 18:21 - 2014-01-19 18:20 - 01221120 _____ (Farbar) C:\Users\steffen\Downloads\FRST.exe 2014-01-19 18:20 - 2014-01-19 18:19 - 02076672 _____ (Farbar) C:\Users\steffen\Downloads\FRST64.exe 2014-01-19 11:41 - 2013-12-12 11:34 - 00119296 ___SH C:\Users\steffen\Desktop\Thumbs.db 2014-01-19 11:24 - 2010-03-16 03:04 - 00787534 _____ C:\windows\PFRO.log 2014-01-19 11:24 - 2009-07-14 05:33 - 00478064 _____ C:\windows\system32\FNTCACHE.DAT 2014-01-18 16:55 - 2014-01-09 10:45 - 00000000 ____D C:\Users\steffen\AppData\Roaming\DVDVideoSoft 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\OpenOffice 2014-01-18 16:14 - 2014-01-18 16:02 - 00000000 ____D C:\Program Files\OpenOffice 4 2014-01-18 16:08 - 2010-08-04 11:36 - 00138224 _____ C:\Users\steffen\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-18 16:04 - 2014-01-18 16:04 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk 2014-01-18 16:02 - 2014-01-18 16:01 - 00000000 ____D C:\Users\steffen\Desktop\OpenOffice 4.0.0 (en-US) Installation Files 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\AppData\Local\cache 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\.android 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 _____ C:\Users\steffen\daemonprocess.txt 2014-01-18 11:25 - 2014-01-18 10:36 - 00000000 ____D C:\Program Files\Sweet Home 3D 2014-01-18 10:38 - 2014-01-18 10:38 - 00000000 ____D C:\Users\steffen\AppData\Local\CRE 2014-01-18 10:36 - 2014-01-18 10:35 - 33746304 _____ (eTeks ) C:\Users\steffen\Desktop\SweetHome3D-4-2-windows-oc.exe 2014-01-17 14:23 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\NDF 2014-01-17 13:55 - 2013-03-20 20:35 - 00000000 ____D C:\Users\steffen\Meins 2014-01-16 11:17 - 2013-05-13 10:35 - 00000000 ____D C:\Users\steffen\Desktop\Jens 2014-01-16 08:58 - 2011-07-18 15:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-15 22:22 - 2013-08-20 16:45 - 00000000 ____D C:\windows\system32\MRT 2014-01-15 22:20 - 2010-10-21 12:35 - 83425928 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-01-11 11:01 - 2014-01-10 12:00 - 00000000 ____D C:\Users\steffen\Desktop\LI 2014-01-09 11:16 - 2014-01-09 10:49 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 ____D C:\Users\steffen\AppData\Roaming\TuneUp Software 2014-01-09 10:47 - 2011-02-04 19:04 - 00000000 ____D C:\Program Files\Freemake 2014-01-09 10:46 - 2011-02-04 18:17 - 00000000 ____D C:\Users\steffen\Documents\DVDVideoSoft 2014-01-06 21:49 - 2010-12-02 09:01 - 00132216 _____ C:\Users\steffen\AppData\Roaming\GDIPFONTCACHEV1.DAT 2014-01-06 11:49 - 2014-01-03 23:08 - 00000000 ____D C:\Users\steffen\Documents\Ahnenblatt 2014-01-06 11:49 - 2014-01-03 23:08 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Ahnenblatt 2014-01-06 11:49 - 2014-01-03 22:25 - 00000000 ____D C:\Program Files\MyHeritage 2014-01-06 11:47 - 2014-01-03 13:10 - 00000444 __RSH C:\Users\steffen\ntuser.pol 2014-01-03 22:29 - 2014-01-03 22:27 - 00000000 ____D C:\Users\steffen\Documents\MyHeritage 2014-01-03 13:10 - 2014-01-03 13:10 - 00001072 _____ C:\Users\Public\Desktop\Finale NotePad 2012.lnk 2014-01-03 13:10 - 2014-01-03 13:09 - 00000000 ____D C:\Program Files\Finale NotePad 2012 2014-01-03 13:10 - 2009-07-14 03:37 - 00000000 ___HD C:\windows\system32\GroupPolicy 2014-01-03 13:09 - 2014-01-03 13:07 - 103516232 _____ (MakeMusic) C:\Users\steffen\Desktop\InstallFinaleNotePad2012.exe 2014-01-03 11:47 - 2014-01-03 11:46 - 00000000 ____D C:\Users\steffen\.lilypond-fonts.cache-2 2014-01-03 11:38 - 2009-07-14 05:52 - 00000000 ____D C:\windows\system32\FxsTmp 2014-01-03 11:36 - 2014-01-03 11:36 - 00000027 _____ C:\windows\{_ini} 2014-01-03 11:36 - 2014-01-03 11:36 - 00000000 ____D C:\Users\steffen\Documents\schobuk 2014-01-03 09:53 - 2012-05-15 10:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\steffen\AppData\Local\Temp\avgnt.exe C:\Users\steffen\AppData\Local\Temp\BackupSetup.exe C:\Users\steffen\AppData\Local\Temp\detectionapi_rd.dll C:\Users\steffen\AppData\Local\Temp\directx9tests_rd.dll C:\Users\steffen\AppData\Local\Temp\DLG_shopping-toolbar_softonic_de-DE.exe C:\Users\steffen\AppData\Local\Temp\DseShExt-x86.dll C:\Users\steffen\AppData\Local\Temp\eauninstall.exe C:\Users\steffen\AppData\Local\Temp\ICReinstall_Setup.exe C:\Users\steffen\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe C:\Users\steffen\AppData\Local\Temp\iobwnedxjvdevl.exe C:\Users\steffen\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\steffen\AppData\Local\Temp\local.dll C:\Users\steffen\AppData\Local\Temp\mfc80.dll C:\Users\steffen\AppData\Local\Temp\mfc80u.dll C:\Users\steffen\AppData\Local\Temp\mfcm80.dll C:\Users\steffen\AppData\Local\Temp\mfcm80u.dll C:\Users\steffen\AppData\Local\Temp\msvcm80.dll C:\Users\steffen\AppData\Local\Temp\msvcp80.dll C:\Users\steffen\AppData\Local\Temp\msvcr80.dll C:\Users\steffen\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe C:\Users\steffen\AppData\Local\Temp\nsb634B.exe C:\Users\steffen\AppData\Local\Temp\nsbBB08.exe C:\Users\steffen\AppData\Local\Temp\nsdF99F.exe C:\Users\steffen\AppData\Local\Temp\nsg5563.exe C:\Users\steffen\AppData\Local\Temp\nsqD693.exe C:\Users\steffen\AppData\Local\Temp\nsqF33A.exe C:\Users\steffen\AppData\Local\Temp\nswD3E8.exe C:\Users\steffen\AppData\Local\Temp\Quarantine.exe C:\Users\steffen\AppData\Local\Temp\schobuk.exe C:\Users\steffen\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\steffen\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe C:\Users\steffen\AppData\Local\Temp\SPStub.exe C:\Users\steffen\AppData\Local\Temp\tbFree.dll C:\Users\steffen\AppData\Local\Temp\uninst1.exe C:\Users\steffen\AppData\Local\Temp\vcredist_x86.exe C:\Users\steffen\AppData\Local\Temp\VIS_DE-2013-12-13.exe C:\Users\steffen\AppData\Local\Temp\VIS_DE-2013-12-13[1].exe C:\Users\steffen\AppData\Local\Temp\_is777F.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-04 12:11 ==================== End Of Log ============================ --- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2014 03 Ran by steffen at 2014-01-20 15:34:35 Running from C:\Users\steffen\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Accelerometer (Version: 1.06.08.45 - STMicroelectronics) Adobe Flash Player 10 ActiveX (Version: 10.0.42.34 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03 - Adobe Systems Incorporated) AnyPC Client (Version: 1.0.0.25 - Doctorsoft) Apple Application Support (Version: 2.3.4 - Apple Inc.) Apple Software Update (Version: 2.1.3.127 - Apple Inc.) Atheros Client Installation Program (Version: 1.0.2.1119 - Atheros) Avira Free Antivirus (Version: 14.0.2.286 - Avira) BatteryLifeExtender (Version: 1.0.1 - Samsung) Brother MFL-Pro Suite MFC-5890CN (Version: 1.0.1.0 - Brother Industries, Ltd.) ChargeableUSB (Version: 1.0.0.0 - SAMSUNG) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink DVD Suite (Version: 6.0.2806 - CyberLink Corp.) CyberLink DVD Suite (Version: 6.0.2806 - CyberLink Corp.) Hidden CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) Hidden CyberLink Power2Go (Version: 6.0.3108a - CyberLink Corp.) CyberLink Power2Go (Version: 6.0.3108a - CyberLink Corp.) Hidden CyberLink PowerDirector (Version: 7.0.3213 - CyberLink Corp.) CyberLink PowerDirector (Version: 7.0.3213 - CyberLink Corp.) Hidden CyberLink PowerDVD 8 (Version: 8.0.2815b - CyberLink Corp.) CyberLink PowerDVD 8 (Version: 8.0.2815b - CyberLink Corp.) Hidden CyberLink PowerProducer (Version: 5.0.1.1812 - CyberLink Corp.) CyberLink PowerProducer (Version: 5.0.1.1812 - CyberLink Corp.) Hidden CyberLink YouCam (Version: 2.0.3707 - CyberLink Corp.) CyberLink YouCam (Version: 2.0.3707 - CyberLink Corp.) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden dm-Fotowelt (Version: 5.1.2 - CEWE COLOR AG u Co. OHG) Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.) Easy Display Manager (Version: 3.1 - Samsung Electronics Co., Ltd.) Easy Network Manager (Version: 4.2.8 - Samsung) Easy SpeedUp Manager (Version: 3.0.0.6 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (Version: 4.0.0.3 - Samsung) Elevated Installer (Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden f4 2012 (Version: - audiotranskription.de) Facebook Video Calling 2.0.0.447 (Version: 2.0.447 - Skype Limited) Finale NotePad 2012 (Version: 2012..r1.1 - MakeMusic) Foxtab (Version: - FoxTab) <==== ATTENTION FreeMake Toolbar (Version: 6.8.9.0 - FreeMake) Freemake Video Downloader (Version: 3.5.1 - Ellora Assets Corporation) Garmin Express (Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden Garmin Update Service (Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (Version: 32.0.1700.76 - Google Inc.) Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden ICQ7.6 (Version: 7.6 - ICQ) Intel PROSet Wireless (Version: - ) Hidden Intel(R) PROSet/Wireless WiFi Software (Version: 13.01.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 9.5.4.1001 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (Version: 01.01.01.1007 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor (Version: 1.0.186.6 - Intel) Java 7 Update 45 (Version: 7.0.450 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Korean Fonts Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated) LSI HDA Modem (Version: 2.2.97 - LSI Corporation) Marvell Miniport Driver (Version: 11.22.3.3 - Marvell) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (Version: 12.0.6423.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (Version: 2.9 - Microsoft Corporation) Microsoft Office XP Professional mit FrontPage (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server Native Client (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (Version: 26.0 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Drivers (Version: 1.10 - NVIDIA Corporation) OpenOffice 4.0.0 (Version: 4.00.9702 - Apache Software Foundation) PaperPort Image Printer (Version: 1.00.0000 - Nuance Communications, Inc.) PDF Architect (Version: 1.0.52.8917 - pdfforge) PDF24 Creator 5.7.0 (Version: - PDF24.org) PDFCreator (Version: 1.6.2 - pdfforge) PerfectTablePlan 5.1.1 (Version: - Oryx Digital Ltd) QuickTime (Version: 7.74.80.86 - Apple Inc.) Readiris Pro 10 (Version: - ) Realtek High Definition Audio Driver (Version: 6.0.1.6013 - Realtek Semiconductor Corp.) Samsung Recovery Solution 4 (Version: 4.0.0.6 - Samsung) Samsung SCX-4500 Series (Version: - Samsung Electronics CO.,LTD) Samsung Support Center (Version: 1.1.0 - Samsung) Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., Ltd.) ScanSoft PaperPort 11 (Version: 11.2.0000 - Nuance Communications, Inc.) Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.) SmarThru 4 (Version: - ) Synaptics Pointing Device Driver (Version: 14.0.10.0 - Synaptics Incorporated) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.3042.00 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Zip Extractor (HKCU Version: - Update for Zip Extractor) <==== ATTENTION User Guide (Version: 1.0 - ) VLC media player 1.1.11 (Version: 1.1.11 - VideoLAN) VuuPC, You're Always a Click Away! (Version: 1.0.0.265 - VuuPC Limited) WIDCOMM Bluetooth Software (Version: 6.2.1.800 - Broadcom Corporation) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Sync (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden WinPcap 4.1.2 (Version: 4.1.0.2001 - CACE Technologies) WinRAR (Version: - ) ==================== Restore Points ========================= 09-01-2014 10:50:08 TuneUp Utilities 2014 wird entfernt 09-01-2014 10:51:49 TuneUp Utilities 2014 (de-DE) wird entfernt 15-01-2014 21:20:02 Windows Update 18-01-2014 14:58:09 Uniblue SpeedUpMyPC installation 18-01-2014 15:02:29 Installed OpenOffice 4.0.0 20-01-2014 09:43:41 RegClean Pro Mo, Jan 20, 14 10:43 ==================== Hosts content: ========================== 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1379FE3F-3A28-471E-A420-4BBEFA912DF4} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] () Task: {1D995AB7-A868-46D6-B50A-F678CD63D5BD} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.) Task: {326A118E-3AB9-4E19-A6AB-0A09EA2CDCD3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2096383324-2889373705-592675725-1000Core => C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-24] (Facebook Inc.) Task: {436946A4-8016-4CCF-A9D0-B121190C28F6} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {45A8B007-B1CC-4157-84B1-CA0047D07A90} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-12-14] (SAMSUNG Electronics) Task: {5150384C-4986-4253-AF59-E5ADEBD8A293} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-03-05] (Samsung Electronics Co., Ltd.) Task: {56341EF7-7330-46B6-A1EA-5A1A593630EC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2096383324-2889373705-592675725-1000UA => C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-24] (Facebook Inc.) Task: {5ECEBFCF-DB4E-49FA-B5BE-97C2342E335D} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.) Task: {80F05905-E34E-47E4-9393-95B8E9626536} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-11-11] (Samsung Electronics Co., Ltd.) Task: {94F4355D-9C5F-4245-ACB0-7F50F606F001} - System32\Tasks\APSchedulerC => C:\Program Files\AnyPC Client\APLanMgrC.exe [2009-11-20] (DoctorSoft) Task: {C8488655-83F7-4B5C-87D3-B9AC1CF3C90E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-13] (Adobe Systems Incorporated) Task: {D1D7C3E2-BA2F-4B5D-9A71-2521A563B035} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2096383324-2889373705-592675725-1000Core.job => C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2096383324-2889373705-592675725-1000UA.job => C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cef0f5cccf2e3e.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-06-03 12:59 - 2009-06-03 12:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll 2009-06-03 12:59 - 2009-06-03 12:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll 2010-08-04 21:17 - 2007-01-09 11:29 - 00184320 _____ () C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\IMFilter.dll 2010-08-04 21:17 - 2007-01-09 11:30 - 01384520 _____ () C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\ssole.dll 2011-01-05 10:57 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\steffen\AppData\Roaming\Dropbox\bin\libcef.dll 2014-01-16 08:27 - 2014-01-11 11:28 - 00715544 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\libglesv2.dll 2014-01-16 08:27 - 2014-01-11 11:28 - 00100120 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\libegl.dll 2014-01-16 08:27 - 2014-01-11 11:29 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll 2014-01-16 08:27 - 2014-01-11 11:29 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll 2014-01-16 08:27 - 2014-01-11 11:28 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll 2014-01-16 08:27 - 2014-01-11 11:29 - 13615896 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== Faulty Device Manager Devices ============= Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/20/2014 01:39:14 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/20 13:39:14.649]: [00002144]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/20/2014 10:43:37 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {dc672767-a0f2-4656-b2b7-2344b24b0abb} Error: (01/19/2014 08:02:57 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 20:02:57.464]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/19/2014 08:01:48 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 20:01:48.436]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/19/2014 06:25:14 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 18:25:14.460]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/19/2014 06:18:07 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 18:18:07.601]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/19/2014 06:15:01 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 18:15:01.613]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/19/2014 05:45:25 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 17:45:25.160]: [00002160]: GetDeviceIpAddress: GetAddressByName [BRN001BA95A3E1B] Error Error: (01/18/2014 03:58:01 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {f4a53f49-fec7-4cf0-a3cf-9246e37b604b} Error: (01/18/2014 03:48:41 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/18 15:48:41.676]: [00002184]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] System errors: ============= Error: (01/20/2014 10:55:22 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht. Error: (01/20/2014 10:53:23 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (01/20/2014 10:52:45 AM) (Source: Service Control Manager) (User: ) Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/20/2014 10:52:04 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (01/20/2014 09:07:13 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Bluetooth-Unterstützungsdienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/20/2014 09:07:13 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth-Unterstützungsdienst erreicht. Error: (01/20/2014 09:06:43 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (01/20/2014 09:06:42 AM) (Source: DCOM) (User: ) Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (01/20/2014 09:06:42 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/20/2014 09:06:42 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Microsoft Office Sessions: ========================= Error: (01/20/2014 01:39:14 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/20 13:39:14.649]: [00002144]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/20/2014 10:43:37 AM) (Source: VSS)(User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {dc672767-a0f2-4656-b2b7-2344b24b0abb} Error: (01/19/2014 08:02:57 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 20:02:57.464]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/19/2014 08:01:48 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 20:01:48.436]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/19/2014 06:25:14 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 18:25:14.460]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/19/2014 06:18:07 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 18:18:07.601]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/19/2014 06:15:01 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 18:15:01.613]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/19/2014 05:45:25 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 17:45:25.160]: [00002160]: GetDeviceIpAddress: GetAddressByName [BRN001BA95A3E1B] Error Error: (01/18/2014 03:58:01 PM) (Source: VSS)(User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {f4a53f49-fec7-4cf0-a3cf-9246e37b604b} Error: (01/18/2014 03:48:41 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/18 15:48:41.676]: [00002184]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] ==================== Memory info =========================== Percentage of memory in use: 66% Total physical RAM: 3060.45 MB Available physical RAM: 1029.75 MB Total Pagefile: 6119.2 MB Available Pagefile: 3038.51 MB Total Virtual: 2047.88 MB Available Virtual: 1911.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:141.49 GB) (Free:20.96 GB) NTFS Drive d: () (Fixed) (Total:141.5 GB) (Free:70.79 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 97265681) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=141 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2014 03 Ran by steffen at 2014-01-20 15:34:35 Running from C:\Users\steffen\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Accelerometer (Version: 1.06.08.45 - STMicroelectronics) Adobe Flash Player 10 ActiveX (Version: 10.0.42.34 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03 - Adobe Systems Incorporated) AnyPC Client (Version: 1.0.0.25 - Doctorsoft) Apple Application Support (Version: 2.3.4 - Apple Inc.) Apple Software Update (Version: 2.1.3.127 - Apple Inc.) Atheros Client Installation Program (Version: 1.0.2.1119 - Atheros) Avira Free Antivirus (Version: 14.0.2.286 - Avira) BatteryLifeExtender (Version: 1.0.1 - Samsung) Brother MFL-Pro Suite MFC-5890CN (Version: 1.0.1.0 - Brother Industries, Ltd.) ChargeableUSB (Version: 1.0.0.0 - SAMSUNG) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink DVD Suite (Version: 6.0.2806 - CyberLink Corp.) CyberLink DVD Suite (Version: 6.0.2806 - CyberLink Corp.) Hidden CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) Hidden CyberLink Power2Go (Version: 6.0.3108a - CyberLink Corp.) CyberLink Power2Go (Version: 6.0.3108a - CyberLink Corp.) Hidden CyberLink PowerDirector (Version: 7.0.3213 - CyberLink Corp.) CyberLink PowerDirector (Version: 7.0.3213 - CyberLink Corp.) Hidden CyberLink PowerDVD 8 (Version: 8.0.2815b - CyberLink Corp.) CyberLink PowerDVD 8 (Version: 8.0.2815b - CyberLink Corp.) Hidden CyberLink PowerProducer (Version: 5.0.1.1812 - CyberLink Corp.) CyberLink PowerProducer (Version: 5.0.1.1812 - CyberLink Corp.) Hidden CyberLink YouCam (Version: 2.0.3707 - CyberLink Corp.) CyberLink YouCam (Version: 2.0.3707 - CyberLink Corp.) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden dm-Fotowelt (Version: 5.1.2 - CEWE COLOR AG u Co. OHG) Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.) Easy Display Manager (Version: 3.1 - Samsung Electronics Co., Ltd.) Easy Network Manager (Version: 4.2.8 - Samsung) Easy SpeedUp Manager (Version: 3.0.0.6 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (Version: 4.0.0.3 - Samsung) Elevated Installer (Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden f4 2012 (Version: - audiotranskription.de) Facebook Video Calling 2.0.0.447 (Version: 2.0.447 - Skype Limited) Finale NotePad 2012 (Version: 2012..r1.1 - MakeMusic) Foxtab (Version: - FoxTab) <==== ATTENTION FreeMake Toolbar (Version: 6.8.9.0 - FreeMake) Freemake Video Downloader (Version: 3.5.1 - Ellora Assets Corporation) Garmin Express (Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden Garmin Update Service (Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (Version: 32.0.1700.76 - Google Inc.) Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden ICQ7.6 (Version: 7.6 - ICQ) Intel PROSet Wireless (Version: - ) Hidden Intel(R) PROSet/Wireless WiFi Software (Version: 13.01.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 9.5.4.1001 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (Version: 01.01.01.1007 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor (Version: 1.0.186.6 - Intel) Java 7 Update 45 (Version: 7.0.450 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Korean Fonts Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated) LSI HDA Modem (Version: 2.2.97 - LSI Corporation) Marvell Miniport Driver (Version: 11.22.3.3 - Marvell) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (Version: 12.0.6423.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (Version: 2.9 - Microsoft Corporation) Microsoft Office XP Professional mit FrontPage (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server Native Client (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (Version: 26.0 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Drivers (Version: 1.10 - NVIDIA Corporation) OpenOffice 4.0.0 (Version: 4.00.9702 - Apache Software Foundation) PaperPort Image Printer (Version: 1.00.0000 - Nuance Communications, Inc.) PDF Architect (Version: 1.0.52.8917 - pdfforge) PDF24 Creator 5.7.0 (Version: - PDF24.org) PDFCreator (Version: 1.6.2 - pdfforge) PerfectTablePlan 5.1.1 (Version: - Oryx Digital Ltd) QuickTime (Version: 7.74.80.86 - Apple Inc.) Readiris Pro 10 (Version: - ) Realtek High Definition Audio Driver (Version: 6.0.1.6013 - Realtek Semiconductor Corp.) Samsung Recovery Solution 4 (Version: 4.0.0.6 - Samsung) Samsung SCX-4500 Series (Version: - Samsung Electronics CO.,LTD) Samsung Support Center (Version: 1.1.0 - Samsung) Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., Ltd.) ScanSoft PaperPort 11 (Version: 11.2.0000 - Nuance Communications, Inc.) Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.) SmarThru 4 (Version: - ) Synaptics Pointing Device Driver (Version: 14.0.10.0 - Synaptics Incorporated) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.3042.00 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Zip Extractor (HKCU Version: - Update for Zip Extractor) <==== ATTENTION User Guide (Version: 1.0 - ) VLC media player 1.1.11 (Version: 1.1.11 - VideoLAN) VuuPC, You're Always a Click Away! (Version: 1.0.0.265 - VuuPC Limited) WIDCOMM Bluetooth Software (Version: 6.2.1.800 - Broadcom Corporation) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Sync (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden WinPcap 4.1.2 (Version: 4.1.0.2001 - CACE Technologies) WinRAR (Version: - ) ==================== Restore Points ========================= 09-01-2014 10:50:08 TuneUp Utilities 2014 wird entfernt 09-01-2014 10:51:49 TuneUp Utilities 2014 (de-DE) wird entfernt 15-01-2014 21:20:02 Windows Update 18-01-2014 14:58:09 Uniblue SpeedUpMyPC installation 18-01-2014 15:02:29 Installed OpenOffice 4.0.0 20-01-2014 09:43:41 RegClean Pro Mo, Jan 20, 14 10:43 ==================== Hosts content: ========================== 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1379FE3F-3A28-471E-A420-4BBEFA912DF4} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] () Task: {1D995AB7-A868-46D6-B50A-F678CD63D5BD} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.) Task: {326A118E-3AB9-4E19-A6AB-0A09EA2CDCD3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2096383324-2889373705-592675725-1000Core => C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-24] (Facebook Inc.) Task: {436946A4-8016-4CCF-A9D0-B121190C28F6} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {45A8B007-B1CC-4157-84B1-CA0047D07A90} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-12-14] (SAMSUNG Electronics) Task: {5150384C-4986-4253-AF59-E5ADEBD8A293} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-03-05] (Samsung Electronics Co., Ltd.) Task: {56341EF7-7330-46B6-A1EA-5A1A593630EC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2096383324-2889373705-592675725-1000UA => C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-24] (Facebook Inc.) Task: {5ECEBFCF-DB4E-49FA-B5BE-97C2342E335D} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.) Task: {80F05905-E34E-47E4-9393-95B8E9626536} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-11-11] (Samsung Electronics Co., Ltd.) Task: {94F4355D-9C5F-4245-ACB0-7F50F606F001} - System32\Tasks\APSchedulerC => C:\Program Files\AnyPC Client\APLanMgrC.exe [2009-11-20] (DoctorSoft) Task: {C8488655-83F7-4B5C-87D3-B9AC1CF3C90E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-13] (Adobe Systems Incorporated) Task: {D1D7C3E2-BA2F-4B5D-9A71-2521A563B035} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2096383324-2889373705-592675725-1000Core.job => C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2096383324-2889373705-592675725-1000UA.job => C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cef0f5cccf2e3e.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-06-03 12:59 - 2009-06-03 12:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll 2009-06-03 12:59 - 2009-06-03 12:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll 2010-08-04 21:17 - 2007-01-09 11:29 - 00184320 _____ () C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\IMFilter.dll 2010-08-04 21:17 - 2007-01-09 11:30 - 01384520 _____ () C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\ssole.dll 2011-01-05 10:57 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\steffen\AppData\Roaming\Dropbox\bin\libcef.dll 2014-01-16 08:27 - 2014-01-11 11:28 - 00715544 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\libglesv2.dll 2014-01-16 08:27 - 2014-01-11 11:28 - 00100120 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\libegl.dll 2014-01-16 08:27 - 2014-01-11 11:29 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll 2014-01-16 08:27 - 2014-01-11 11:29 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll 2014-01-16 08:27 - 2014-01-11 11:28 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll 2014-01-16 08:27 - 2014-01-11 11:29 - 13615896 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== Faulty Device Manager Devices ============= Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/20/2014 01:39:14 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/20 13:39:14.649]: [00002144]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/20/2014 10:43:37 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {dc672767-a0f2-4656-b2b7-2344b24b0abb} Error: (01/19/2014 08:02:57 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 20:02:57.464]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/19/2014 08:01:48 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 20:01:48.436]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/19/2014 06:25:14 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 18:25:14.460]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/19/2014 06:18:07 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 18:18:07.601]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/19/2014 06:15:01 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 18:15:01.613]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/19/2014 05:45:25 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/19 17:45:25.160]: [00002160]: GetDeviceIpAddress: GetAddressByName [BRN001BA95A3E1B] Error Error: (01/18/2014 03:58:01 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {f4a53f49-fec7-4cf0-a3cf-9246e37b604b} Error: (01/18/2014 03:48:41 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2014/01/18 15:48:41.676]: [00002184]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] System errors: ============= Error: (01/20/2014 10:55:22 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht. Error: (01/20/2014 10:53:23 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (01/20/2014 10:52:45 AM) (Source: Service Control Manager) (User: ) Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/20/2014 10:52:04 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (01/20/2014 09:07:13 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Bluetooth-Unterstützungsdienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/20/2014 09:07:13 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth-Unterstützungsdienst erreicht. Error: (01/20/2014 09:06:43 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (01/20/2014 09:06:42 AM) (Source: DCOM) (User: ) Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (01/20/2014 09:06:42 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/20/2014 09:06:42 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Microsoft Office Sessions: ========================= Error: (01/20/2014 01:39:14 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/20 13:39:14.649]: [00002144]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/20/2014 10:43:37 AM) (Source: VSS)(User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {dc672767-a0f2-4656-b2b7-2344b24b0abb} Error: (01/19/2014 08:02:57 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 20:02:57.464]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/19/2014 08:01:48 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 20:01:48.436]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/19/2014 06:25:14 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 18:25:14.460]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/19/2014 06:18:07 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 18:18:07.601]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error: (01/19/2014 06:15:01 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 18:15:01.613]: [00002160]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] Error: (01/19/2014 05:45:25 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/19 17:45:25.160]: [00002160]: GetDeviceIpAddress: GetAddressByName [BRN001BA95A3E1B] Error Error: (01/18/2014 03:58:01 PM) (Source: VSS)(User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {f4a53f49-fec7-4cf0-a3cf-9246e37b604b} Error: (01/18/2014 03:48:41 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2014/01/18 15:48:41.676]: [00002184]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.20] ==================== Memory info =========================== Percentage of memory in use: 66% Total physical RAM: 3060.45 MB Available physical RAM: 1029.75 MB Total Pagefile: 6119.2 MB Available Pagefile: 3038.51 MB Total Virtual: 2047.88 MB Available Virtual: 1911.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:141.49 GB) (Free:20.96 GB) NTFS Drive d: () (Fixed) (Total:141.5 GB) (Free:70.79 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 97265681) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=141 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
20.01.2014, 15:51 | #10 |
/// TB-Ausbilder | Extended Protection 2.1 Schritt 1
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
20.01.2014, 19:34 | #11 |
| Extended Protection 2.1 AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 20/01/2014 um 18:40:30 # Aktualisiert 12/01/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzername : steffen - STEFFEN-PC # Gestartet von : C:\Users\steffen\Downloads\adwcleaner (1).exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (de) [ Datei : C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\prefs.js ] -\\ Google Chrome v32.0.1700.76 [ Datei : C:\Users\steffen\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [63536 octets] - [20/01/2014 10:45:57] AdwCleaner[R1].txt - [1286 octets] - [20/01/2014 18:39:47] AdwCleaner[S0].txt - [59284 octets] - [20/01/2014 10:48:40] AdwCleaner[S1].txt - [1207 octets] - [20/01/2014 18:40:30] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1267 octets] ########## FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014 03 Ran by steffen (administrator) on STEFFEN-PC on 20-01-2014 19:33:04 Running from C:\Users\steffen\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe () C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe (pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (DoctorSoft) C:\Program Files\AnyPC Client\APLangApp.exe () C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Facebook Inc.) C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\steffen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - C:\windows\system32\NvCpl.dll [13834856 2010-02-09] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8129056 2009-12-26] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated) HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2482176 2010-02-22] () HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [UpdatePDRShortCut] - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM\...\Run: [APLangApp] - C:\Program Files\AnyPC Client\APLangApp.exe [13312 2009-11-20] (DoctorSoft) HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [Logan_S2P] - C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe [253952 2007-06-11] () HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [552960 2009-03-09] () HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation) HKCU\...\Run: [Facebook Update] - C:\Users\steffen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-24] (Facebook Inc.) HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-15] (Garmin Ltd or its subsidiaries) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) MountPoints2: F - F:\LaunchU3.exe -a MountPoints2: {6dc14340-db68-11df-9657-00245489d605} - F:\LaunchU3.exe -a AppInit_DLLs: => File Not Found Startup: C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\steffen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: HKLM - (No Name) - {adca5064-9e30-43fe-9856-58b07a3149fe} - No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {F09C2463-3A11-4976-AF62-CB3D8067B60D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3322950&CUI=UN12248898314691135&UM=2 BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: No Name - {adca5064-9e30-43fe-9856-58b07a3149fe} - No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {ADCA5064-9E30-43FE-9856-58B07A3149FE} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\steffen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\searchplugins\freemiuma-customized-web-search.xml FF SearchPlugin: C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Garmin Communicator - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-25] FF Extension: WEB.DE MailCheck - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\toolbar@web.de.xpi [2013-09-02] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\steffen\AppData\Roaming\Mozilla\Firefox\Profiles\9aitxy85.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-16] Chrome: ======= CHR Extension: (Google Wallet) - C:\Users\steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12] CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-12] CHR HKLM\...\Chrome\Extension: [dbgalemaidlifaeappogmgmgifhkfkee] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-12] CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-09-12] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG) R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-05-14] (Ellora Assets Corp.) R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-15] (Garmin Ltd or its subsidiaries) R2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2010-02-10] () R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () ==================== Drivers (Whitelisted) ==================== R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [42416 2010-02-10] (ST Microelectronics) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG) R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.) S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2010-06-10] (Windows (R) 2003 DDK 3790 provider) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [14808 2009-11-02] () R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-20 18:39 - 2014-01-20 18:39 - 01236282 _____ C:\Users\steffen\Downloads\adwcleaner (1).exe 2014-01-20 17:09 - 2014-01-20 17:09 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FORTE 2014-01-20 17:08 - 2014-01-20 17:08 - 00000000 ____D C:\Program Files\FORTE 2014-01-20 17:08 - 2008-12-11 16:15 - 00155648 _____ (Viscom Software www.viscomsoft.com) C:\windows\system32\AudioCapture.ocx 2014-01-20 17:08 - 2008-12-08 00:19 - 00155648 _____ (Viscom Software www.viscomsoft.com) C:\windows\system32\viscomwaveform.dll 2014-01-20 17:08 - 2004-08-04 07:00 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\msxml.DLL 2014-01-20 17:08 - 2004-08-04 07:00 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\msxmlr.DLL 2014-01-20 17:08 - 2004-02-07 23:53 - 00856064 _____ (Essien Research & Development) C:\windows\system32\mpgfiltr.ax 2014-01-20 17:08 - 2003-08-19 19:31 - 00081920 _____ (Viscom Software) C:\windows\system32\viscomwave.dll 2014-01-20 17:08 - 2003-02-21 09:42 - 00348160 _____ (Microsoft Corporation) C:\windows\system32\MSVCR71.DLL 2014-01-20 17:06 - 2014-01-20 17:07 - 32229544 _____ C:\Users\steffen\Downloads\Setup_FORTE5Free_de.exe 2014-01-20 10:54 - 2014-01-20 10:54 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-01-20 10:45 - 2014-01-20 18:40 - 00000000 ____D C:\AdwCleaner 2014-01-20 10:45 - 2014-01-20 10:45 - 01236282 _____ C:\Users\steffen\Downloads\adwcleaner.exe 2014-01-20 10:45 - 2014-01-20 10:45 - 01236282 _____ C:\Users\steffen\Downloads\adwcleaner(1).exe 2014-01-20 10:38 - 2012-07-25 12:03 - 00017136 _____ C:\windows\system32\sasnative32.exe 2014-01-20 10:37 - 2014-01-20 10:37 - 00000109 _____ C:\Users\steffen\AppData\Roaming\WB.CFG 2014-01-20 10:37 - 2014-01-20 10:37 - 00000005 _____ C:\Users\steffen\AppData\Roaming\WBPU-TTL.DAT 2014-01-20 10:36 - 2014-01-20 10:36 - 00680584 _____ ( ) C:\Users\steffen\Downloads\ZipExtractorSetup.exe 2014-01-20 10:36 - 2014-01-20 10:36 - 00000000 ____D C:\Users\steffen\AppData\Roaming\DigitalSites 2014-01-19 18:22 - 2014-01-20 15:35 - 00024855 _____ C:\Users\steffen\Downloads\Addition.txt 2014-01-19 18:21 - 2014-01-20 19:33 - 00017493 _____ C:\Users\steffen\Downloads\FRST.txt 2014-01-19 18:21 - 2014-01-19 18:21 - 00000000 ____D C:\FRST 2014-01-19 18:20 - 2014-01-19 18:21 - 01221120 _____ (Farbar) C:\Users\steffen\Downloads\FRST.exe 2014-01-19 18:19 - 2014-01-19 18:20 - 02076672 _____ (Farbar) C:\Users\steffen\Downloads\FRST64.exe 2014-01-19 11:41 - 2014-01-19 22:56 - 00000000 ____D C:\Users\steffen\Desktop\Gruppenarbeit Entfaltung 2014-01-19 11:40 - 2014-01-19 22:29 - 00000000 ____D C:\Users\steffen\Desktop\Musik-referat 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\OpenOffice 2014-01-18 16:04 - 2014-01-18 16:04 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk 2014-01-18 16:02 - 2014-01-18 16:14 - 00000000 ____D C:\Program Files\OpenOffice 4 2014-01-18 16:01 - 2014-01-18 16:02 - 00000000 ____D C:\Users\steffen\Desktop\OpenOffice 4.0.0 (en-US) Installation Files 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\AppData\Local\cache 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\.android 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 _____ C:\Users\steffen\daemonprocess.txt 2014-01-18 10:38 - 2014-01-18 10:38 - 00000000 ____D C:\Users\steffen\AppData\Local\CRE 2014-01-18 10:36 - 2014-01-18 11:25 - 00000000 ____D C:\Program Files\Sweet Home 3D 2014-01-18 10:35 - 2014-01-18 10:36 - 33746304 _____ (eTeks ) C:\Users\steffen\Desktop\SweetHome3D-4-2-windows-oc.exe 2014-01-15 21:53 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-01-15 21:53 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-01-15 21:53 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys 2014-01-15 21:53 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-01-10 12:00 - 2014-01-11 11:01 - 00000000 ____D C:\Users\steffen\Desktop\LI 2014-01-09 11:52 - 2014-01-20 10:49 - 00001037 _____ C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-01-09 10:49 - 2014-01-09 11:16 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 ____D C:\Users\steffen\AppData\Roaming\TuneUp Software 2014-01-09 10:45 - 2014-01-18 16:55 - 00000000 ____D C:\Users\steffen\AppData\Roaming\DVDVideoSoft 2014-01-03 23:08 - 2014-01-06 11:49 - 00000000 ____D C:\Users\steffen\Documents\Ahnenblatt 2014-01-03 23:08 - 2014-01-06 11:49 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Ahnenblatt 2014-01-03 22:27 - 2014-01-03 22:29 - 00000000 ____D C:\Users\steffen\Documents\MyHeritage 2014-01-03 22:26 - 2004-12-07 11:11 - 00258352 _____ (Microsoft Corporation) C:\windows\system32\unicows.dll 2014-01-03 22:25 - 2014-01-06 11:49 - 00000000 ____D C:\Program Files\MyHeritage 2014-01-03 13:10 - 2014-01-06 11:47 - 00000444 __RSH C:\Users\steffen\ntuser.pol 2014-01-03 13:10 - 2014-01-03 13:10 - 00001072 _____ C:\Users\Public\Desktop\Finale NotePad 2012.lnk 2014-01-03 13:09 - 2014-01-03 13:10 - 00000000 ____D C:\Program Files\Finale NotePad 2012 2014-01-03 13:07 - 2014-01-03 13:09 - 103516232 _____ (MakeMusic) C:\Users\steffen\Desktop\InstallFinaleNotePad2012.exe 2014-01-03 11:46 - 2014-01-03 11:47 - 00000000 ____D C:\Users\steffen\.lilypond-fonts.cache-2 2014-01-03 11:36 - 2014-01-03 11:36 - 00000027 _____ C:\windows\{_ini} 2014-01-03 11:36 - 2014-01-03 11:36 - 00000000 ____D C:\Users\steffen\Documents\schobuk ==================== One Month Modified Files and Folders ======= 2014-01-20 19:33 - 2014-01-19 18:21 - 00017493 _____ C:\Users\steffen\Downloads\FRST.txt 2014-01-20 18:49 - 2009-07-14 05:34 - 00014752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-20 18:49 - 2009-07-14 05:34 - 00014752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-20 18:45 - 2010-03-16 18:54 - 01822934 _____ C:\windows\WindowsUpdate.log 2014-01-20 18:44 - 2011-07-18 15:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Dropbox 2014-01-20 18:43 - 2011-07-18 15:16 - 00000000 ___RD C:\Users\steffen\Dropbox 2014-01-20 18:42 - 2010-08-04 11:26 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2014-01-20 18:41 - 2013-06-10 17:03 - 00016043 _____ C:\windows\setupact.log 2014-01-20 18:40 - 2014-01-20 10:45 - 00000000 ____D C:\AdwCleaner 2014-01-20 18:39 - 2014-01-20 18:39 - 01236282 _____ C:\Users\steffen\Downloads\adwcleaner (1).exe 2014-01-20 18:38 - 2010-08-04 11:36 - 00139008 _____ C:\Users\steffen\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-20 18:29 - 2013-05-13 10:35 - 00000000 ____D C:\Users\steffen\Desktop\Jens 2014-01-20 17:12 - 2009-07-14 05:33 - 00479552 _____ C:\windows\system32\FNTCACHE.DAT 2014-01-20 17:10 - 2013-08-03 20:45 - 00000000 ____D C:\Users\steffen\Desktop\JULE + JENS 2014-01-20 17:09 - 2014-01-20 17:09 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FORTE 2014-01-20 17:08 - 2014-01-20 17:08 - 00000000 ____D C:\Program Files\FORTE 2014-01-20 17:08 - 2013-08-21 18:39 - 00000000 ____D C:\ProgramData\Package Cache 2014-01-20 17:07 - 2014-01-20 17:06 - 32229544 _____ C:\Users\steffen\Downloads\Setup_FORTE5Free_de.exe 2014-01-20 15:35 - 2014-01-19 18:22 - 00024855 _____ C:\Users\steffen\Downloads\Addition.txt 2014-01-20 13:59 - 2013-09-02 21:06 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Skype 2014-01-20 10:54 - 2014-01-20 10:54 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-01-20 10:49 - 2014-01-09 11:52 - 00001037 _____ C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-01-20 10:49 - 2013-09-12 08:38 - 00001236 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-20 10:49 - 2010-08-04 17:09 - 00001007 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-01-20 10:49 - 2010-08-04 11:46 - 00001152 _____ C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-20 10:48 - 2010-08-12 20:32 - 00000000 ____D C:\ProgramData\ICQ 2014-01-20 10:45 - 2014-01-20 10:45 - 01236282 _____ C:\Users\steffen\Downloads\adwcleaner.exe 2014-01-20 10:45 - 2014-01-20 10:45 - 01236282 _____ C:\Users\steffen\Downloads\adwcleaner(1).exe 2014-01-20 10:37 - 2014-01-20 10:37 - 00000109 _____ C:\Users\steffen\AppData\Roaming\WB.CFG 2014-01-20 10:37 - 2014-01-20 10:37 - 00000005 _____ C:\Users\steffen\AppData\Roaming\WBPU-TTL.DAT 2014-01-20 10:36 - 2014-01-20 10:36 - 00680584 _____ ( ) C:\Users\steffen\Downloads\ZipExtractorSetup.exe 2014-01-20 10:36 - 2014-01-20 10:36 - 00000000 ____D C:\Users\steffen\AppData\Roaming\DigitalSites 2014-01-20 10:21 - 2009-07-26 21:06 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI 2014-01-19 22:56 - 2014-01-19 11:41 - 00000000 ____D C:\Users\steffen\Desktop\Gruppenarbeit Entfaltung 2014-01-19 22:29 - 2014-01-19 11:40 - 00000000 ____D C:\Users\steffen\Desktop\Musik-referat 2014-01-19 18:21 - 2014-01-19 18:21 - 00000000 ____D C:\FRST 2014-01-19 18:21 - 2014-01-19 18:20 - 01221120 _____ (Farbar) C:\Users\steffen\Downloads\FRST.exe 2014-01-19 18:20 - 2014-01-19 18:19 - 02076672 _____ (Farbar) C:\Users\steffen\Downloads\FRST64.exe 2014-01-19 11:41 - 2013-12-12 11:34 - 00119296 ___SH C:\Users\steffen\Desktop\Thumbs.db 2014-01-19 11:24 - 2010-03-16 03:04 - 00787534 _____ C:\windows\PFRO.log 2014-01-18 16:55 - 2014-01-09 10:45 - 00000000 ____D C:\Users\steffen\AppData\Roaming\DVDVideoSoft 2014-01-18 16:14 - 2014-01-18 16:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\OpenOffice 2014-01-18 16:14 - 2014-01-18 16:02 - 00000000 ____D C:\Program Files\OpenOffice 4 2014-01-18 16:04 - 2014-01-18 16:04 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk 2014-01-18 16:02 - 2014-01-18 16:01 - 00000000 ____D C:\Users\steffen\Desktop\OpenOffice 4.0.0 (en-US) Installation Files 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\AppData\Local\cache 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 ____D C:\Users\steffen\.android 2014-01-18 15:58 - 2014-01-18 15:58 - 00000000 _____ C:\Users\steffen\daemonprocess.txt 2014-01-18 11:25 - 2014-01-18 10:36 - 00000000 ____D C:\Program Files\Sweet Home 3D 2014-01-18 10:38 - 2014-01-18 10:38 - 00000000 ____D C:\Users\steffen\AppData\Local\CRE 2014-01-18 10:36 - 2014-01-18 10:35 - 33746304 _____ (eTeks ) C:\Users\steffen\Desktop\SweetHome3D-4-2-windows-oc.exe 2014-01-17 14:23 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\NDF 2014-01-17 13:55 - 2013-03-20 20:35 - 00000000 ____D C:\Users\steffen\Meins 2014-01-16 08:58 - 2011-07-18 15:14 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-15 22:22 - 2013-08-20 16:45 - 00000000 ____D C:\windows\system32\MRT 2014-01-15 22:20 - 2010-10-21 12:35 - 83425928 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-01-11 11:01 - 2014-01-10 12:00 - 00000000 ____D C:\Users\steffen\Desktop\LI 2014-01-09 11:16 - 2014-01-09 10:49 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-09 10:49 - 2014-01-09 10:49 - 00000000 ____D C:\Users\steffen\AppData\Roaming\TuneUp Software 2014-01-09 10:47 - 2011-02-04 19:04 - 00000000 ____D C:\Program Files\Freemake 2014-01-09 10:46 - 2011-02-04 18:17 - 00000000 ____D C:\Users\steffen\Documents\DVDVideoSoft 2014-01-06 21:49 - 2010-12-02 09:01 - 00132216 _____ C:\Users\steffen\AppData\Roaming\GDIPFONTCACHEV1.DAT 2014-01-06 11:49 - 2014-01-03 23:08 - 00000000 ____D C:\Users\steffen\Documents\Ahnenblatt 2014-01-06 11:49 - 2014-01-03 23:08 - 00000000 ____D C:\Users\steffen\AppData\Roaming\Ahnenblatt 2014-01-06 11:49 - 2014-01-03 22:25 - 00000000 ____D C:\Program Files\MyHeritage 2014-01-06 11:47 - 2014-01-03 13:10 - 00000444 __RSH C:\Users\steffen\ntuser.pol 2014-01-03 22:29 - 2014-01-03 22:27 - 00000000 ____D C:\Users\steffen\Documents\MyHeritage 2014-01-03 13:10 - 2014-01-03 13:10 - 00001072 _____ C:\Users\Public\Desktop\Finale NotePad 2012.lnk 2014-01-03 13:10 - 2014-01-03 13:09 - 00000000 ____D C:\Program Files\Finale NotePad 2012 2014-01-03 13:10 - 2009-07-14 03:37 - 00000000 ___HD C:\windows\system32\GroupPolicy 2014-01-03 13:09 - 2014-01-03 13:07 - 103516232 _____ (MakeMusic) C:\Users\steffen\Desktop\InstallFinaleNotePad2012.exe 2014-01-03 11:47 - 2014-01-03 11:46 - 00000000 ____D C:\Users\steffen\.lilypond-fonts.cache-2 2014-01-03 11:38 - 2009-07-14 05:52 - 00000000 ____D C:\windows\system32\FxsTmp 2014-01-03 11:36 - 2014-01-03 11:36 - 00000027 _____ C:\windows\{_ini} 2014-01-03 11:36 - 2014-01-03 11:36 - 00000000 ____D C:\Users\steffen\Documents\schobuk 2014-01-03 09:53 - 2012-05-15 10:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\steffen\AppData\Local\Temp\avgnt.exe C:\Users\steffen\AppData\Local\Temp\BackupSetup.exe C:\Users\steffen\AppData\Local\Temp\detectionapi_rd.dll C:\Users\steffen\AppData\Local\Temp\directx9tests_rd.dll C:\Users\steffen\AppData\Local\Temp\DLG_shopping-toolbar_softonic_de-DE.exe C:\Users\steffen\AppData\Local\Temp\DseShExt-x86.dll C:\Users\steffen\AppData\Local\Temp\eauninstall.exe C:\Users\steffen\AppData\Local\Temp\ForteDependencies.exe C:\Users\steffen\AppData\Local\Temp\ICReinstall_Setup.exe C:\Users\steffen\AppData\Local\Temp\install_reader11_de_mssa_aaa_aih.exe C:\Users\steffen\AppData\Local\Temp\iobwnedxjvdevl.exe C:\Users\steffen\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\steffen\AppData\Local\Temp\local.dll C:\Users\steffen\AppData\Local\Temp\mfc80.dll C:\Users\steffen\AppData\Local\Temp\mfc80u.dll C:\Users\steffen\AppData\Local\Temp\mfcm80.dll C:\Users\steffen\AppData\Local\Temp\mfcm80u.dll C:\Users\steffen\AppData\Local\Temp\msvcm80.dll C:\Users\steffen\AppData\Local\Temp\msvcp80.dll C:\Users\steffen\AppData\Local\Temp\msvcr80.dll C:\Users\steffen\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe C:\Users\steffen\AppData\Local\Temp\nsb634B.exe C:\Users\steffen\AppData\Local\Temp\nsbBB08.exe C:\Users\steffen\AppData\Local\Temp\nsdF99F.exe C:\Users\steffen\AppData\Local\Temp\nsg5563.exe C:\Users\steffen\AppData\Local\Temp\nsqD693.exe C:\Users\steffen\AppData\Local\Temp\nsqF33A.exe C:\Users\steffen\AppData\Local\Temp\nswD3E8.exe C:\Users\steffen\AppData\Local\Temp\Quarantine.exe C:\Users\steffen\AppData\Local\Temp\schobuk.exe C:\Users\steffen\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\steffen\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe C:\Users\steffen\AppData\Local\Temp\SPStub.exe C:\Users\steffen\AppData\Local\Temp\tbFree.dll C:\Users\steffen\AppData\Local\Temp\uninst1.exe C:\Users\steffen\AppData\Local\Temp\vcredist_x86.exe C:\Users\steffen\AppData\Local\Temp\VIS_DE-2013-12-13.exe C:\Users\steffen\AppData\Local\Temp\VIS_DE-2013-12-13[1].exe C:\Users\steffen\AppData\Local\Temp\_is777F.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-04 12:11 ==================== End Of Log ============================ --- --- --- |
20.01.2014, 20:23 | #12 |
/// TB-Ausbilder | Extended Protection 2.1 Ist jetzt alles Störende weg? Dann weiter mit ESET: ESET Online Scanner
__________________ cheers, Leo |
21.01.2014, 08:25 | #13 |
| Extended Protection 2.1 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=f7b31da943f6b043a6a5a20d5bf3cf40 # engine=16724 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-01-20 11:08:21 # local_time=2014-01-21 12:08:21 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 97 35889 255682591 28645 0 # compatibility_mode=5893 16776574 100 94 16630892 141890492 0 0 # scanned=188599 # found=1 # cleaned=0 # scan_time=12101 sh=D08869B2A94EFC547C3DA08F50E30C3EA74DF413 ft=1 fh=b69ea6fe25857743 vn="multiple threats" ac=I fn="C:\Users\steffen\AppData\Local\Temp\is1275519350\290958_Setup.EXE |
21.01.2014, 14:47 | #14 |
/// TB-Ausbilder | Extended Protection 2.1 ok. Schritt 1 Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 2 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus. Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und Software Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-Software Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im Internet Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine Hinweise Abschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________ cheers, Leo |
Themen zu Extended Protection 2.1 |
als startseite, andere, angegeben, chrome, erweiterung, extended protection 2.1, immer wieder, kommt immer wieder, mobogenie, mobogenie entfernen, nation zoom, nation zoom entfernen, nationzoom, nationzoom entfernen, protection, seite, server, startseite, woran, öffnet |